Postfix & Exchange 2007
in [Postfix]
|
Prev: problem with postdrop: warning: mail_queue_enter: create file maildrop/631329.7980:Permission denied
Next: Reject Notification
From: Victor Duchovni on 21 Apr 2010 11:54 On Wed, Apr 21, 2010 at 12:59:15PM +0200, Cyril Vieville wrote: > I made some modifications in the Postfix configuration. > > > > /etc/postfix/main.cf : > mydestination = localhost, localhost.test.com, localhost.testing.com > relay_domains = fr.design.test.com, test.com, testing.com If your domain is local, by making it a relay_domain, you lose recipient validation, unless you duplicate /etc/passwd and /etc/aliases into a relay_recipient_maps table. Not doing recipient validation is bad for the health of your queue and bad for your spam reputation (lots of spam backscatter). If the domain is formerly a local domain, use: virtual(5) aliases(5) or http://www.postfix.org/postconf.5.html#mailbox_transport_maps to rewrite or reroute some local recipients to the MSFT Exchange server. The last option requires that any users whose "local" system account is no longer present in the servers passwd file be added to local_recipient_maps by using $mailbox_transport_maps directly, or by building both mailbox_transport_maps and a component of local_recipient_maps from a common data source. I strongly recommend virtual(5). Ideally the MSFT Exchange server is configured with an internal domain for which it is fully authoritative, and users are given proxyAddresses in that domain in addition to their primary external address. The virtual(5) table then rewrites into the internal domain, which is routed exclusively to Exchange. > test.com local > testing.com local This is generally not a good idea. Local domains should be listed in mydestination. > But I encounter the problem of authentication. It seems that I need to > authenticate Postfix to Exchange 2007 for the migrated users to receive an > email and This is an Exchange misconfiguration, and this is not the right place to ask for help with that. Exchange should accept mail for its own users without authentication, but you can limit the IP addresses from which it will accept mail if you wish. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |