Discussion:
[lopsa-tech] Having postfix both deliver and forward email
John Stoffel
2016-02-29 23:13:15 UTC
Permalink
Hi guys, I'm running into a problem where I want to upgrade an ancient
sendmail on solaris 5.8 instance to postfix 2.6.6 running on Linux
RHEL 6.6, but I'm running into problems.

The mailhost needs to access email for '@foo.bar.com', do a lookup
against NIS aliases, and if not found, just forward the email to a
Lotus Notes server which does some old Legacy email lists.

This is not really a supported postfix configuration, since they feel
very strongly that email should be rejected, not accepted and then
bounced. Oh well, I can't help their feelings since I need to make
this work.

I can do LDAP lookups against the Lotus Notes server (8.5.3) but for
the life of me I can't figure out how it translates
'***@foo.bar.com' into the info it does have, which is:

# ldapsearch -h hdqmta.foo.bar.com -b "o=BAR_FOO" -x -LLL
'(sn=Test)' cn sn uid givenname mailaddress
dn: CN=John Test,O=BAR_FOO
sn: Test
givenname: John
mailaddress: ***@bar.com

It's really frustrating. I've tried setting up postfix to define the
'fallback_transport' to point to my Notes server, but no luck.

And of course the local NIS alias file is sending email to the new
Exchange server and/or the mailman server. So I've got three seperate
destinations to send email too, but only two of which are fully
defined.

I really don't want to go back down the sendmail route if I can at all
help it. It's just so damn baroque and frustrating to use. Not only
is the language terrible, the darn M4 macro language they use for
human readable configuration is almost as bad! I always feel like I'm
doing cargo cult programming when I hack sendmail, even with the bat
book on my altar and some fresh goat's blood at hand.

Pointers? I've been looking at the postfix.org docs, and such threads
as:

https://sourceforge.net/p/postfixadmin/discussion/676076/thread/2670aa6a/
https://groups.google.com/forum/#!topic/mailing.postfix.users/mhX_exJr2CQ

And there's just no luck.

Thanks,
John


_______________________________________________
Tech mailing list
***@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
Conrad Wood
2016-03-01 08:02:26 UTC
Permalink
Hi John,

I'm not really a postfix expert, but I have faced and solved similar
with exim & MS-Exchange back in the days ;). Maybe it helps to find
similar options in postfix.

The LDAP lookup approach - which I did attempt - turned out to be
unsatisfactory because MS-Exchange (and presumaly Lotus Notes as well)
had other reasons besides LDAP to reject or accept messages. There were
things like "locked mailboxes" or "full mailboxes" and other weird
stuff.

Instead, what worked well was to configure exim to do a recipient-verify
callout upon recipient of the message. (Option verify =
recipient/callout).

This way, whenever exim determined it had to forward a message (because
it did not exist locally) it started an smtp conversation and checked
the response to "rcpt to" from the exchange (aka lotus) server. If the
email was accepted, it itself accepted the message, otherwise it
rejected it immediately.

Hope that helps a little ;)

Conrad
Post by John Stoffel
Hi guys, I'm running into a problem where I want to upgrade an ancient
sendmail on solaris 5.8 instance to postfix 2.6.6 running on Linux
RHEL 6.6, but I'm running into problems.
against NIS aliases, and if not found, just forward the email to a
Lotus Notes server which does some old Legacy email lists.
This is not really a supported postfix configuration, since they feel
very strongly that email should be rejected, not accepted and then
bounced. Oh well, I can't help their feelings since I need to make
this work.
I can do LDAP lookups against the Lotus Notes server (8.5.3) but for
the life of me I can't figure out how it translates
# ldapsearch -h hdqmta.foo.bar.com -b "o=BAR_FOO" -x -LLL
'(sn=Test)' cn sn uid givenname mailaddress
dn: CN=John Test,O=BAR_FOO
sn: Test
givenname: John
It's really frustrating. I've tried setting up postfix to define the
'fallback_transport' to point to my Notes server, but no luck.
And of course the local NIS alias file is sending email to the new
Exchange server and/or the mailman server. So I've got three seperate
destinations to send email too, but only two of which are fully
defined.
I really don't want to go back down the sendmail route if I can at all
help it. It's just so damn baroque and frustrating to use. Not only
is the language terrible, the darn M4 macro language they use for
human readable configuration is almost as bad! I always feel like I'm
doing cargo cult programming when I hack sendmail, even with the bat
book on my altar and some fresh goat's blood at hand.
Pointers? I've been looking at the postfix.org docs, and such threads
https://sourceforge.net/p/postfixadmin/discussion/676076/thread/2670aa6a/
https://groups.google.com/forum/#!topic/mailing.postfix.users/mhX_exJr2CQ
And there's just no luck.
Thanks,
John
_______________________________________________
Tech mailing list
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
***@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
Ted Cabeen
2016-03-03 00:38:00 UTC
Permalink
I think what you want to use is the luser_relay. That will allow you to
send things that don't match in postfix on to the notes server.

--Ted
Post by Conrad Wood
Hi John,
I'm not really a postfix expert, but I have faced and solved similar
with exim & MS-Exchange back in the days ;). Maybe it helps to find
similar options in postfix.
The LDAP lookup approach - which I did attempt - turned out to be
unsatisfactory because MS-Exchange (and presumaly Lotus Notes as well)
had other reasons besides LDAP to reject or accept messages. There were
things like "locked mailboxes" or "full mailboxes" and other weird
stuff.
Instead, what worked well was to configure exim to do a recipient-verify
callout upon recipient of the message. (Option verify =
recipient/callout).
This way, whenever exim determined it had to forward a message (because
it did not exist locally) it started an smtp conversation and checked
the response to "rcpt to" from the exchange (aka lotus) server. If the
email was accepted, it itself accepted the message, otherwise it
rejected it immediately.
Hope that helps a little ;)
Conrad
Post by John Stoffel
Hi guys, I'm running into a problem where I want to upgrade an ancient
sendmail on solaris 5.8 instance to postfix 2.6.6 running on Linux
RHEL 6.6, but I'm running into problems.
against NIS aliases, and if not found, just forward the email to a
Lotus Notes server which does some old Legacy email lists.
This is not really a supported postfix configuration, since they feel
very strongly that email should be rejected, not accepted and then
bounced. Oh well, I can't help their feelings since I need to make
this work.
I can do LDAP lookups against the Lotus Notes server (8.5.3) but for
the life of me I can't figure out how it translates
# ldapsearch -h hdqmta.foo.bar.com -b "o=BAR_FOO" -x -LLL
'(sn=Test)' cn sn uid givenname mailaddress
dn: CN=John Test,O=BAR_FOO
sn: Test
givenname: John
It's really frustrating. I've tried setting up postfix to define the
'fallback_transport' to point to my Notes server, but no luck.
And of course the local NIS alias file is sending email to the new
Exchange server and/or the mailman server. So I've got three seperate
destinations to send email too, but only two of which are fully
defined.
I really don't want to go back down the sendmail route if I can at all
help it. It's just so damn baroque and frustrating to use. Not only
is the language terrible, the darn M4 macro language they use for
human readable configuration is almost as bad! I always feel like I'm
doing cargo cult programming when I hack sendmail, even with the bat
book on my altar and some fresh goat's blood at hand.
Pointers? I've been looking at the postfix.org docs, and such threads
https://sourceforge.net/p/postfixadmin/discussion/676076/thread/2670aa6a/
https://groups.google.com/forum/#!topic/mailing.postfix.users/mhX_exJr2CQ
And there's just no luck.
Thanks,
John
_______________________________________________
Tech mailing list
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
***@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
John Stoffel
2016-03-03 13:55:35 UTC
Permalink
Ted> I think what you want to use is the luser_relay. That will allow you to
Ted> send things that don't match in postfix on to the notes server.

I thought so too... but I can't make it work. According to the docs
I've found online, it's not supported. I've even tried using the
fallback_transport as well.

It was trivial to do in Sendmail, but other parts are much more
annoying, so I'd prefer postfix if at all possible.

John
_______________________________________________
Tech mailing list
***@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
Conrad Wood
2016-03-03 13:58:14 UTC
Permalink
Post by John Stoffel
Ted> I think what you want to use is the luser_relay. That will allow you to
Ted> send things that don't match in postfix on to the notes server.
I thought so too... but I can't make it work. According to the docs
I've found online, it's not supported. I've even tried using the
fallback_transport as well.
It was trivial to do in Sendmail, but other parts are much more
annoying, so I'd prefer postfix if at all possible.
John
Before I'd fall back to sendmail I would consider exim. At least it covers the usecase you described quite well.
But then again, It might be worth asking on the postfix mailing list too.

Conrad



_______________________________________________
Tech mailing list
***@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
John Stoffel
2016-03-03 14:25:56 UTC
Permalink
Conrad> On 3 Mar 2016, at 14:55, John Stoffel wrote:
Ted> I think what you want to use is the luser_relay. That will allow you to
Ted> send things that don't match in postfix on to the notes server.
Post by John Stoffel
I thought so too... but I can't make it work. According to the docs
I've found online, it's not supported. I've even tried using the
fallback_transport as well.
It was trivial to do in Sendmail, but other parts are much more
annoying, so I'd prefer postfix if at all possible.
John
Conrad> Before I'd fall back to sendmail I would consider exim. At
Conrad> least it covers the usecase you described quite well. But
Conrad> then again, It might be worth asking on the postfix mailing
Conrad> list too.

It's been tough enough on me trying to move away from sendmail
already to postfix, throwing in a third option would get me beaten by
my co-workers.

I'm asking on the postfix-users list, but they seem very hostile to
the idea, since it can lead to backscatter (reject email, not
accept/bounce is their motto, reality be damned).

We'll see... maybe I can make it work, but in the short term, if I can
make sendmail work, I'll be ok.

John



_______________________________________________
Tech mailing list
***@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/

Loading...