From: Paul Hutchings (no email)
Date: Wed Oct 01 2003 - 05:20:51 EDT
The cisco site would be a good place to start, though if you look on google
for "smtp fixup pix" you should find some useful info and well.
regards,
Paul
-- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378, Fax: 44 (0)24 7635 8378 mailto: -----Original Message----- From: Kristian Vilmann [mailto:] Sent: 01 October 2003 10:20 To: Postfix users Subject: Re: Cisco playing with me again? AUTHOR writes: Owen Becker > We had the same problem when we switched to cisco for the coporate vpn > stuff. > Apparently, cisco does some protocol level scrubbing that breaks some smtp > implementaions. You can easily turn it off. Consult your local cisco guru. > Owen Hello again, Does anybody have further info on this matter? The network-people don't want to to change anything unless they have documentation and all kinds of things..... Also: is it possible to tell postfix only to accept mail from a couple of external addresses? All mail goes through one of these no-spam companies (rather ironic actually :)), so until I can convince some to try to change the Pix, it should be possible to reject mail not coming from the No-Spam company. /kristian > On 30 Sep 2003 21:03:50 +0200, Kristian Vilmann wrote >> Greetings! >> >> I'm managing several postfix-servers for customers. >> One of them suddenly started to relay mail not bound for itself. >> (more than 11000 mails for 130.000 recipients at hotmail.com) >> >> It's an old postfix, but the configuration hasn't changed for at >> least a year. >> >> I'm a little confused here. I can't really figure out what's happening. >> >> I noticed something that looks like a Cisco Pix in front of it: >> >> # telnet mail.server.dom smtp >> Trying xx.xx.xx.xx... >> Connected to mail.server.dom. >> Escape character is '^]'. >> 220 ****2************************** >> >> I don't know anything about the network in front of the mailserver >> >> >From the server itself the same thing looks like this: >> >> # telnet localhost smtp >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> 220 mail.server.dom ESMTP Postfix >> >> Is it possible that the Cisco (or whatever it is) is tricking >> postfix to believe that it's not relaying when it actually is? >> >> I searched the Net but couldn't find anything useful >> >> Any input or hints will be greatly appreciated. >> >> # /opt/postfix/sbin/postconf mail_version >> mail_version = Postfix-20010228-pl04 >> # /opt/postfix/sbin/postconf -n >> command_directory = /opt/postfix/sbin >> daemon_directory = /opt/postfix/libexec >> debug_peer_level = 2 >> mail_owner = postfix >> mydestination = $myhostname, localhost.$mydomain, server.dom >> myhostname = mail.server.dom >> mynetworks = 10.0.0.0/8, 127.0.0.0/8 >> myorigin = $mydomain >> queue_directory = /var/spool/postfix >> smtpd_banner = $myhostname ESMTP $mail_name >> smtpd_recipient_restrictions = reject_non_fqdn_sender, >> reject_non_fqdn_recipient, reject_unknown_sender_domain, >> reject_unknown_recipient_domain, permit_mynetworks, >> reject_invalid_hostname, reject_non_fqdn_hostname, >> check_relay_domains transport_maps = dbm:/etc/postfix/transport >> # >> >> /kristian >> -- >> Kristian Vilmann - Linuxforum HQ >> http://linuxforum.dk/ >> Dansk Opensource event 5. og 6. marts 2004 > > > > /---------------------------------------------- > | You live and learn. Or you don't live long. > | --Robert A. Heinlein > \---------------------------------------------- > > --
|
|
|