transport maps for bastion

Chris Johnson j.chris.johnson at gmail.com
Fri Jan 16 22:19:24 UTC 2009


I'm new to the environment but have exp with  postfix @ $DAYJOB, so I
figure this might be something I can contribute to without sounding
too dumb, but if I do please take it easy. :)

>Currently all mail which goes through bastion (for example all
>@fedoraproject.org mail) then relays through mx.util.phx.redhat.com.

I'm not sure what bastion is but my question is why is the relay going
through mx.util.phx.redhat.com currently? I'm guessing bastion is the
host the @fedoraproject.org email is delivered on. (?) I can't find
mx.util.phx.redhat.com in public dns is there an ACL on the zone or is
this an /etc/host entry? Is the relay to mx.util.phx.redhat.com done
via a relayhost entry in main.cf? Also, where does mail go after
mx.util.phx.redhat.com, I'm guessing there's another hop before the
internet because of the dns failure.

>Which are all redhat.com boxes. So our mail goes from there, to bastion
>to expand out the aliases we have (ultimately) then back to
>mx.util.phx.redhat.com to be relayed out to the rest of the world.

back to mx.util.phx.redhat.com? does it come from their or from the MX hosts?

>
>For various reasons mail bound from bastion to @redhat.com addresses
>probably needs to go through mx.util.phx.redhat.com, however, mail not
>bound for @redhat.com shouldn't have to.

Just curious as the the "various reasons" you mention here.

>I'm proposing using a postfix transport map which explicitly says:
>.redhat.com  smtp:mx.util.phx.redhat.com
>redhat.com  smtp:mx.util.phx.redhat.com
>* :
>

I believe you could also remove the last line and if a relayhost is
used in main.cf comment it out. It should do the same thing since
postfix uses dns mx or A record for next hop delivery.

>
>So my question for all you nice people is:
>
>Can anyone see any problem with doing this? I've tested it out on a
>different mail server I take care of and it works fine.

I would wonder if this is needed at all? why can't the redhat.com
domain go to the mx too? just curious. As long as redhat.com isn't one
of bastion's postfix mydestination I would expect everything to still
work and be a much easier config to change or troubleshoot later. /me
likes things as simple as possible :-)


PS. was there a meeting yesterday? I was planning on joining but had a
conf call scheduled and didn't see notes from the list.


JCJ




More information about the Fedora-infrastructure-list mailing list