LDAP-based postfix rewrite rules applied in Lion server?

Similar Messages

• Rewriter rules not applied

  Hi,
  I have a rewriter ruleset and two gateways. For one of the two gateways this ruleset is applied correctly, for the some rules of it are not applied.
  The rulesets are applied to the same uri and the gateways have the same configuration.
  We are using 30�40 rulesets in total.
  This smells like a bug. Any suggestion someone?

  The problem I have is the following rules:
  <Function name="fetcher.open" paramPatterns=",y," />
  <Function name="xml*ttp.open" paramPatterns=",y,"/>
       <!--
       window.open could be either called using open or window.open(),
       make sure that this rule does not overlap with MS XML API's XMLHTTP.open().
  -->
  <Function name="open" paramPatterns="y"/>
  <Function name="*.open" paramPatterns="y"/>
  Now, when we have this applied to a file on the right url which contains fetcher.open(1,2,3), it should rewrite the second parameter, but it is rewriting the first one.
  Does anybody know about the order or specificness of the rules applied in the case above?
  Best regards,
  Tim

• LDAP Auth Rewrite Rule in Mapping file

  Hi,
  We are trying to set LDAP Auth Rewrite rule in mapping file to get users First Name & Last Name or Display name & Mail Address from LDAP Server instead of users individual client settings.
  In Messaging 5.2 we had the follwoing setting, but it does not work any more for Messaging 6.2:
  LDAP Auth Rewrite Entry in mapping file:
  AUTH_REWRITE
  *|*|*|*@* $]ldap:///dir1.domain.com:389/o=domain.com?cn?sub?(uid=$3)[$ <$]ldap:///dir1.domain.com:389/o=domain.com?mail?sub?(uid=$3)[>$Z
  We are running:
  Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
  libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
  SunOS mta 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V240
  ll appreciate for any help or clue
  Thanks

  Thanks Jay,
  Well, here is what we want to achieve.
  We are looking for re-writing the FROM address of Sender against the LDAP Entry as cn <[email protected]>. This should solve problem of where users have entered wrong FROM information on their clients or trying to spoof FROM address to other users.
  Currently, The system delivers e-mail with FROM headers as per client entry instead of re-writing it against AUTHENTICATED userid.
  Following is the IMTA.CNF and MAPPINGS lines:
  IMTA.CNF
  ! ims-ms
  ims-ms defragment subdirs 20 notices 1 3 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 2 pool IMS_POOL fileinto
  $U+$S@$D
  ! tcp_local
  tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver
  maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 mailfromdnsverify dropblank vrfyhide
  ! tcp_intranet
  tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel sasls
  witchchannel tcp_auth missingrecipientpolicy 4 mailfromdnsverify dropblank vrfyhide
  ! tcp_extranet
  tcp_extranet smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL mustsaslserver allowswitchchannel saslswitchcha
  nnel tcp_auth vrfyhide dropblank mailfromdnsverify dropblank missingrecipientpolicy 4
  ! tcp_submit
  tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipientpolicy 4
  ! tcp_auth
  tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4 authrewrite 3
  MAPPINGS file
  AUTH_REWRITE
  *|*|*|*@* $]ldap:///dir.domain.edu:389/o=domain.edu,dc=domain,dc=edu?cn?sub?(uid=$3)[$ <$]ldap:///dir.domain.edu:389
  /o=domain.edu,dc=domain,dc=edu?mail?sub?(uid=$3)[>$Z
  Thanks for your help

• I have an iMac and a NAS installed, I've made an automator based script to mount the NAS volumes, will i have to rewrite when moving to Lion?

  I have an iMac and a NAS installed, I've made an automator based script to mount the NAS volumes, will i have to rewrite when moving to Lion?

  Hi Tony,
  Long shot, but...
  Open Audio Midi Setup in Applications>Utilities, see the input & output options & KHz setting there, some things will change it for their own use, then not set it back.

• Rewrite rule and dinamic group

  I have put the rewrite rule
  domain.com $A$E$F$[email protected]
  In Java Enterprise System.
  This way, mails send to or from [email protected] are routed to mailhost and that is ok, but when I send a mail to a dinamic group, the message is not sent.
  the command imsimta test -rewrite [email protected] reports this at the end:
  Address list error -- 5.1.1 unknown or illegal alias: [email protected]
  What could be happening?
  Thanks,

  Your original rule is not the best way to go about routing to "domain.com"
  I would start by removing that rule.
  Then I would look at what you're really trying to do, here.
  If you're trying to route mails to users that are in your ldap server, then they should be automatically routed, based on the value of "mailhost" you're put in for them.
  If you're trying to route users that are not in your ldap, then you need to create a
  domain smarthost
  documentation in our provisioning guide, here:
  http://docs.sun.com/source/816-6018-10/domains.htm#29147
  Using rewrite rules for routing outside the MTA is a Bad Idea, as you've found.

• Creating LDAP filter in authorization rule OAM 10G

  Hi,
  I want to set up a LDAP filter in Authorization rule based on which i will redirect users to specific URL's. what is the syntax to writing LDAP filters in OAM authorization policy. Any pointers to documentation will be appreciated.
  Also i want to know whether authorizations always follow authentication. i.e. my redirection will be successful only after a user is authenticated in end application based on the headers we send out after successful authentication.
  Please Help
  Thanks
  Edited by: 904630 on Dec 27, 2011 5:34 AM
  Edited by: 904630 on Dec 27, 2011 5:36 AM

  Open Identity server console and check the attribute's Display Name and type in Object classes section. I recently faced a similar issue and it got fixed after providing these two values.
  Hope it works for your as well :)

• Cisco ISE - What does "Multiple Matched Rule Applies" mean?

  Hi,
  In Cisco ISE authroiztion policy configuration, what does the option "multiple matched rule applies" mean? I can understand the "first matched rule", but in "multiple matched rule" how is the "permissions picked if multiple rules match? Or, what is the logic involved in picking up the permissions, if multiple rules are matched in authorization policy.
  No where in cisco document I see any explaination for this.
  Would appreciate if any one can point me to  a document or explain me the login in selecting the persmissions if multiple rules are matched. Also, what would the use-case for this?
  Thanks and Regards,
  Mohan

  I agree with tarik & also this might be helpful for you:
  An authorization policy can  consist of a single rule or a set of rules that are user-defined. These  rules act to create a specific policy. For example, a standard policy  can include the rule name using an If-Then convention that links a value  entered for identity groups with specific condition(s) or attributes to  produce a specific set of permissions that create a unique  authorization profile. There are two authorization policy options you  can set:
  •First Matched Rules Apply
  •Multiple Matched Rule Applies
  These two options direct Cisco ISE  to use either the first matched or the multiple matched rule type  listed in the standard policy table when it matches the user's set of  permissions. These are the two types of authorization policies that you  can configure:
  •Standard
  •Exception
  Standard policies are policies  created to remain in effect for long periods of time, to apply to a  larger group of users or devices or groups, and allow access to specific  or all network endpoints. Standard policies are intended to be stable  and apply to a large groups of users, devices, and groups that share a  common set of privileges.
  Standard policies can be used as  templates in which you modify the original values to serve the needs of a  specific identity group, using specific conditions or permissions to  create another type of standard policy to meet the needs of new  divisions, or groups of users, devices, or groups in your network.
  By contrast, exception policies  are appropriately named because this type of policy acts as an exception  to the standard policies. Exception polices are intended for  authorizing limited access that is based on a variety of factors  (short-term policy duration, specific types of network devices, network  endpoints or groups, or the need to meet special conditions or  permissions or an immediate requirement).
  Exception policies are created to  meet an immediate or short-term need such as authorizing a limited  number of users, devices, or groups to access network resources. An  exception policy lets you create a specific set of customized values for  an identity group, condition, or permission that are tailored for one  user or a subset of users. This allows you to create different or  customized policies to meet your corporate, group, or network needs.
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html

• (OT) Incompatible Apache Mod-Rewrite Rules

  The following Apache mod-rewrite rule works:
  RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
  About/index.php?bout=$1 [L]
  It displays URL's like mysite/About/Webmaster and
  mysite/About/Search.
  I've finally figured out how to apply a mod-rewrite rule to
  my site's
  home page...
  RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1 [L]
  It displays URL's like mysite/Arizona and mysite/Africa.
  But when I combine them...
  RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1 [L]
  RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
  About/index.php?bout=$1 [L]
  The first rewrite rule appears to knock the second rule out
  of action.
  Does anyone know how to modify either rewrite rule to make
  them compatible?
  Thanks.

  On 4/26/06 8:52 AM, "David Blomstrom" wrote:
  > The following Apache mod-rewrite rule works:
  >
  > RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
  About/index.php?bout=$1 [L]
  >
  > It displays URL's like mysite/About/Webmaster and
  mysite/About/Search.
  >
  > I've finally figured out how to apply a mod-rewrite rule
  to my site's
  > home page...
  >
  > RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1
  [L]
  >
  > It displays URL's like mysite/Arizona and mysite/Africa.
  >
  > But when I combine them...
  >
  > RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1
  [L]
  > RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
  About/index.php?bout=$1 [L]
  >
  > The first rewrite rule appears to knock the second rule
  out of action.
  > Does anyone know how to modify either rewrite rule to
  make them compatible?
  >
  > Thanks.
  I'm not an expert on mod_rewrite, but you might be able to
  get what you want
  simply by reversing the order of the rules:
  RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
  About/index.php?bout=$1 [L]
  RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1 [L]
  In theory, that should redirect your /About pages, and the
  [L] tells Apache
  not to parse any more rewrite rules, so the first rule (which
  looks like it
  simply redirects *everything*) wouldn't come into play.
  There's something about times when Apache still parses
  rewrite rules even
  after the [L] flag, though, so that might not work. Why don't
  you see if
  that works, and if it doesn't, we can look at it further.
  Sonjay

• Changing sender email address via rewriting rules

  My objective is to change my sender email address. For example, suppose my OCS email address is [email protected] and I would to send an email to [email protected]
  John logs into yahoo mail and would see my mail. Upon opening my email, I would like John to see that the sender email address to be [email protected] so that whenever John replies my mail, the replied mail would go to [email protected] and not to [email protected]
  I read the email admin guide and I configure the Sender rewriting rules within SMTP_OUT. I have key in the following within the Sender rewriting rules: $*@test.abc.com.my,$[email protected]
  I restart the SMTP_OUT services and I check the log files in MIDTIER_HOME/oes/log/um_system/SMTP_OUT/12345
  I found out that the rewriting rules have take effect on one of the lines.
  Then I log into OCS as user Andrew with test.abc.com.my domain and send an email to yahoo.
  I open my yahoo mail, which I receive the email.
  However the sender email address remains unchanged which is [email protected]
  How can I change the sender email domain?
  thanks;
  andrew

  Your observation is very correct in terms of symptoms, not of behaviour. We have numerous ER's there enabling header rewriting, too. Obviously for you, envelope rewriting works well, without to achieve the target you want to address. Please forward your request to Support Services with an Enhancement Request for native header rewriting.
  Otherwise 3 ways:
  1 Milter C-SDK
  2 Milter general
  3 relay accomplishing this task.
  On 2,3 we have samples ready, for 3 in particular for postfix.

• IP-specific MTA rewrite rule

  Hello,
  I'm having a lot trouble understanding how to configure the iMS 6.2 MTA to do my will. I've read the MTA sections in the Messaging Server Administration Guide and still it seems that when I try to implement a rewrite rule, it doesn't work the way I thought it would.
  So with that preface, I'd like to ask:
  1) What would an imta.cnf rule look like that would route all incoming messages from a server at an IP (say 1.2.3.4) to a specific channel (say tcp_scan)?
  2) Does anyone know of any good (or even marginal) books or other resources for learning how to program the iMS MTA?
  Thank you,

  Yes, there's a book on iMS. You can get it on amazon.com.
  check out the unofficial page at:
  http://ims.balius.com
  as well.
  No, you can't use a rewrite rule to route based on source ip.
  You can use mapping file and channels for much of that. Far better to help me understand what your goal is, rather than for you to try to solve your problem by the wrong route....

• LDAP and NFS mounts/setup OSX Lion iMac with Mac Mini Lion Server

  Hello all,
  I have a local account on my iMac (Lion), and I also have a Mac Mini (Lion Server) and I want to use LDAP and NFS to mount the /Users directory, but am having trouble.
  We have a comination of Linux (Ubuntu), Windows 7 and Macs on this network using LDAP and NFS, except the windows computers.
  We have created users in workgroup management on the server, and we have it working on a few Macs already, but I wasnt there to see that process. 
  Is there a way to keep my local account separate, and still have NFS access to /Users on the server and LDAP for authentification?
  Thanks,
  -Matt

  It would make a great server. Bonus over Apple TV for example is that you have access via both wired ethernet and wireless. Plus if you load tools from XBMC, Firecore and others you have a significant media server. Cost is right too.
  Many people are doing this - google mac mini media server or other for more info.
  Total downside to any windows based system - dealing with constant anti-virus, major security hassels, lack of true media integration and PITA to update, etc.
  You should be aware that Lion Server is not ready for prime time - it stil has significant issues if you are migrating from SNL 10.6.8. If you buy an apple fresh Lion Server mac mini you should have no problems.
  You'll probably be pleased.

• Rewrite Rules for Active X

  I would like write rewriting ruleset for an ActiveX application... this the html
  <object width=100% height=100% classid="CLSID:1EE104B2-B32A-43d2-8DF1-2FD84BD00B14"
  codebase="/wi/ActiveX/WIPanelXIT.cab#Version=5,1,4,33">
  <param name=Cookie value="ITwGzbHZkSQT0">
  <param name=CacheKey value="c0">
  <param name=RepositoryID value="13">
  <param name=UniverseName value="Extracom">
  <param name=UniverseID value="70">
  <param name=HostURL value="/wi/bin/iswi.dll">
  <param name=ResultsPageURL value="http://mydomain/docViewFrameTop.asp">
  <param name=AllowRefresh value="-1">
  <param name=AllowLOVRefresh value="-1">
  <param name=AllowViewSQL value="-1">
  <param name=AllowDrill value="-1">
  </object>
  I need that the gateway rewrites only the parameters ResultsPageURL and HostURL. The rewrite is applied only to the tag codebase.
  With Portal Sun 3.0 I have implemented the rules but the ActiveX application doesn't work. Someone have a similar problem with ActiveX? Any suggestion?
  Thank you in advance.
  Best Regards
  Fausto

  Thanks a lot Jay. Everything is working fine.
  I managed to make things work following your advice but without calling tech support.
  I am using mailEquivalentAddress attributes for users with domain.nl addresses. In our case, some users have domain.com AND domain.nl addresses while others only have the domain.com.
  All rewriting works like a charm. I have set up noreverse on channels to forbid rewriting of "from" addresses, and the mailEquivalentAddress attributes deny rewriting of the "to" when mail is sent to these particular users.
  Could you explain why the noreverse is discouraged? Would there be a rewriting rule that would do the same?
  I can see reasons why not having rewriting would be an issue. If I find a solution to not having something as "strict" as the noreverse, I will indeed go in that direction.
  Thanks again for your help.
  Hyde

• URL Rewrite Rule: HTTP to HTTPS Not Working

  Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
  features.
  I've trolled through the Internet for 2 days now for solutions to my problem, including the ones provided by the TechNet forums and by MVP Scott Forsyth. I've tried over 30 solutions, and none have resolved my issue. Granted some of the solutions I've tried
  may have been repeats of others. After trying so many, I have had a hard time discerning the differences. Does it really matter, for instance if the pattern match for the {HTTPS} input is specified as
  "^off$" or just "off"? I see this discrepancy (among others) everywhere. It seems like there are so many variations out there. It is quite confusing for the uninitiated and the newbies like myself to the
  URL Rewrite technology. I have enabled and consulted my "Failed Request Tracing Rules" logs but cannot make any sense of the cryptic information it is providing.
  I just cannot get my reverse proxy server to redirect http requests from the Internet to https to my internal web server. When a user specifies "https://server1.xxxxx.com". he is able to access the internal server via the reverse proxy (IIS) server.
  But when he specifies "http://server1.xxxxx.com" he receives "Server Error 500 - Internal server error.There is a problem with the resource you are looking for, and it cannot be displayed."
  At this point I am at my wits end, and am even considering configuring the protocol translation on our firewall. But this not my preference as it presents another layer of complexity, and device to troubleshoot later on. Below I've pasted my entire web.config
  file with my most current version of the rule in question (in bold) for your review. I started to paste just the specific rule, but thought you might need to see the entire file in case something else may be conflicting with the rule.
  Thank you in advance for your help.
  Dave Robinson
  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
      <system.webServer>
          <rewrite>
                <rules>
                  <clear />
  <rule name="HTTP to HTTPS Redirect" enabled="true" stopProcessing="true">
                  <match url="(.*)" />
                 <conditions>
                    <add input="{HTTPS}" pattern="off" />
                  </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Found" />
                  </rule>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                      <match url="(.*)" />
                      <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                          <add input="{CACHE_URL}" pattern="^(https?)://" />
                      </conditions>
                      <serverVariables>
                          <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                          <set name="HTTP_ACCEPT_ENCODING" value="" />
                  </serverVariables>
                      <action type="Rewrite" url="{C:1}://server1.xxxxx.com/{R:1}" />
                  </rule>
              </rules>
              <outboundRules>
                  <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
                  <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
                  <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
                  </rule>
                  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                      <match filterByTags="A, Form, Img" pattern="^http(s)?://server1.xxxxx.com/(.*)" />
                      <action type="Rewrite" value="http{R:1}://server1.xxxxx.local/{R:2}" />
                  </rule>
                  <preConditions>
                      <preCondition name="ResponseIsHtml1">
                          <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                      </preCondition>
                      <preCondition name="NeedsRestoringAcceptEncoding">
                          <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
                      </preCondition>
                  </preConditions>
              </outboundRules>
          </rewrite>
          <tracing>
              <traceFailedRequests>
                  <add path="*">
                      <traceAreas>
                          <add provider="ASP" verbosity="Verbose" />
                          <add provider="ISAPI Extension" verbosity="Verbose" />
                          <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket"
  verbosity="Verbose" />
                      </traceAreas>
  <failureDefinitions timeTaken="00:00:00" statusCodes="404" />
                  </add>
              </traceFailedRequests>
          </tracing>
          <httpErrors errorMode="Custom" />
          <httpRedirect enabled="false" destination="" exactDestination="false" childOnly="false" httpResponseStatus="Permanent" />
      </system.webServer>
  </configuration>

  On Wed, 28 Jan 2015 17:53:41 +0000, dwrobins2000 wrote:
  Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
  features.
  Web/IIS related issues are better posted where the IIS experts are:
  http://forums.iis.net
  Paul Adare - FIM CM MVP
  "The equivalent of treating dandruff by decapitation"
  -- Frank Zappa on the Parents Music Resource Center' censorship plans

• How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?

  How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?  We have a super awesome contacts server that works great for our Mac users.  About 30% of our company are on PCs, and I would like to use the Mozilla Thunderbird mail client for them.  I see that in Thunderbird I can set up LDAP searching, and would like to have this feature point to our contacts server.  I've tried several different settings, and looked all over the web, but could not find the proper way to configure this.  Does anyone know if this can be done, or if not, would have a better suggestion?  Thank you for your time!!

  try double clicking keychain acces should launch and ask if you want to install login, system, System roots
  A dialog box will launch asking where to install the cert since your configuring a vpn I would put the certificate it in system.

• Configuring postfix on Mountain Lion Server

  I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server.  The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
  I would like to configure Postfix to only accept email that is forwarded from a gmail business account.  The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to  [email protected]
  The server WAN domain is nonpublic.com  The ip address is 96.231.165.126
  The server LAN is nonpublic.local  The ip address is 10.6.18.201
  The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
  The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch.  The external traffic to the WAN flows through the switch as tagged packets.  The LAN traffic is not tagged.  The VLAN connection is running 802.1q
  When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
  I can send emails from a client on the LAN through this server with no problems.  The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info.  I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
  I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
  I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application.  I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
  What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
  I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
  Any help would be appreciated.

  MrHoffman, thank you for your response to my challenge to get the new test server working.  This is a migration from Snow Leopard Server to Mountain Lion Server.
  Here is the "checkhostname" test results:
  blue:~ admin$ sudo changeip -checkhostname
  Password:
  Primary address     = 96.231.165.211
  Current HostName    = blue.pderby.com
  DNS HostName        = blue.pderby.com
  The names match. There is nothing to change.
  dirserv:success = "success"
  blue:~ admin$
  Here is the response from postconf -n
  blue:~ admin$ postconf -n
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  data_directory = /var/lib/postfix
  debug_peer_level = 2
  debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
  dovecot_destination_recipient_limit = 1
  html_directory = /usr/share/doc/postfix/html
  imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
  inet_interfaces = loopback-only
  inet_protocols = all
  mail_owner = _postfix
  mailbox_size_limit = 0
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  message_size_limit = 10485760
  mydomain_fallback = localhost
  newaliases_path = /usr/bin/newaliases
  queue_directory = /Library/Server/Mail/Data/spool
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpd_tls_ciphers = medium
  smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
  tls_random_source = dev:/dev/urandom
  unknown_local_recipient_reject_code = 550
  use_sacl_cache = yes
  blue:~ admin$
  I agree that I should change the LAN domain from .local to something like .internal or whatever.   I've been running with .local for 5 years  on snow leopard server and never had any problems so that was a low priority.
  I hope I'm just not seeing some obvious setting in main.cf