• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2664
  • Last Modified:

How can I have Postfix use /etc/hosts before doing a DNS lookup?

I have in /etc/hosts:
10.0.0.9  burritos burritos.domain.com

If I ping burritos.domain.com I get 10.0.0.9. I can also telnet burritos 25 and I can deliver mail through mail from, rcpt to, data commands.

I have Postfix configured to deliver mail for @domain.com locally, but it forwards mail for @burritos.domain.com to server burritos.

The problem is Postfix does a DNS lookup regardless. It does not look into /etc/hosts. I don't have an A record for burritos.domain.com because I want it to only receive mail internally. I don't run a DNS server internally (which could obviously fix the problem, but is more complication than I'd like.)

/etc/host.conf says:
order hosts,bind
multi on
nospoof on
spoofalert on

I don't want to disable DNS lookups entirely. I just want for Postfix to check /etc/hosts first. Is that possible?

Thanks!
0
omniumnetworking
Asked:
omniumnetworking
  • 4
  • 3
  • 2
  • +1
1 Solution
 
omarfaridCommented:
check /etc/nsswitch.conf and look for a line similar to

hosts:      files dns

which should check /etc/hosts first then dns
0
 
dathhoCommented:
edit your /etc/nsswitch.conf file

change this line
hosts:      dns nis files

put files first
0
 
dathhoCommented:
omarfarid:  good timing :-)
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
omarfaridCommented:
same minute :)
0
 
dathhoCommented:
:) same answer
0
 
bevhostCommented:
Why not just have the transport table use the IP address instead of a name:
eg:

burritos.domain.com    smtp:[10.0.0.9]

Then you don't need to mess with the name resolution on your machine.
0
 
omniumnetworkingAuthor Commented:
My /etc/nsswitch.conf already contains:
hosts:          files nis dns

I had checked that too.

I don't have anything on my transport table, so you'd have to be more specific.

Thanks!
0
 
bevhostCommented:
http://www.postfix.org/transport.5.html

Basically there is a file /etc/postfix/transport which contains a list of domain anmes and where the mail for thos domains should be routed to.  This routing table overrides and DNS settings.

burritos.domain.com    smtp:[10.0.0.9]

The [] brakets around the name tells the smtpd process not to try to look up the MX record for the target.
eg
example.com    smtp:server1.com
means send mail for example.com to the MX record for server1.com
example.com    smtp:[server1.com]
means send mail for example.com to the A record for server.com
example.com    smtp:[1.2.3.4]
means send mail for example.com to server at 1.2.3.4

if you change the transport file you must
# postmap transport
# postfix reload

If you receive mail from external sources and you want to relay to transport destinations then you also need this in your main.cf file

relay_domains = $transport_maps

for the transport file to do anything you need this in your main.cf

transport_maps = hash:/etc/postfix/transport

0
 
bevhostCommented:
on re-reading that I notice a few typos, but you get the idea (I hope)
0
 
bevhostCommented:
For anyone reading this question who has sendmail instead of postfix,
The transport file is called /etc/mail/mailertable
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now