You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2008/01/12 17:04:30 UTC
Postfix Question with front end filtering [OT]
Sorry for the OT question but just need a quick answer from a postfix
expert.
Here's the problem. I run a front end spam filtering service. Email from
the world comes in, I clean it, and send the good email to the original
server. However sometimes because my service is now the primary MX when
I forward the good email the recipient server (running Postix) rejects
the email (relaying denied) because it no longer things it is hosting
the domain locally.
How do I tell postfix that it is the final destination of email for
domains where it is not the primary MX?
Thanks in advance.
Re: Postfix Question with front end filtering [OT]
Posted by Marc Perkel <ma...@perkel.com>.
Bill Randle wrote:
> On Sat, 2008-01-12 at 08:14 -0800, Marc Perkel wrote:
>
>> Ralf Hildebrandt wrote:
>>
>>> * Marc Perkel <ma...@perkel.com>:
>>>
>>>
>>>> Sorry for the OT question but just need a quick answer from a postfix
>>>> expert.
>>>>
>>>> Here's the problem. I run a front end spam filtering service. Email from the
>>>> world comes in, I clean it, and send the good email to the original server.
>>>> However sometimes because my service is now the primary MX when I forward
>>>> the good email the recipient server (running Postix) rejects the email
>>>> (relaying denied) because it no longer things it is hosting the domain
>>>> locally.
>>>>
>>>>
>>> And how is that machine configured?
>>>
>>>
>>>
>>>> How do I tell postfix that it is the final destination of email for domains
>>>> where it is not the primary MX?
>>>>
>>>>
>>> That depends on the domain class the domain is in (local, relay,
>>> virtual)
>>>
>>>
>>>
>> I'm asking for someone else and I don't yet have their configuration.
>> And I know very little about Postfix (I do Exim). I'm just hoping that
>> someone who knows postfix just says something like you have to set
>> something = true or you have to put the domains in some standard list
>> or something easy like that.
>>
>
> Make sure the final target domain is listed in 'mydestination' in
> /etc/postfix/main.cf and that 'mydomain' is also set correctly. A
> typical main.cf file might have something like this (among other
> entries):
> mydomain = mydomain.tld
> myhostname = myhost.mydomain.tld
> mydestination = $myhostname, $mydomain, localhost
>
> Don't forget to do a 'postfix reload' after making any changes.
>
> -Bill
>
>
Thanks Bill,
I was wondering if this might be a factor?
*permit_auth_destination*
Permit the request when one of the following is true:
* Postfix is mail forwarder: the resolved RCPT TO address
matches $relay_domains
<http://www.postfix.org/postconf.5.html#relay_domains> or a
subdomain thereof, and the address contains no
sender-specified routing (user@elsewhere@domain),
* Postfix is the final destination: the resolved RCPT TO address
matches $mydestination
<http://www.postfix.org/postconf.5.html#mydestination>,
$inet_interfaces
<http://www.postfix.org/postconf.5.html#inet_interfaces>,
$proxy_interfaces
<http://www.postfix.org/postconf.5.html#proxy_interfaces>,
$virtual_alias_domains
<http://www.postfix.org/postconf.5.html#virtual_alias_domains>,
or $virtual_mailbox_domains
<http://www.postfix.org/postconf.5.html#virtual_mailbox_domains>,
and the address contains no sender-specified routing
(user@elsewhere@domain).
**
Re: Postfix Question with front end filtering [OT]
Posted by Bill Randle <bi...@neocat.org>.
On Sat, 2008-01-12 at 08:14 -0800, Marc Perkel wrote:
>
>
> Ralf Hildebrandt wrote:
> > * Marc Perkel <ma...@perkel.com>:
> >
> > > Sorry for the OT question but just need a quick answer from a postfix
> > > expert.
> > >
> > > Here's the problem. I run a front end spam filtering service. Email from the
> > > world comes in, I clean it, and send the good email to the original server.
> > > However sometimes because my service is now the primary MX when I forward
> > > the good email the recipient server (running Postix) rejects the email
> > > (relaying denied) because it no longer things it is hosting the domain
> > > locally.
> > >
> >
> > And how is that machine configured?
> >
> >
> > > How do I tell postfix that it is the final destination of email for domains
> > > where it is not the primary MX?
> > >
> >
> > That depends on the domain class the domain is in (local, relay,
> > virtual)
> >
> >
>
> I'm asking for someone else and I don't yet have their configuration.
> And I know very little about Postfix (I do Exim). I'm just hoping that
> someone who knows postfix just says something like you have to set
> something = true or you have to put the domains in some standard list
> or something easy like that.
Make sure the final target domain is listed in 'mydestination' in
/etc/postfix/main.cf and that 'mydomain' is also set correctly. A
typical main.cf file might have something like this (among other
entries):
mydomain = mydomain.tld
myhostname = myhost.mydomain.tld
mydestination = $myhostname, $mydomain, localhost
Don't forget to do a 'postfix reload' after making any changes.
-Bill
Re: Postfix Question with front end filtering [OT]
Posted by mouss <mo...@netoyen.net>.
Marc Perkel wrote:
>
>
> Ralf Hildebrandt wrote:
>> * Marc Perkel <ma...@perkel.com>:
>>
>>> Sorry for the OT question but just need a quick answer from a
>>> postfix expert.
>>>
>>> Here's the problem. I run a front end spam filtering service. Email
>>> from the world comes in, I clean it, and send the good email to the
>>> original server. However sometimes because my service is now the
>>> primary MX when I forward the good email the recipient server
>>> (running Postix) rejects the email (relaying denied) because it no
>>> longer things it is hosting the domain locally.
>>>
>>
>> And how is that machine configured?
>>
>>
>>> How do I tell postfix that it is the final destination of email for
>>> domains where it is not the primary MX?
>>>
>>
>> That depends on the domain class the domain is in (local, relay,
>> virtual)
>>
>>
>
> I'm asking for someone else and I don't yet have their configuration.
> And I know very little about Postfix (I do Exim). I'm just hoping that
> someone who knows postfix just says something like you have to set
> something = true or you have to put the domains in some standard list
> or something easy like that.
>
without the actual error from postfix logs, it's hard to help. postfix
will accept mail to any domain it is configured to handle
(mydestination, relay_domains, virtual_mailbox_domains,
virtual_alias_domains). so I suspect the problem is elsewhere (such as
postfix is supposed to relay the message, and this creates a loop, or
the filter helo's with name of the postfix server so postfix thinks it's
a loop, ... etc).
Recommended reading:
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/postconf.5.html#proxy_interfaces
The following must be read and understood:
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
If virtual delivery is needed:
http://www.postfix.org/VIRTUAL_README.html
more documents on
http://www.postfix.org/documentation.html
PS. The filter should validate recipients to avoid backscatter:
http://www.postfix.org/BACKSCATTER_README.html
Re: Postfix Question with front end filtering [OT]
Posted by Marc Perkel <ma...@perkel.com>.
Ralf Hildebrandt wrote:
> * Marc Perkel <ma...@perkel.com>:
>
>> Sorry for the OT question but just need a quick answer from a postfix
>> expert.
>>
>> Here's the problem. I run a front end spam filtering service. Email from the
>> world comes in, I clean it, and send the good email to the original server.
>> However sometimes because my service is now the primary MX when I forward
>> the good email the recipient server (running Postix) rejects the email
>> (relaying denied) because it no longer things it is hosting the domain
>> locally.
>>
>
> And how is that machine configured?
>
>
>> How do I tell postfix that it is the final destination of email for domains
>> where it is not the primary MX?
>>
>
> That depends on the domain class the domain is in (local, relay,
> virtual)
>
>
I'm asking for someone else and I don't yet have their configuration.
And I know very little about Postfix (I do Exim). I'm just hoping that
someone who knows postfix just says something like you have to set
something = true or you have to put the domains in some standard list or
something easy like that.
Re: Postfix Question with front end filtering [OT]
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Marc Perkel <ma...@perkel.com>:
> Sorry for the OT question but just need a quick answer from a postfix
> expert.
>
> Here's the problem. I run a front end spam filtering service. Email from the
> world comes in, I clean it, and send the good email to the original server.
> However sometimes because my service is now the primary MX when I forward
> the good email the recipient server (running Postix) rejects the email
> (relaying denied) because it no longer things it is hosting the domain
> locally.
And how is that machine configured?
> How do I tell postfix that it is the final destination of email for domains
> where it is not the primary MX?
That depends on the domain class the domain is in (local, relay,
virtual)
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk@charite.de
RE: Postfix Question with front end filtering [OT]
Posted by Gary V <mr...@hotmail.com>.
> It's not required to point the MX to the Postfix server! The problem is
> the Postfix server does not accept mail addressed to it. If you were
> to set the MX back to pointing to the Postfix server, the server would
> continue to reject mail addressed to it because it is not configured to
> accept mail addressed to it. It's not that you changed the MX record,
> it's that the server was reconfigured. We are still shooting in the dark
> however, we would need output from 'postcnf -n' and relevent logs to
> get any further.
>
> This is the default relay control mechanism:
>
Stupid hotmail client, this looks better:
http://www200.pair.com/mecham/spam/relay_control.txt
Gary V
_________________________________________________________________
Share life as it happens with the new Windows Live.
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
Re: Postfix Question with front end filtering [OT]
Posted by mouss <mo...@netoyen.net>.
Gary V wrote:
>> From: marc
>>
>> postconf -n
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> content_filter = amavis:[$myhostname]:10024
>> daemon_directory = /usr/libexec/postfix
>> debug_peer_level = 2
>> home_mailbox = Maildir/
>> html_directory = no
>> inet_interfaces = $myhostname
>> mail_owner = postfix
>> mailq_path = /usr/bin/mailq.postfix
>> manpage_directory = /usr/share/man
>> max_use = 20
>> message_size_limit = 15360000
>> mydestination = $myhostname, localhost.$mydomain, $transport_maps
>> mydomain = extremia.fi
>> myhostname = smtp.extremia.fi
>> myorigin = $mydomain
>> newaliases_path = /usr/bin/newaliases.postfix
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
>> sample_directory = /usr/share/doc/postfix-2.2.10/samples
>> sendmail_path = /usr/sbin/sendmail.postfix
>> setgid_group = postdrop
>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>> permit_mynetworks, reject_unauth_destination
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_security_options = noanonymous
>> transport_maps = pgsql:/etc/postfix/transport_maps.cf
>> unknown_local_recipient_reject_code = 450
>> virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf
>> virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps.cf
>> virtual_mailbox_base = /var/spool/postfix/virtual
>> virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps.cf
>>
>> virtual_uid_maps = pgsql:/etc/postfix/virtual_uid_maps.cf
>>
>>
>
> Well, we would have to know where the mail is currently stored.
>
> There is a virtual_mailbox_maps map without a virtual_mailbox_domains map, so we don't know if virtual_mailbox_domains used to be there, but was removed. Or, the domains were removed from the transport map which means that they are no longer in $mydestination. It's not a good idea to use $transport_maps as a $mydestination setting anyway. If this is the case, they should be added to $mydestination. It's also possible there used to be a $relay_domains setting that was removed. Where is the mail store?
>
or it is using the compatibility setting relay_domains = $mydestination.
new installations are advised to set relay_domains explicitely. if not
needed, use
relay_domains =
RE: Postfix Question with front end filtering [OT]
Posted by Gary V <mr...@hotmail.com>.
> From: marc
>
> postconf -n
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavis:[$myhostname]:10024
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = $myhostname
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> max_use = 20
> message_size_limit = 15360000
> mydestination = $myhostname, localhost.$mydomain, $transport_maps
> mydomain = extremia.fi
> myhostname = smtp.extremia.fi
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> transport_maps = pgsql:/etc/postfix/transport_maps.cf
> unknown_local_recipient_reject_code = 450
> virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf
> virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps.cf
> virtual_mailbox_base = /var/spool/postfix/virtual
> virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps.cf
>
> virtual_uid_maps = pgsql:/etc/postfix/virtual_uid_maps.cf
>
Well, we would have to know where the mail is currently stored.
There is a virtual_mailbox_maps map without a virtual_mailbox_domains map, so we don't know if virtual_mailbox_domains used to be there, but was removed. Or, the domains were removed from the transport map which means that they are no longer in $mydestination. It's not a good idea to use $transport_maps as a $mydestination setting anyway. If this is the case, they should be added to $mydestination. It's also possible there used to be a $relay_domains setting that was removed. Where is the mail store?
Gary V
_________________________________________________________________
Watch “Cause Effect,” a show about real people making a real difference.
http://im.live.com/Messenger/IM/MTV/?source=text_watchcause
Re: Postfix Question with front end filtering [OT]
Posted by mouss <mo...@netoyen.net>.
Ralf Hildebrandt wrote:
> * mouss <mo...@netoyen.net>:
>
>> This really belongs to the postfix list, but ...
>>
>> Marc Perkel wrote:
>>
>>> [snip]
>>> mydestination = $myhostname, localhost.$mydomain, $transport_maps
>>>
>> remove $transport_maps. reusing unrelated maps is horrible. if a
>> transport entry is added for say hotmail.com, postfix will accept and
>> mis-deliver (or bounce) hotmail mail.
>>
>>> mydomain = extremia.fi
>>> myhostname = smtp.extremia.fi
>>> [snip]
>>> unknown_local_recipient_reject_code = 450
>>>
>> once everything works correctly, change this to 550.
>>
>>
>>> virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf
>>> virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps.cf
>>> virtual_mailbox_base = /var/spool/postfix/virtual
>>> virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps.cf
>>>
>>>
>> ahem. there is no virtual_mailbox_domains, do virtual_mailbox_* is useless.
>>
>
> UNLESS whoever set this crap up used transport maps :)
>
which would be insane!
Ah. I didn't mention virtual_mailbox_base inside postfix queue
directory... There must be a business to sell directory names to people
so that they avoid putting everything in the same place ;-p
Re: Postfix Question with front end filtering [OT]
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* mouss <mo...@netoyen.net>:
> This really belongs to the postfix list, but ...
>
> Marc Perkel wrote:
> > [snip]
> > mydestination = $myhostname, localhost.$mydomain, $transport_maps
> remove $transport_maps. reusing unrelated maps is horrible. if a
> transport entry is added for say hotmail.com, postfix will accept and
> mis-deliver (or bounce) hotmail mail.
> > mydomain = extremia.fi
> > myhostname = smtp.extremia.fi
> > [snip]
> > unknown_local_recipient_reject_code = 450
> once everything works correctly, change this to 550.
>
> > virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf
> > virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps.cf
> > virtual_mailbox_base = /var/spool/postfix/virtual
> > virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps.cf
> >
>
> ahem. there is no virtual_mailbox_domains, do virtual_mailbox_* is useless.
UNLESS whoever set this crap up used transport maps :)
> > virtual_uid_maps = pgsql:/etc/postfix/virtual_uid_maps.cf
> >
>
> if mail for $mydomain is to be delivered to unix accounts, simply add
> $mydomain to mydestination. if it is to be delivered to vortual
> mailboxes, add it to virtual_mailbox_domains. make sure
> virtual_mailbox_maps is correctly set.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk@charite.de
Re: Postfix Question with front end filtering [OT]
Posted by mouss <mo...@netoyen.net>.
This really belongs to the postfix list, but ...
Marc Perkel wrote:
> [snip]
> mydestination = $myhostname, localhost.$mydomain, $transport_maps
remove $transport_maps. reusing unrelated maps is horrible. if a
transport entry is added for say hotmail.com, postfix will accept and
mis-deliver (or bounce) hotmail mail.
> mydomain = extremia.fi
> myhostname = smtp.extremia.fi
> [snip]
> unknown_local_recipient_reject_code = 450
once everything works correctly, change this to 550.
> virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf
> virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps.cf
> virtual_mailbox_base = /var/spool/postfix/virtual
> virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps.cf
>
ahem. there is no virtual_mailbox_domains, do virtual_mailbox_* is useless.
> virtual_uid_maps = pgsql:/etc/postfix/virtual_uid_maps.cf
>
if mail for $mydomain is to be delivered to unix accounts, simply add
$mydomain to mydestination. if it is to be delivered to vortual
mailboxes, add it to virtual_mailbox_domains. make sure
virtual_mailbox_maps is correctly set.
Re: Postfix Question with front end filtering [OT]
Posted by Marc Perkel <ma...@perkel.com>.
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[$myhostname]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = $myhostname
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
max_use = 20
message_size_limit = 15360000
mydestination = $myhostname, localhost.$mydomain, $transport_maps
mydomain = extremia.fi
myhostname = smtp.extremia.fi
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
transport_maps = pgsql:/etc/postfix/transport_maps.cf
unknown_local_recipient_reject_code = 450
virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf
virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps.cf
virtual_mailbox_base = /var/spool/postfix/virtual
virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps.cf
virtual_uid_maps = pgsql:/etc/postfix/virtual_uid_maps.cf
RE: Postfix Question with front end filtering [OT]
Posted by Gary V <mr...@hotmail.com>.
> I think Postfix may know it's the final destination for the domains
> in question, otherwise ALL mail would be rejected.
>
>
> Actually that's what is happening. When they moved the MX to point to
> our spam filter servers their server started rejecting ALL their email
> that we are forwarding. The thing that changed on their server is that
> the domains they host are no longer the primary MX. What I'm trying to
> find out is how to overrider the requirement that the primary MX has to
> point to the Postfix server.
>
> Internet ---> junkemailfilter.com ---> postfix server
It's not required to point the MX to the Postfix server! The problem is
the Postfix server does not accept mail addressed to it. If you were
to set the MX back to pointing to the Postfix server, the server would
continue to reject mail addressed to it because it is not configured to
accept mail addressed to it. It's not that you changed the MX record,
it's that the server was reconfigured. We are still shooting in the dark
however, we would need output from 'postcnf -n' and relevent logs to
get any further.
This is the default relay control mechanism:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
And hopefully this generally describes how it works:
SMTP session
|
V
(smtpd_client_restrictions)
V
(smtpd_helo_restrictions)
V
(smtpd_sender_restrictions)
V
smtpd_recipient_restrictions-----
permit_mynetworks
| \
| DUNNO
| \
| V
| reject_unauth_destination------REJECT->
| \
PERMIT DUNNO
| \
V V
(smtpd_data_restrictions)
This says: (permit_mynetworks) if the client is in $mynetworks, skip any
remaining tests in this restriction stage (smtpd_recipient_restrictions)
and go on to the next restriction stage (smtpd_data_restrictions).
If the client is not in $mynetworks, let the next test
(reject_unauth_destination) decide what to do with this
communication session (in other words: pretend nothing
happened and continue on).
So, provided the client is not in $mynetworks, proceed to
reject_unauth_destination, which says:
If the message IS addressed to one of the domains I am responsible
for (domains listed in their proper address class),
then let the next test in this restriction stage decide what to do
with the session. As shown, there is no next test in this stage, so
processing continues on to the next stage (smtpd_data_restrictions).
If the message IS NOT addressed to one of my domains, then reject it.
The client will see 'relay access denied'.
Hopefully this is at least a conceptually accurate decription of the
relay control mechanism.
Notice how
permit_* evalulates to PERMIT (OK) or DUNNO
and
reject_* evalulates to REJECT or DUNNO
Gary V
_________________________________________________________________
Make distant family not so distant with Windows Vista® + Windows Live™.
http://www.microsoft.com/windows/digitallife/keepintouch.mspx?ocid=TXT_TAGLM_CPC_VideoChat_distantfamily_012008
Re: Postfix Question with front end filtering [OT]
Posted by Marc Perkel <ma...@perkel.com>.
Gary V wrote:
>> Sorry for the OT question but just need a quick answer from a postfix
>> expert.
>>
>> Here's the problem. I run a front end spam filtering service. Email from
>> the world comes in, I clean it, and send the good email to the original
>> server. However sometimes because my service is now the primary MX when
>> I forward the good email the recipient server (running Postix) rejects
>> the email (relaying denied) because it no longer things it is hosting
>> the domain locally.
>>
>> How do I tell postfix that it is the final destination of email for
>> domains where it is not the primary MX?
>>
>> Thanks in advance.
>>
>>
>
> I think Postfix may know it's the final destination for the domains in question, otherwise ALL mail would be rejected.
>
Actually that's what is happening. When they moved the MX to point to
our spam filter servers their server started rejecting ALL their email
that we are forwarding. The thing that changed on their server is that
the domains they host are no longer the primary MX. What I'm trying to
find out is how to overrider the requirement that the primary MX has to
point to the Postfix server.
Internet ---> junkemailfilter.com ---> postfix server
RE: Postfix Question with front end filtering [OT]
Posted by Gary V <mr...@hotmail.com>.
> Gary V:> > > I think Postfix may know it's the final destination for the domains in> > question,> > No, it could also be a relay domain. In that case the mail would loop,> since it goes back to the MX (the other machine) and comes backe etc.> etc.> > -- > Ralf Hildebrandt
Right, I actually meant "I think Postfix may know what domains it is responsible for". Which does not appear to be the case at any rate.
Gary V
_________________________________________________________________
Put your friends on the big screen with Windows Vista® + Windows Live™.
http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_MediaCtr_bigscreen_012008
Re: Postfix Question with front end filtering [OT]
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Gary V <mr...@hotmail.com>:
> I think Postfix may know it's the final destination for the domains in
> question,
No, it could also be a relay domain. In that case the mail would loop,
since it goes back to the MX (the other machine) and comes backe etc.
etc.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk@charite.de
RE: Postfix Question with front end filtering [OT]
Posted by Gary V <mr...@hotmail.com>.
> Sorry for the OT question but just need a quick answer from a postfix
> expert.
>
> Here's the problem. I run a front end spam filtering service. Email from
> the world comes in, I clean it, and send the good email to the original
> server. However sometimes because my service is now the primary MX when
> I forward the good email the recipient server (running Postix) rejects
> the email (relaying denied) because it no longer things it is hosting
> the domain locally.
>
> How do I tell postfix that it is the final destination of email for
> domains where it is not the primary MX?
>
> Thanks in advance.
>
I think Postfix may know it's the final destination for the domains in question, otherwise ALL mail would be rejected. This sounds like their clients (and/or possibly their server too) are using your machine to send mail to foreign domains, you are accepting this mail, then relaying it to the Postfix machine (for some unknown reason). The Postfix machine is not responsible for these foreign domains, so it rejects the mail. Is this a possibility? Or is the mail in fact addressed to their domain?
If the Postfix server really does not think it's responsible for the domains, then the domains it is responsible for need to be added to whatever address class is in use. If mail is stored locally on the Postfix server and Unix accounts are used, then the domains would be added to $mydestination. If the server relays to another server, then the domains would go in $relay_domains, if using virtual alias domains, then they would go in a virtual_alias_domains map, and if using virtual mailboxes, they would go in a virtual_mailbox_domains map. They can only go in one, and we don't know enough about the server in question to tell you which one. The thing is, the administrator should not have changed what domains the Postfix server accepts mail for when the MX record was changed. In other words, maybe the admin should put it back the way it was in this respect.
Gary V
_________________________________________________________________
Share life as it happens with the new Windows Live.
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008