Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I have Postfix use /etc/hosts before doing a DNS lookup?

Posted on 2008-10-01
11
Medium Priority
?
2,239 Views
Last Modified: 2013-11-10
I have in /etc/hosts:
10.0.0.9  burritos burritos.domain.com

If I ping burritos.domain.com I get 10.0.0.9. I can also telnet burritos 25 and I can deliver mail through mail from, rcpt to, data commands.

I have Postfix configured to deliver mail for @domain.com locally, but it forwards mail for @burritos.domain.com to server burritos.

The problem is Postfix does a DNS lookup regardless. It does not look into /etc/hosts. I don't have an A record for burritos.domain.com because I want it to only receive mail internally. I don't run a DNS server internally (which could obviously fix the problem, but is more complication than I'd like.)

/etc/host.conf says:
order hosts,bind
multi on
nospoof on
spoofalert on

I don't want to disable DNS lookups entirely. I just want for Postfix to check /etc/hosts first. Is that possible?

Thanks!
0
Comment
Question by:omniumnetworking
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 22620011
check /etc/nsswitch.conf and look for a line similar to

hosts:      files dns

which should check /etc/hosts first then dns
0
 
LVL 6

Expert Comment

by:dathho
ID: 22620012
edit your /etc/nsswitch.conf file

change this line
hosts:      dns nis files

put files first
0
 
LVL 6

Expert Comment

by:dathho
ID: 22620017
omarfarid:  good timing :-)
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 40

Expert Comment

by:omarfarid
ID: 22620029
same minute :)
0
 
LVL 6

Expert Comment

by:dathho
ID: 22620120
:) same answer
0
 
LVL 19

Expert Comment

by:bevhost
ID: 22621050
Why not just have the transport table use the IP address instead of a name:
eg:

burritos.domain.com    smtp:[10.0.0.9]

Then you don't need to mess with the name resolution on your machine.
0
 

Author Comment

by:omniumnetworking
ID: 22625391
My /etc/nsswitch.conf already contains:
hosts:          files nis dns

I had checked that too.

I don't have anything on my transport table, so you'd have to be more specific.

Thanks!
0
 
LVL 19

Accepted Solution

by:
bevhost earned 2000 total points
ID: 22629885
http://www.postfix.org/transport.5.html

Basically there is a file /etc/postfix/transport which contains a list of domain anmes and where the mail for thos domains should be routed to.  This routing table overrides and DNS settings.

burritos.domain.com    smtp:[10.0.0.9]

The [] brakets around the name tells the smtpd process not to try to look up the MX record for the target.
eg
example.com    smtp:server1.com
means send mail for example.com to the MX record for server1.com
example.com    smtp:[server1.com]
means send mail for example.com to the A record for server.com
example.com    smtp:[1.2.3.4]
means send mail for example.com to server at 1.2.3.4

if you change the transport file you must
# postmap transport
# postfix reload

If you receive mail from external sources and you want to relay to transport destinations then you also need this in your main.cf file

relay_domains = $transport_maps

for the transport file to do anything you need this in your main.cf

transport_maps = hash:/etc/postfix/transport

0
 
LVL 19

Expert Comment

by:bevhost
ID: 22629892
on re-reading that I notice a few typos, but you get the idea (I hope)
0
 
LVL 19

Expert Comment

by:bevhost
ID: 22629905
For anyone reading this question who has sendmail instead of postfix,
The transport file is called /etc/mail/mailertable
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question