From: Kristian Vilmann (no email)
Date: Wed Oct 01 2003 - 05:19:52 EDT
AUTHOR writes: Owen Becker
> We had the same problem when we switched to cisco for the coporate vpn
> stuff.
> Apparently, cisco does some protocol level scrubbing that breaks some smtp
> implementaions. You can easily turn it off. Consult your local cisco guru.
> Owen
Hello again,
Does anybody have further info on this matter?
The network-people don't want to to change anything unless they have
documentation and all kinds of things.....
Also:
is it possible to tell postfix only to accept mail from a couple of
external addresses?
All mail goes through one of these no-spam companies (rather ironic
actually :)), so until I can convince some to try to change the Pix, it
should be possible to reject mail not coming from the No-Spam company.
/kristian
> On 30 Sep 2003 21:03:50 +0200, Kristian Vilmann wrote
>> Greetings!
>>
>> I'm managing several postfix-servers for customers.
>> One of them suddenly started to relay mail not bound for itself.
>> (more than 11000 mails for 130.000 recipients at hotmail.com)
>>
>> It's an old postfix, but the configuration hasn't changed for at
>> least a year.
>>
>> I'm a little confused here. I can't really figure out what's happening.
>>
>> I noticed something that looks like a Cisco Pix in front of it:
>>
>> # telnet mail.server.dom smtp
>> Trying xx.xx.xx.xx...
>> Connected to mail.server.dom.
>> Escape character is '^]'.
>> 220 ****2**************************
>>
>> I don't know anything about the network in front of the mailserver
>>
>> >From the server itself the same thing looks like this:
>>
>> # telnet localhost smtp
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> 220 mail.server.dom ESMTP Postfix
>>
>> Is it possible that the Cisco (or whatever it is) is tricking
>> postfix to believe that it's not relaying when it actually is?
>>
>> I searched the Net but couldn't find anything useful
>>
>> Any input or hints will be greatly appreciated.
>>
>> # /opt/postfix/sbin/postconf mail_version
>> mail_version = Postfix-20010228-pl04
>> # /opt/postfix/sbin/postconf -n
>> command_directory = /opt/postfix/sbin
>> daemon_directory = /opt/postfix/libexec
>> debug_peer_level = 2
>> mail_owner = postfix
>> mydestination = $myhostname, localhost.$mydomain, server.dom
>> myhostname = mail.server.dom
>> mynetworks = 10.0.0.0/8, 127.0.0.0/8
>> myorigin = $mydomain
>> queue_directory = /var/spool/postfix
>> smtpd_banner = $myhostname ESMTP $mail_name
>> smtpd_recipient_restrictions = reject_non_fqdn_sender,
>> reject_non_fqdn_recipient, reject_unknown_sender_domain,
>> reject_unknown_recipient_domain, permit_mynetworks,
>> reject_invalid_hostname, reject_non_fqdn_hostname,
>> check_relay_domains transport_maps = dbm:/etc/postfix/transport
>> #
>>
>> /kristian
>> --
>> Kristian Vilmann - Linuxforum HQ
>> http://linuxforum.dk/
>> Dansk Opensource event 5. og 6. marts 2004
>
>
>
> /----------------------------------------------
> | You live and learn. Or you don't live long.
> | --Robert A. Heinlein
> \----------------------------------------------
>
>
--
|
|
|