transport maps for bastion

seth vidal skvidal at fedoraproject.org
Mon Jan 19 15:12:59 UTC 2009 

On Fri, 2009-01-16 at 16:19 -0600, Chris Johnson wrote:


> I'm not sure what bastion is but my question is why is the relay going
> through mx.util.phx.redhat.com currently? I'm guessing bastion is the
> host the @fedoraproject.org email is delivered on. (?) I can't find
> mx.util.phx.redhat.com in public dns is there an ACL on the zone or is
> this an /etc/host entry? Is the relay to mx.util.phx.redhat.com done
> via a relayhost entry in main.cf? Also, where does mail go after
> mx.util.phx.redhat.com, I'm guessing there's another hop before the
> internet because of the dns failure.

mx.util.phx.redhat.com is inside the internal network. bastion can reach
it - but not everything else. and yes bastion currently sends things to
mx.util b/c of the relayhost entry.



> back to mx.util.phx.redhat.com? does it come from their or from the MX hosts?

internal dns.

> Just curious as the the "various reasons" you mention here.

some legal, some administrative.


> >I'm proposing using a postfix transport map which explicitly says:
> >.redhat.com  smtp:mx.util.phx.redhat.com
> >redhat.com  smtp:mx.util.phx.redhat.com
> >* :
> >
> 
> I believe you could also remove the last line and if a relayhost is
> used in main.cf comment it out. It should do the same thing since
> postfix uses dns mx or A record for next hop delivery.

I put the last line in so there was no doubt what the last action should
be. You're correct, though, that it's not required.



> >So my question for all you nice people is:
> >
> >Can anyone see any problem with doing this? I've tested it out on a
> >different mail server I take care of and it works fine.
> 
> I would wonder if this is needed at all? why can't the redhat.com
> domain go to the mx too? just curious. As long as redhat.com isn't one
> of bastion's postfix mydestination I would expect everything to still
> work and be a much easier config to change or troubleshoot later. /me
> likes things as simple as possible :-)

b/c aiui it's an internal mail routing mechanism.

-sv

More information about the infrastructure mailing list