Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Postfix problem



We have two locations, each has a different inbound Internet connection. At
each location we've got a system running SuSE Linux, Postfix, SpamAssassin,
ClamAV. Mail from Internet goes to one or the other SuSE server, from there,
we send it to a Barracuda Spam Firewall. Any messages that make it through
the Barracuda, go to our end user mail server (running MS Exchange).

We do it this way for a couple reasons, first, the Barracuda provides (I
believe) a better or at least additional level of protection, second, by
using the Linux systems as our Internet gateway devices, we only need to
purchase one Barracuda for two Internet gateways. We do not filter any
outbound mail so the only mail going to the Barracuda is inbound from the
SuSE servers.

There are messages *to* users in invalid domains slipping through the SuSE
Linux systems and I'm not sure why. By "invalid domains" I mean domains
which are not part of my organization (see more info below). The invalid
domains in question are not listed in the relay_domains section of the
main.cf file nor are there any users listed in the relay_recipients file @
any of the invalid domains. Any Postfix experts out there have a suggestion?

The mail logs show destination addresses like this:
<iqajikyye5444-/NLkJaSkS4VmR6Xm/wNWPw at public.gmane.org> -> <usera-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org>
<211348-L/z2y13EZm7SIgtug19BYg at public.gmane.org> -> <userb-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org>
<phonicsm59-4wFGN7jjRgUnY65CHQtRwM9s1Mcm9ETHVpNB7YpNyf8 at public.gmane.org> -> <userc-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org>
NOTE: I substituted the real user email addresses with usera-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org,
userb-3Q2Tfjf0mexWk0Htik3J/w at public.gmane.org, and userc-3Q2Tfjf0mewU04JRNCRQjg at public.gmane.org
Is this the same as "sender specific routing"?
It looks like this is disabled by default:
http://www.postfix.org/postconf.5.ht...rusted_routing<http://www.postfix.org/postconf.5.html#allow_untrusted_routing>

Here's the main.cf file, please note that I did not include commented out
info and I've changed the data under relay_domains and myhostname.

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
relay_domains = <my domain>
<my 2nd domain>
<my 3rd domain>
<my 4th domain>
<my 5th domain>
relay_recipient_maps = hash:/etc/postfix/relay_recipients
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = ipv4
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = <THIS SERVER NAME>
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = no
relayhost = [127.0.0.1]:10024
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access,
reject_unknown_sender_domain, hash:/etc/postfix/whitelist_senders
smtpd_client_restrictions = reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net
smtpd_helo_required = yes
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = reject_unauth_destination,
reject_unknown_recipient_domain, permit_mynetworks
allow_untrusted_routing = no
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 25600000
smtp_helo_timeout = 120
smtp_data_init_timeout = 10m
smtp_data_xfer_timeout = 10m


Again, any settings not shown, are not specified in main.cf.


Thanks in advance
Scott






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org