A client has asked that mail through his Zimbra MTA only be allowed from or to valid domains within their organization. This is particularly applicable to Zimbra as Zimbra will only archive mail if it’s from or to a domain for which it is authoritative. The idea is to archive all mail through their Zimbra environment.. If it is not one of their domains, refuse it.
If this were my organization it would look like this:
mail from user@morganjones.org to any domain would work
mail from user@1038east.com to any domain would work
mail from any domain to user@morganjones.org would work
mail from any domain to user@1038east.com would work
of course mail from and to user@morganjones.org or 1038east.com will work
all other mail will be considered relaying.
One thing we did not do that I might want to do is force authentication. The problem with this configuration is it does open up to spamming as it only validates from or to domain.
This is really a discussion about Postfix configuration but I did the work in Zimbra so I might as well add the additional steps to configure it in Zimbra.. These instructions will be applicable to straight Postfix or Zimbra.
You’ll want to do all the work as the zimbra user:
Run the zmprov command for each of your mtas.
# su - zimbra
$ zmprov ms mta01.morganjones.org zimbraMtaMyNetworks 127.0.0.0/8
$ vi /opt/zimbra/postfix/conf/main.cf
smtpd_sasl_auth_enable = no
# if you want enable sending to domains for which your environment is not
# authoritative this is also handy for testing in your dev environment
# that is only authoritative for a dev domain
relay_domains = 1038east.com, morganjones.org
You also want to modify smtpd_recipient_restrictions but in Zimbra you must modify that with in the zimbra configuration:
$ vi /opt/zimbra/conf/postfix_recipient_restrictions.cf
# remove permit_sasl_authenticated
check_sender_access hash:/opt/zimbra/postfix/conf/access
$ vi /opt/zimbra/postfix/conf/access
1038eaast.com OK
morganjones.org OK
$ zmmtactl reload
You might want to check that /opt/zimbra/postfix/conf/main.cf now contains this:
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
check_sender_access
hash:/opt/zimbra/postfix/conf/access, permit_mynetworks,
reject_unauth_destination, reject_unlisted_recipient,
reject_invalid_hostname, reject_non_fqdn_sender, permit
You should now be set.
It’s worth mentioning: check_sender_access will only check and allow the sender domain. if you don’t set relay_domains the recipient domain is allowed because your environment is the final destination for that/those domain(s). As noted above you can set relay_domains above if you want to allow relaying to domains for which this environment is not the final destination.
B shook me out of half sleep this morning to Paul Boni on the radio talking about Foxwoods and the casino issue. She’s new to the issue but knows Paul because he’s a friend. I arrived at work to a “Foxwoods says it will consider a new site” on the front page of the Metro.
The media is going crazy:
Metro
Daily News “[resiting is a] responsible idea”
Channel 3 (Note is use of “not a done deal”)
Inquirer “..intractable state and local opposition”
Philebrity
Phillynews blogs
Al Dia (translated)
How far we’ve come. Politicians are almost unanimously talking about resiting. One operator is talking about resiting. There is no doubt now that the neighborhoods don’t want it.
Sugarhouse, the casino in the North and the most vocal of the two in its determination to stay on its site isn’t likely to meet with law makers until after Labor Day.
It’s not over by a long shot. The naysayers are just dying to point out how hard resiting could be. Discussions of an open and transparent process at the press conference apparently killed the mood.. Resiting is going to be hard.
Not resiting is going to be worse: for us and for them. The opposition is not going anywhere, we live here.
Really it’s simple: re-site now and construction will begin. Stick to the sites and neighborhood opposition will remain. Act 71, the law that brought us gaming, allows for the operators to ask for new sites. The door is now open: law makers are willing to talk about new sites. There’s no time like the present: either the operators move willingly or we keep pushing until they’re forced to move.
I spent most of last week in Starkville, MS. I decided to practice sweet tea immersion while I was there: partially because ordering unsweet tea kills conversation and makes the locals suspicious..
I think I’ve figured out the sweet tea appeal: consistent high sugar content. “Yup, one and a half cups per gallon!” the kid behind the counter at Obys remarked at lunch today as I explained this to a friend who is also a local there.
That’s all there is to it: the South has collaborated and they all make it the same way: boil the water, add tea bags, While it’s still hot stir in 1 1/2 cups of sugar per gallon. Done. Try to get thousands of restaurants to do anything else consistently: the entire South banded together together and agreed on one drink.
I made it to but didn’t talk about Mugshots on my last trip: it’s considered the best burger in town and it seems to live up to its promise: the burger was huge and very good.
I also ate at Polliwogs this time. The exterior belies the general dive-bar character of the place. The food was passable but almost completely lacking in local flavor. I ordered the only thing on the menu that I couldn’t get at a dive bar in Philadelphia, the craw-fish sandwich and they were out of crawfish. I looked in vain for catfish, my second favorite MS specialty and ended up with a turkey, bacon and cheese sandwich. It was a fair sandwich, just like you would get in any other dive bar..
A final note: can someone explain to me why Delta both refuses to hold a flight and seems to be unable to get me through Atlanta on time? I booked through Delta, my (delayed) flight from Mississippi landed at 9:30, my (delayed) flight to Philadelphia left at 9:50.. Despite sprinting, catching the train as the doors where closing and arriving at the gate at 9:48 the woman at the gate almost seemed pleased that I missed my flight. Seriously? So much for Southern hospitality: you’re on Delta in the Atlanta airport. I generally fly through Dallas on American: Texas has its issues but at least the Dallas Fort Worth airport is able to get me home.
Mugshots
662-324-3965
101 N. Douglas Conner Street
Starkville, MS 39759
Polliwogs
662-323-4274
511 Academy Road
Starkville, MS 39759
August 7, 2008
Dear Editor:
Re: “Letters: AN EXPERT TELLS HOW HE RATED CASINO SITES Daily News Letters 8/4/08 (archived)
What Mr. Furhman fails to mention both in his letter and his “expert” analysis of the casino sites is the thousands of homes and families in the vicinity of the sites he so glibly rates a number from 5 to 10.
I am not and have never been in real estate but I have been living in the area that will be impacted by the potential Sugarhouse development for nearly 10 years. I have been opposed to and working to re-site Sugarhouse from the day the license was awarding.
It would seem that Mr. Furhman evaluates sites like someone who has never lived in a neighborhood effected by a massive development or talked to anyone that has lived in such a neighborhood. His criteria are strictly functional: size of the plot, cost to develop and access to public transit and convention visitors.
What about the neighbors that have made their lives and their homes there? Are they to just pick up and leave because real estate experts deem the vicinity of their homes “convenient to conventioneers?”
The argument goes double for the Spectrum site by the way: have you ever talked to anyone in proximity to the Spectrum or the stadiums? It’s a constant fight to manage traffic and spill-over from events. Add to that a 3+ million square foot facility with multiple 24 liquor licenses and 3000 slot machines? Are you kidding?
I would respectfully suggest that Mr. Fuhrman’s letter be considered what it is: an incomplete analysis that doesn’t consider perhaps the most important issue in the Philadelphia Casino issue: the neighborhoods and way of life that will be forever damaged if a casino is built on the central Delaware waterfront.
Morgan Jones
Fishtown
