Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
We have two locations, each has a different inbound Internet connection. At each location we've got a system running SuSE Linux, Postfix, SpamAssassin, ClamAV. Mail from Internet goes to one or the other SuSE server, from there, we send it to a Barracuda Spam Firewall. Any messages that make it through the Barracuda, go to our end user mail server (running MS Exchange). We do it this way for a couple reasons, first, the Barracuda provides (I believe) a better or at least additional level of protection, second, by using the Linux systems as our Internet gateway devices, we only need to purchase one Barracuda for two Internet gateways. We do not filter any outbound mail so the only mail going to the Barracuda is inbound from the SuSE servers. There are messages *to* users in invalid domains slipping through the SuSE Linux systems and I'm not sure why. By "invalid domains" I mean domains which are not part of my organization (see more info below). The invalid domains in question are not listed in the relay_domains section of the main.cf file nor are there any users listed in the relay_recipients file @ any of the invalid domains. Any Postfix experts out there have a suggestion? The mail logs show destination addresses like this: <iqajikyye5444-/NLkJaSkS4VmR6Xm/wNWPw at public.gmane.org> -> <usera-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org> <211348-L/z2y13EZm7SIgtug19BYg at public.gmane.org> -> <userb-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org> <phonicsm59-4wFGN7jjRgUnY65CHQtRwM9s1Mcm9ETHVpNB7YpNyf8 at public.gmane.org> -> <userc-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org> NOTE: I substituted the real user email addresses with usera-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org, userb-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org, and userc-3Q2Tfjf0mewU04JRNCRQjg at public.gmane.org Is this the same as "sender specific routing"? It looks like this is disabled by default: http://www.postfix.org/postconf.5.ht...rusted_routing<http://www.postfix.org/postconf.5.html#allow_untrusted_routing> Here's the main.cf file, please note that I did not include commented out info and I've changed the data under relay_domains and myhostname. queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix unknown_local_recipient_reject_code = 550 relay_domains = <my domain> <my 2nd domain> <my 3rd domain> <my 4th domain> <my 5th domain> relay_recipient_maps = hash:/etc/postfix/relay_recipients debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop html_directory = /usr/share/doc/packages/postfix/html manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES inet_protocols = ipv4 biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = <THIS SERVER NAME> program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = mydestination = $myhostname, localhost.$mydomain defer_transports = disable_dns_lookups = no relayhost = [127.0.0.1]:10024 mailbox_command = mailbox_transport = strict_8bitmime = no disable_mime_output_conversion = no smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain, hash:/etc/postfix/whitelist_senders smtpd_client_restrictions = reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net smtpd_helo_required = yes smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = reject_unauth_destination, reject_unknown_recipient_domain, permit_mynetworks allow_untrusted_routing = no smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtpd_use_tls = no smtp_use_tls = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 25600000 smtp_helo_timeout = 120 smtp_data_init_timeout = 10m smtp_data_xfer_timeout = 10m Again, any settings not shown, are not specified in main.cf. Thanks in advance Scott
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |