From: Val Polyakov (no email)
Date: Mon Oct 01 2007 - 15:19:02 EDT
Logs didn't mention it, but I did take out vmsinfo.com out of relay_domains
It didn't help however, its still letting emails through although they aren't
listed in valid_emails
Val
В сообщении от Monday 01 October 2007 03:09:13 pm mouss написал(а):
> Val Polyakov wrote:
> > Hello
> >
> > I am running postfix 2.4.5 here..
> >
> > The current setup is as follows: mail comes in to our "border" mail
> > server which scans it for spam/viruses and hands it off to an internal
> > postfix server
> >
> > The internal postfix servers utilize this:
> > local_recipient_maps = proxy:unix:passwd.byname $alias_maps
> >
> > So they reject all mail that goes to nonexistent accounts.
> >
> > However, I want the emails addressed to nonexistent emails to never make
> > it to the internal postfix servers, I want the border gateway to reject
> > those... but I also do not want to put our internal aliases file onto the
> > "border" postfix servers, in case they are ever broken into I do not want
> > the attackers to see our internal server names (border gateways are in
> > the DMZ).
> >
> > So, I made a valid_emails file with a script, in the format of:
> > OK
> > (thats a tab between the email and the OK)
> >
> > I put the following directive in main.cf :
> > relay_recipient_maps = hash:/etc/postfix/valid_emails
> >
> > I also ran postmap hash:/etc/postfix/valid_emails and it created
> > valid_emails.db ..
> >
> > However, upon testing, the border gateway still relays the email to our
> > internal mail server (although the email address does not exist).
> >
> > I read these links (but I do not see what I did wrong):
> > http://www.postfix.org/postconf.5.html#relay_recipient_maps
> > http://www.postfix.org/ADDRESS_CLASS_README.html
> > http://www.postfix.org/ADDRESS_CLASS_README.html#relay_domain_class
> >
> > Here's the output of postconf -n on the "border" gateway:
> >
> > -----------
> > alias_database = hash:/etc/aliases
> > alias_maps = hash:/etc/aliases
> > command_directory = /usr/sbin
> > config_directory = /etc/postfix
> > content_filter = imss:localhost:10025
> > daemon_directory = /usr/libexec/postfix
> > debug_peer_level = 2
> > default_process_limit = 400
> > delay_warning_time = 6h
> > html_directory = no
> > inet_interfaces = all
> > local_recipient_maps =
> > mail_owner = postfix
> > mailq_path = /usr/bin/mailq.postfix
> > manpage_directory = /usr/share/man
> > maximal_queue_lifetime = 3d
> > message_size_limit = 15728640
> > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> > mydomain = vmsinfo.com
> > myhostname = lpo-relay-03.vmsinfo.com
> > mynetworks = 127.0.0.1, 66.194.0.150, 66.162.41.162, 10.0.0.0/8,
> > 216.169.0.0/16
> > newaliases_path = /usr/bin/newaliases.postfix
> > qmgr_message_active_limit = 50000
> > queue_directory = /var/spool/postfix
> > readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> > relay_domains = $mydestination,vidmon.com, vidmon.net, vmsinfo.com,
> > sis-us.com, sis-na.com, vmsdigital.com, statewidemonitoring.com,
> > kirk.vmsinfo.com, r2d2.vmsinfo.com, prtrak.com, vmsads.com,
> > vmsadsearch.com, vmsnews.com, integratedperspective.com
> > relay_recipient_maps = hash:/etc/postfix/valid_emails
> > sample_directory = /usr/share/doc/postfix-2.2.10/samples
> > sendmail_path = /usr/sbin/sendmail.postfix
> > setgid_group = postdrop
> > smtpd_banner = ESMTP Postfix with TrendMicro InterScan Messaging Security
> > Suite
> > smtpd_enforce_tls = no
> > smtpd_recipient_limit = 1000
> > smtpd_timeout = 300s
> > smtpd_use_tls = no
> > transport_maps = hash:/etc/postfix/transport
> > unknown_local_recipient_reject_code = 550
>
> your logs should tell you that you should not list a domain in both
> relay_domains and mydestination.
|
|
|