OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: Postfix and Exchange, oh joy
From: Malcolm Tester (MTestercambric.com)
Date: Mon Sep 25 2000 - 11:37:45 CDT

Ok, I started over. I've narrowed the problem down into two pieces. Or
maybe it's really one piece. My main.cf paramaters that matter:

mydestination = $myhostname, localhost.$mydomain, $mydomain, exchangeserver,
exchangeserver.$mydomain
relay_domains = $mydestination
alias_maps = dbm:/opt/postfix/etc/aliases
alias_database = dbm:/opt/postfix/etc/aliases
relayhost = 192.168.1.36
masquerade_domains = cambric.com
masquerade_exceptions = root
smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains (See
Note 1)
canonical_maps = dbm:/opt/postfix/etc/canonical

I'm not rejecting mail, but it's not relaying it properly either. If I
telnet to localhost 25 and run a sample, this is what I get in the maillog.
Note that in my aliases file, mtester: mtesterexchangeserver

Sep 25 09:55:37 amazon postfix/smtpd[1847]: connect from
localhost[127.0.0.1]
Sep 25 09:55:47 amazon postfix/smtpd[1847]: 6EE49F0A13:
client=localhost[127.0.0.1]
Sep 25 09:55:57 amazon postfix/cleanup[1849]: 6EE49F0A13:
message-id=<20000925155547.6EE49F0A13amazon.cambric.com>
Sep 25 09:55:57 amazon postfix/qmgr[1836]: 6EE49F0A13:
from=<rootamazon.cambric.com>, size=352 (queue active)
Sep 25 09:55:58 amazon postfix/local[1852]: 6EE49F0A13:
to=<mtesterexchangeserver.cambric.com>, relay=local, delay=11, status=sent
(mailbox)
Sep 25 09:55:58 amazon postfix/smtpd[1847]: disconnect from
localhost[127.0.0.1]

If someone on the outside tries to send me mail, (from:
someonesomewhere.com to: mtestercambric.com):

[lots of the same stuff as below]
Sep 25 09:41:14 amazon postfix/smtpd[1611]: connect from
firewall[192.168.1.36]
Sep 25 09:41:14 amazon postfix/smtp[1617]: 14AF4F0A16:
to=<mtestercambric.com>, relay=192.168.1.36[192.168.1.36], delay=0,
status=sent (250 Ok: queued as 4F81D18FAC)
Sep 25 09:41:14 amazon postfix/smtpd[1611]: 4A53FF0A16:
client=firewall[192.168.1.36]
Sep 25 09:41:14 amazon postfix/cleanup[1609]: 4A53FF0A16: message-id=
F9DDDD6BB084D3118D050008C75D8E90B0F69Esomewhere.com>
Sep 25 09:41:14 amazon postfix/smtpd[1611]: disconnect from
firewall[192.168.1.36]
Sep 25 09:41:14 amazon postfix/qmgr[1563]: 4A53FF0A16:
from=<someonesomewhere.com>, size=11542 (queue active)
Sep 25 09:41:15 amazon postfix/smtpd[1615]: disconnect from
firewall[192.168.1.36]
Sep 25 09:41:19 amazon postfix/smtp[1613]: 4A53FF0A16:
to=<mtestermailhost.cambric.com>, relay=192.168.1.36[192.168.1.36],
delay=5, status=bounced (host 192.168.1.36[192.168.1.36] said: 554 Error:
too many hops)
Sep 25 09:41:19 amazon postfix/cleanup[1619]: 744FEF0A19:
message-id=<20000925154119.744FEF0A19amazon.cambric.com>
Sep 25 09:41:19 amazon postfix/qmgr[1563]: 744FEF0A19: from=<>, size=12805
(queue active)
Sep 25 09:41:19 amazon postfix/smtp[1617]: 744FEF0A19:
to=<someonesomewhere>, relay=192.168.1.36[192.168.1.36], delay=0,
status=sent (250 Ok: queued as A977F18FAB)

So it ends up looping the mail between the localhost and the
firewall/relayhost. The problem is that outgoing mail _should_ be going to
192.168.1.36 (relayhost). But incoming mail is being redirected right back
to it as well. The aliases file isn't being looked at...or it's being
ignored. So the question is, should I not use relayhost? If I turn that
off, I get messages from incoming mail like:

Sep 25 10:14:00 amazon postfix/smtpd[2057]: disconnect from
firewall[192.168.1.36]
Sep 25 10:14:00 amazon postfix/qmgr[2054]: 6DE24F0A14: from=<acwnerm.com>,
size=2540 (queue active)
Sep 25 10:14:00 amazon postfix/local[2063]: 6DE24F0A14:
to=<mtesterexchangeserver.cambric.com>, relay=local, delay=0, status=sent
(mailbox)

Which delivers it to the local unix mailbox and ignores the aliases file.
And for any mail that is "outgoing", it tries to connect directly and
therefore:

Sep 25 10:17:30 amazon postfix/smtp[2065]: connect to
mail-intake-1.iname.net[165.251.8.70]: Connection timed out (port 25)

because it is on the inside.

So I think I have to have relayhost turned on. But how to I get postfix to
read the aliases file and send the mail on to the useranotherhost? And no,
I don't have luser_ or transport_maps turned on.

Regards,
Malcolm

P.S. This would be simple if I were only using one instance of Postfix. If
I take out the middle Postfix, it works great. But I have to leave it in
the middle, and I think this is what makes it unique from the other
exchange/postfix problems I've read about.

-> -----Original Message-----
-> From: wietseporcupine.org [mailto:wietseporcupine.org]
-> Sent: Friday, September 22, 2000 1:22 PM
-> To: postfix-userspostfix.org
-> Subject: Re: Postfix and Exchange, oh joy
->
->
-> Malcolm Tester:
-> >
-> > True. I use transport_maps with
-> >
-> > cambric.com smtp:[exchangeserver]
-> > .cambric.com smtp:[exchangeserver]
-> > localhost.cambric.com local:
-> >
-> > If I turn that off though, then the two Postfix
-> installations start looping
-> > the mail through each other until it reaches max_hops.
->
-> Then you still have some forwarding turned on via god knows what.
-> I suggest you throw away main.cf and start with a fresh one, test
-> one change at a time, back out when something breaks.
->
-> > If I add the
-> > local_recipient_maps, nothing changes.
->
-> local_recipient_maps affects only recipients in domains that
-> are listed
-> as local, in the mydestination parameter.
->
-> > Is there a way to forward incoming mail for known local
-> users without using
-> > the transport_maps?
->
-> That is what the virtual or aliases database is for. That changes
-> the envelope recipient address.
->
-> Wietse
->