Loading ...
Sorry, an error occurred while loading the content.

Re: Configuration Questions/Help

Expand Messages
  • Jeff Grossman
    On Thu, 30 Jul 2009 22:45:04 -0500, Noel Jones ... domains ... to ... Thank you. Makes me feel better knowing that I can get the same
    Message 1 of 20 , Jul 31, 2009
    • 0 Attachment
      On Thu, 30 Jul 2009 22:45:04 -0500, Noel Jones <njones@...>
      wrote:
      > Jeff Grossman wrote:
      >> I am currently running a Gentoo machine with
      >> Sendmail/MIMEDefang/Spamassassin/Clamav which acts as a front-end mail
      >> server to a couple of different mail servers. The main back-end mail
      >> server
      >> is an Exchange 2003 server and the other is currently a Mac OSX machine
      >> running Mailman. I am using a mailertable to direct the different
      domains
      >> (10 domains go to the Exchange server and 1 domain goes to the OSX
      >> machine). I am using MIMEDefang's md_check_against_smtp_server feature
      to
      >> verify recipients before they are accepted at the gateway.
      >>
      >> I am going to switch to a Debian machine with
      >> Postfix/Amavisd/Spamassassin/Clamav as my new front-end mail server to
      >> the
      >> Exchange server and the OSX machine (I am going to use the old Gentoo
      >> machine for mailman once I wipe it and install Debian).
      >>
      >> 1. Can I use the reject_unverified_recipient feature to get the same
      >> functionality as I did with MIMEDefang's md_check_against_smtp_server?
      >
      > Yes, postfix built-in verification works very similar. See:
      > http://www.postfix.org/ADDRESS_VERIFICATION_README.html
      >
      >

      Thank you. Makes me feel better knowing that I can get the same
      functionality.

      >> have seen articles about exporting the Exchange users via LDAP and
      >> putting
      >> them in an access map file on the Postfix server, but I am not a big fan
      >> of
      >> that. I would prefer to just query the Exchange server directly for
      >> valid
      >> addresses.
      >
      > OK, your choice.
      >
      >> 2. Is it possible to only require the reject_unverified_recipient
      option
      >> on certain domains?
      >
      > Yes. Use a check_recipient_access map that returns
      > "reject_unverified_recipient" for the target domain.
      >

      Cool. I wasn't aware of that. I will look into that and see what I need
      to do.

      >> 3. Do I just set up each domain in a Transport Map file and tell it
      >> which
      >> server to send the mail to?
      >
      > This step is only necessary if the destination IP differs from
      > what postfix will find with an MX lookup of the domain.
      >

      I am going to use it just in case I screw something up with DNS in the
      future. Do I also need to put each domain in a relay allowed file? Or is
      putting them in transport maps enough to tell Postfix to accept mail for
      those domains?

      >>
      >> I also have some e-mail addresses on the Exchange server that I do not
      >> want
      >> the gateway to accept mail for. That should be pretty easy I can just
      >> put
      >> them in a recipient check hash file. But, nothing is ever easy, there
      >> are
      >> a few e-mail addresses that I would like to receive mail for to those
      >> restricted Exchange e-mail addresses.
      >
      > General per-sender, per-recipient, etc. info can be found here:
      > http://www.postfix.org/RESTRICTION_CLASS_README.html
      >

      Thanks again for the pointer.

      >> And, any mail created from that
      >> machine itself would need to be able to send to those restricted
      Exchange
      >> addresses. How can I do that?
      >
      > Mail locally submitted via the sendmail(1) interface does not
      > go through the various smtpd_*_restrictions.
      >
      > and generally the "inside" machine would be included in
      > mynetworks, which is normally excluded from most restrictions
      > by the permit_mynetworks rule.
      >

      Yeah, I think the mynetworks should be good enough. I will test it out
      next week after I get it all setup and see how everything works.

      >>
      >> Thank you for any help you can offer me or guidance on where I can look
      >> for
      >> answers.
      >>
      >> Jeff
      >
      > Welcome to postfix!

      Thank you for your help.

      Jeff
    • AMP Admin
      I wasn t aware of that and I was laughing at myself for being an idiot and making a mistake. I wasn t aware how the system worked. I didn t think to look at
      Message 2 of 20 , Jul 31, 2009
      • 0 Attachment
        I wasn't aware of that and I was laughing at myself for being an idiot and
        making a mistake. I wasn't aware how the system worked. I didn't think to
        look at the interworking and thought changing the title would create a new
        post. My fault for not researching it before doing that. If it was
        intentional then I can see getting so bent out of shape. I'm all about
        working within the guidelines and abiding by the rules. Live and learn.

        telnet only gives 220 smtp.perfora.net (mrus1) Welcome to Nemesis ESMTP
        server oh well. Thanks anyway.

        -----Original Message-----
        From: owner-postfix-users@...
        [mailto:owner-postfix-users@...] On Behalf Of Charles Marcus
        Sent: Friday, July 31, 2009 7:01 AM
        To: AMP Admin
        Cc: postfix-users@...
        Subject: Re: what is ESMTP (Nemesis)

        Please don't top-post...

        On 7/30/2009, AMP Admin (admin@...) wrote:
        > Sorry. Didn't think about this going to a thread and just hit reply and
        > changed the title. haha

        Thats exactly what 'hijacking' is, and it isn't funny... haha

        > I meant more what is the Nemesis part. What kind of mail server is that?

        I think most if not all smtp servers can customize the banner to say
        whatever they want, so you can't really tell anything specific/precise
        about a server jujst from the banner it provides.

        You'd need to provide the responses from a telnet session to get any
        kind of meaningful idea...

        --

        Best regards,

        Charles
      • AMP Admin
        Oh, just saw this. Thank you! ... From: owner-postfix-users@postfix.org [mailto:owner-postfix-users@postfix.org] On Behalf Of Ralf Hildebrandt Sent: Friday,
        Message 3 of 20 , Jul 31, 2009
        • 0 Attachment
          Oh, just saw this. Thank you!

          -----Original Message-----
          From: owner-postfix-users@... [mailto:owner-postfix-users@...] On Behalf Of Ralf Hildebrandt
          Sent: Friday, July 31, 2009 7:13 AM
          To: postfix-users@...
          Subject: Re: what is ESMTP (Nemesis)

          > > I meant more what is the Nemesis part. What kind of mail server is that?
          >
          > I think most if not all smtp servers can customize the banner to say
          > whatever they want, so you can't really tell anything specific/precise
          > about a server jujst from the banner it provides.
          >
          > You'd need to provide the responses from a telnet session to get any
          > kind of meaningful idea...

          ESMTP (Nemesis) is the mailserver of Schlund & Partner:

          Nemesis - Schlund+Partner entwickelt sein eigenes Mailsystem
          (Linux-Magazin, 08/05)

          --
          Ralf Hildebrandt
          Geschäftsbereich IT | Abteilung Netzwerk
          Charité - Universitätsmedizin Berlin
          Campus Benjamin Franklin
          Hindenburgdamm 30 | D-12203 Berlin
          Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
          ralf.hildebrandt@... | http://www.charite.de
        • Charles Marcus
          ... I meant a session where you actually submit mail, and make submissions that will fail. You can tell a lot from the error messages... -- Best regards,
          Message 4 of 20 , Jul 31, 2009
          • 0 Attachment
            On 7/31/2009, AMP Admin (admin@...) wrote:
            > telnet only gives 220 smtp.perfora.net (mrus1) Welcome to Nemesis ESMTP
            > server oh well. Thanks anyway.

            I meant a session where you actually submit mail, and make submissions
            that will fail.

            You can tell a lot from the error messages...

            --

            Best regards,

            Charles
          • Noel Jones
            ... Postfix must be told which domains to accept mail for. Sounds like these should be listed in relay_domains.
            Message 5 of 20 , Jul 31, 2009
            • 0 Attachment
              Jeff Grossman wrote:
              >>> 3. Do I just set up each domain in a Transport Map file and tell it
              >>> which
              >>> server to send the mail to?
              >> This step is only necessary if the destination IP differs from
              >> what postfix will find with an MX lookup of the domain.
              >>
              >
              > I am going to use it just in case I screw something up with DNS in the
              > future. Do I also need to put each domain in a relay allowed file? Or is
              > putting them in transport maps enough to tell Postfix to accept mail for
              > those domains?

              Postfix must be told which domains to accept mail for. Sounds
              like these should be listed in relay_domains.

              http://www.postfix.org/ADDRESS_CLASS_README.html
              http://www.postfix.org/postconf.5.html#relay_domains

              -- Noel Jones
            Your message has been successfully submitted and would be delivered to recipients shortly.