|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mlist.only
free.fr)
Date: Mon Oct 01 2007 - 14:09:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Val Polyakov wrote:
> Hello
>
> I am running postfix 2.4.5 here..
>
> The current setup is as follows: mail comes in to our "border" mail server
> which scans it for spam/viruses and hands it off to an internal postfix
> server
>
> The internal postfix servers utilize this:
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
>
> So they reject all mail that goes to nonexistent accounts.
>
> However, I want the emails addressed to nonexistent emails to never make it to
> the internal postfix servers, I want the border gateway to reject those...
> but I also do not want to put our internal aliases file onto the "border"
> postfix servers, in case they are ever broken into I do not want the
> attackers to see our internal server names (border gateways are in the DMZ).
>
> So, I made a valid_emails file with a script, in the format of:
> userdomain.com OK
> (thats a tab between the email and the OK)
>
> I put the following directive in main.cf :
> relay_recipient_maps = hash:/etc/postfix/valid_emails
>
> I also ran postmap hash:/etc/postfix/valid_emails and it created
> valid_emails.db ..
>
> However, upon testing, the border gateway still relays the email to our
> internal mail server (although the email address does not exist).
>
> I read these links (but I do not see what I did wrong):
> http://www.postfix.org/postconf.5.html#relay_recipient_maps
> http://www.postfix.org/ADDRESS_CLASS_README.html
> http://www.postfix.org/ADDRESS_CLASS_README.html#relay_domain_class
>
> Here's the output of postconf -n on the "border" gateway:
>
> -----------
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = imss:localhost:10025
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_process_limit = 400
> delay_warning_time = 6h
> html_directory = no
> inet_interfaces = all
> local_recipient_maps =
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> maximal_queue_lifetime = 3d
> message_size_limit = 15728640
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> mydomain = vmsinfo.com
> myhostname = lpo-relay-03.vmsinfo.com
> mynetworks = 127.0.0.1, 66.194.0.150, 66.162.41.162, 10.0.0.0/8,
> 216.169.0.0/16
> newaliases_path = /usr/bin/newaliases.postfix
> qmgr_message_active_limit = 50000
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> relay_domains = $mydestination,vidmon.com, vidmon.net, vmsinfo.com,
> sis-us.com, sis-na.com, vmsdigital.com, statewidemonitoring.com,
> kirk.vmsinfo.com, r2d2.vmsinfo.com, prtrak.com, vmsads.com, vmsadsearch.com,
> vmsnews.com, integratedperspective.com
> relay_recipient_maps = hash:/etc/postfix/valid_emails
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_banner = ESMTP Postfix with TrendMicro InterScan Messaging Security
> Suite
> smtpd_enforce_tls = no
> smtpd_recipient_limit = 1000
> smtpd_timeout = 300s
> smtpd_use_tls = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
>
your logs should tell you that you should not list a domain in both
relay_domains and mydestination.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]