Loading ...
Sorry, an error occurred while loading the content.

Internal+external mailrelay

Expand Messages
  • Michael Maymann
    Hi List, I have a internal mailrelay, that I would like to provide following service: 1. mail to our own domain is send directly to our externally hosted
    Message 1 of 16 , Jan 3, 2012
    • 0 Attachment
      Hi List,

      I have a internal mailrelay, that I would like to provide following service:
      1. mail to our own domain is send directly to our externally hosted (outsourced) mailserver
      2. mail to external domains are relayed through ISP-mail-relay only for specific domains

      I have the following in my main.cf now (not enabled yet):
      #<our_own_domain.com> smtp:<our_external_hosted_mailserver>
      #<servicepartner1> relay:<our_isp_mailrelay>
      #<servicepartner2> relay:<our_isp_mailrelay>
      #<servicepartner3> relay:<our_isp_mailrelay>
      #<servicepartner4> relay:<our_isp_mailrelay>
      #<servicepartner5> relay:<our_isp_mailrelay>

      My server is used primarily (99,96% are going to our_own_domain) by internal services to send notifications to our users, but also some mails are needed to a handfull external servicepartners...
      Soon we will also send critical alert from our monitoring solution, and I would therefore like to get the most secure solution without implementing a filter, that might blacklist vital alerts
      I will get my server whitelisted also in our_external_hosted_mailserver to accept all mails (no filtering) to make sure all mails are comming in and not stopped by a spamfilter there...
      It would then only be possible to send spam to our servicepartners this way - which I guess should be highly unlikely to happen...?

      1. Is this the right way to do it - or are there better alternatives ?
      2. When should I use smtp/relay in my config - does the above seem to be correct ?


      Thanks in advance :-)
      ~maymann
    • jeffrey j donovan
      ... greetings Check out transport maps http://www.postfix.org/postconf.5.html#transport_maps -j
      Message 2 of 16 , Jan 3, 2012
      • 0 Attachment

        On Jan 3, 2012, at 8:11 AM, Michael Maymann wrote:

        Hi List,

        I have a internal mailrelay, that I would like to provide following service:
        1. mail to our own domain is send directly to our externally hosted (outsourced) mailserver
        2. mail to external domains are relayed through ISP-mail-relay only for specific domains

        I have the following in my main.cf now (not enabled yet):
        #<our_own_domain.com> smtp:<our_external_hosted_mailserver>
        #<servicepartner1> relay:<our_isp_mailrelay>
        #<servicepartner2> relay:<our_isp_mailrelay>
        #<servicepartner3> relay:<our_isp_mailrelay>
        #<servicepartner4> relay:<our_isp_mailrelay>
        #<servicepartner5> relay:<our_isp_mailrelay>

        My server is used primarily (99,96% are going to our_own_domain) by internal services to send notifications to our users, but also some mails are needed to a handfull external servicepartners...
        Soon we will also send critical alert from our monitoring solution, and I would therefore like to get the most secure solution without implementing a filter, that might blacklist vital alerts
        I will get my server whitelisted also in our_external_hosted_mailserver to accept all mails (no filtering) to make sure all mails are comming in and not stopped by a spamfilter there...
        It would then only be possible to send spam to our servicepartners this way - which I guess should be highly unlikely to happen...?

        1. Is this the right way to do it - or are there better alternatives ?
        2. When should I use smtp/relay in my config - does the above seem to be correct ?


        Thanks in advance :-)
        ~maymann

        greetings
        -j
      • Ralf Hildebrandt
        ... You need to put those in /etc/postfix/transport and then reference that file from main.cf using: transport_maps = hash:/etc/postfix/transport ... It s OK
        Message 3 of 16 , Jan 3, 2012
        • 0 Attachment
          * Michael Maymann <michael@...>:
          > Hi List,
          >
          > I have a internal mailrelay, that I would like to provide following service:
          > 1. mail to our own domain is send directly to our externally hosted
          > (outsourced) mailserver
          > 2. mail to external domains are relayed through ISP-mail-relay only for
          > specific domains
          >
          > I have the following in my main.cf now (not enabled yet):

          You need to put those in /etc/postfix/transport and then reference
          that file from main.cf using:

          transport_maps = hash:/etc/postfix/transport

          > #<our_own_domain.com> smtp:<our_external_hosted_mailserver>
          > #<servicepartner1> relay:<our_isp_mailrelay>
          > #<servicepartner2> relay:<our_isp_mailrelay>
          > #<servicepartner3> relay:<our_isp_mailrelay>
          > #<servicepartner4> relay:<our_isp_mailrelay>
          > #<servicepartner5> relay:<our_isp_mailrelay>
          >
          > My server is used primarily (99,96% are going to our_own_domain) by
          > internal services to send notifications to our users, but also some mails
          > are needed to a handfull external servicepartners...
          > Soon we will also send critical alert from our monitoring solution, and I
          > would therefore like to get the most secure solution without implementing a
          > filter, that might blacklist vital alerts
          > I will get my server whitelisted also in our_external_hosted_mailserver to
          > accept all mails (no filtering) to make sure all mails are comming in and
          > not stopped by a spamfilter there...
          > It would then only be possible to send spam to our servicepartners this way
          > - which I guess should be highly unlikely to happen...?
          >
          > 1. Is this the right way to do it - or are there better alternatives ?
          It's OK

          > 2. When should I use smtp/relay in my config - does the above seem to be
          > correct ?

          If it's relaying, use relay:

          --
          Ralf Hildebrandt
          Geschäftsbereich IT | Abteilung Netzwerk
          Charité - Universitätsmedizin Berlin
          Campus Benjamin Franklin
          Hindenburgdamm 30 | D-12203 Berlin
          Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
          ralf.hildebrandt@... | http://www.charite.de
        • Michael Maymann
          Hi Ralf, Thanks - I now have... ... /etc/postfix/main.cf: # transport_maps = hash:/etc/postfix/transport relayhost = [our_isp_mailrelay]
          Message 4 of 16 , Jan 3, 2012
          • 0 Attachment
            Hi Ralf,

            Thanks - I now have...
            ---
            /etc/postfix/main.cf:
            # transport_maps = hash:/etc/postfix/transport
            relayhost = [our_isp_mailrelay]

            /etc/postfix/transport:
            #<our_own_domain.com> smtp:<our_external_hosted_mailserver>
            #<servicepartner1> relay:<our_isp_mailrelay>
            #<servicepartner2> relay:<our_isp_mailrelay>
            #<servicepartner3> relay:<our_isp_mailrelay>
            #<servicepartner4> relay:<our_isp_mailrelay>
            #<servicepartner5> relay:<our_isp_mailrelay>
            ---
            When i put this to production, my config should be like this, right:
            ---
            main.cf
            transport_maps = hash:/etc/postfix/transport
            #relayhost = [our_isp_mailrelay]

            /etc/postfix/transport:
            <our_own_domain.com> smtp:<our_external_hosted_mailserver>
            <servicepartner1> relay:<our_isp_mailrelay>
            <servicepartner2> relay:<our_isp_mailrelay>
            <servicepartner3> relay:<our_isp_mailrelay>
            <servicepartner4> relay:<our_isp_mailrelay>
            <servicepartner5> relay:<our_isp_mailrelay>
            ---

            All our mail are going through to our_isp_mailrelay today, so I no longer need the "relayhost = [our_isp_mailrelay]" in main.cf when I have configured transport_maps - or how does this work ?

            Thanks in advance :-)
            ~maymann


            2012/1/3 Ralf Hildebrandt <Ralf.Hildebrandt@...>
            * Michael Maymann <michael@...>:
            > Hi List,
            >
            > I have a internal mailrelay, that I would like to provide following service:
            > 1. mail to our own domain is send directly to our externally hosted
            > (outsourced) mailserver
            > 2. mail to external domains are relayed through ISP-mail-relay only for
            > specific domains
            >
            > I have the following in my main.cf now (not enabled yet):

            You need to put those in /etc/postfix/transport and then reference
            that file from main.cf using:

            transport_maps = hash:/etc/postfix/transport

            > #<our_own_domain.com> smtp:<our_external_hosted_mailserver>
            > #<servicepartner1> relay:<our_isp_mailrelay>
            > #<servicepartner2> relay:<our_isp_mailrelay>
            > #<servicepartner3> relay:<our_isp_mailrelay>
            > #<servicepartner4> relay:<our_isp_mailrelay>
            > #<servicepartner5> relay:<our_isp_mailrelay>
            >
            > My server is used primarily (99,96% are going to our_own_domain) by
            > internal services to send notifications to our users, but also some mails
            > are needed to a handfull external servicepartners...
            > Soon we will also send critical alert from our monitoring solution, and I
            > would therefore like to get the most secure solution without implementing a
            > filter, that might blacklist vital alerts
            > I will get my server whitelisted also in our_external_hosted_mailserver to
            > accept all mails (no filtering) to make sure all mails are comming in and
            > not stopped by a spamfilter there...
            > It would then only be possible to send spam to our servicepartners this way
            > - which I guess should be highly unlikely to happen...?
            >
            > 1. Is this the right way to do it - or are there better alternatives ?
            It's OK

            > 2. When should I use smtp/relay in my config - does the above seem to be
            > correct ?

            If it's relaying, use relay:

            --
            Ralf Hildebrandt
             Geschäftsbereich IT | Abteilung Netzwerk
             Charité - Universitätsmedizin Berlin
             Campus Benjamin Franklin
             Hindenburgdamm 30 | D-12203 Berlin
             Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
             ralf.hildebrandt@... | http://www.charite.de


          • Ralf Hildebrandt
            ... That looks OK. You can keep the relayhost line if you like; stuff found in transport_maps takes precedence anyway. -- Ralf Hildebrandt Geschäftsbereich IT
            Message 5 of 16 , Jan 3, 2012
            • 0 Attachment
              * Michael Maymann <michael@...>:
              > Hi Ralf,
              >
              > Thanks - I now have...
              > ---
              > /etc/postfix/main.cf:
              > # transport_maps = hash:/etc/postfix/transport
              > relayhost = [our_isp_mailrelay]
              >
              > /etc/postfix/transport:
              > #<our_own_domain.com> smtp:<our_external_hosted_mailserver>
              > #<servicepartner1> relay:<our_isp_mailrelay>
              > #<servicepartner2> relay:<our_isp_mailrelay>
              > #<servicepartner3> relay:<our_isp_mailrelay>
              > #<servicepartner4> relay:<our_isp_mailrelay>
              > #<servicepartner5> relay:<our_isp_mailrelay>
              > ---
              > When i put this to production, my config should be like this, right:
              > ---
              > main.cf
              > transport_maps = hash:/etc/postfix/transport
              > #relayhost = [our_isp_mailrelay]
              >
              > /etc/postfix/transport:
              > <our_own_domain.com> smtp:<our_external_hosted_mailserver>
              > <servicepartner1> relay:<our_isp_mailrelay>
              > <servicepartner2> relay:<our_isp_mailrelay>
              > <servicepartner3> relay:<our_isp_mailrelay>
              > <servicepartner4> relay:<our_isp_mailrelay>
              > <servicepartner5> relay:<our_isp_mailrelay>
              > ---
              >
              > All our mail are going through to our_isp_mailrelay today, so I no longer
              > need the "relayhost = [our_isp_mailrelay]" in main.cf when I have
              > configured transport_maps - or how does this work ?

              That looks OK.
              You can keep the relayhost line if you like; stuff found in
              transport_maps takes precedence anyway.

              --
              Ralf Hildebrandt
              Geschäftsbereich IT | Abteilung Netzwerk
              Charité - Universitätsmedizin Berlin
              Campus Benjamin Franklin
              Hindenburgdamm 30 | D-12203 Berlin
              Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
              ralf.hildebrandt@... | http://www.charite.de
            • Michael Maymann
              Hi Ralf, Thanks again :-) !, If I keep relayhost there, it will still be possible to send mails to others than my whitelisted transport_maps, or will
              Message 6 of 16 , Jan 3, 2012
              • 0 Attachment
                Hi Ralf,

                Thanks again :-) !,

                If I keep relayhost there, it will still be possible to send mails to others than my "whitelisted" transport_maps, or will transport_maps make relayhost irrelevant (not working / commented out) ?

                I guess my
                <our_own_domain.com> smtp:<our_external_hosted_mailserver>
                should also be:
                <our_own_domain.com> relay:<our_external_hosted_mailserver>
                as my postfix server is not doing the mailservice for this domain, but our_external_hosted_mailserver is, so it should be relay here also right ?

                Thanks in advance :-) !
                ~maymann

                2012/1/3 Ralf Hildebrandt <Ralf.Hildebrandt@...>
                * Michael Maymann <michael@...>:
                > Hi Ralf,
                >
                > Thanks - I now have...
                > ---
                > /etc/postfix/main.cf:
                > # transport_maps = hash:/etc/postfix/transport
                > relayhost = [our_isp_mailrelay]
                >
                > /etc/postfix/transport:
                > #<our_own_domain.com> smtp:<our_external_hosted_mailserver>
                > #<servicepartner1> relay:<our_isp_mailrelay>
                > #<servicepartner2> relay:<our_isp_mailrelay>
                > #<servicepartner3> relay:<our_isp_mailrelay>
                > #<servicepartner4> relay:<our_isp_mailrelay>
                > #<servicepartner5> relay:<our_isp_mailrelay>
                > ---
                > When i put this to production, my config should be like this, right:
                > ---
                > main.cf
                > transport_maps = hash:/etc/postfix/transport
                > #relayhost = [our_isp_mailrelay]
                >
                > /etc/postfix/transport:
                > <our_own_domain.com> smtp:<our_external_hosted_mailserver>
                > <servicepartner1> relay:<our_isp_mailrelay>
                > <servicepartner2> relay:<our_isp_mailrelay>
                > <servicepartner3> relay:<our_isp_mailrelay>
                > <servicepartner4> relay:<our_isp_mailrelay>
                > <servicepartner5> relay:<our_isp_mailrelay>
                > ---
                >
                > All our mail are going through to our_isp_mailrelay today, so I no longer
                > need the "relayhost = [our_isp_mailrelay]" in main.cf when I have
                > configured transport_maps - or how does this work ?

                That looks OK.
                You can keep the relayhost line if you like; stuff found in
                transport_maps takes precedence anyway.

                --
                Ralf Hildebrandt
                 Geschäftsbereich IT | Abteilung Netzwerk
                 Charité - Universitätsmedizin Berlin
                 Campus Benjamin Franklin
                 Hindenburgdamm 30 | D-12203 Berlin
                 Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                 ralf.hildebrandt@... | http://www.charite.de


              • Ralf Hildebrandt
                ... yes ... no. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30
                Message 7 of 16 , Jan 3, 2012
                • 0 Attachment
                  * Michael Maymann <michael@...>:
                  > Hi Ralf,
                  >
                  > Thanks again :-) !,
                  >
                  > If I keep relayhost there, it will still be possible to send mails to
                  > others than my "whitelisted" transport_maps,

                  yes

                  > or will transport_maps make relayhost irrelevant (not working /
                  > commented out) ?

                  no.


                  --
                  Ralf Hildebrandt
                  Geschäftsbereich IT | Abteilung Netzwerk
                  Charité - Universitätsmedizin Berlin
                  Campus Benjamin Franklin
                  Hindenburgdamm 30 | D-12203 Berlin
                  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                  ralf.hildebrandt@... | http://www.charite.de
                • Michael Maymann
                  Hi Ralf, one additional question. I figured that our printers perhaps should be allowed to send mails to anyone - hence I need to specifically relay mail for
                  Message 8 of 16 , Jan 5, 2012
                  • 0 Attachment
                    Hi Ralf,

                    one additional question.
                    I figured that our printers perhaps should be allowed to send mails to anyone - hence I need to specifically relay mail for these to any domain.
                    This mean I have to configure the following rules in postfix:
                    1. All mail to our_own_domain are send to our_external_hosted_mailserver (done)
                    2. All mail from our printers to external domains are send to our_isp_mailrelay
                    3. All mail from everything but our printers to "whitelisted" external domains are send to our_isp_mailrelay (done ?)
                    4. All other mail is bounced to bounce@our_own_domain.com

                    Can you help with what I need to configure to get this working as well...:-) !

                    Thanks in advance :-) !
                    ~maymann

                    2012/1/3 Ralf Hildebrandt <Ralf.Hildebrandt@...>
                    * Michael Maymann <michael@...>:
                    > Hi Ralf,
                    >
                    > Thanks again :-) !,
                    >
                    > If I keep relayhost there, it will still be possible to send mails to
                    > others than my "whitelisted" transport_maps,

                    yes

                    > or will transport_maps make relayhost irrelevant (not working /
                    > commented out) ?

                    no.


                    --
                    Ralf Hildebrandt
                     Geschäftsbereich IT | Abteilung Netzwerk
                     Charité - Universitätsmedizin Berlin
                     Campus Benjamin Franklin
                     Hindenburgdamm 30 | D-12203 Berlin
                     Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                     ralf.hildebrandt@... | http://www.charite.de


                  • Michael Maymann
                    Hi list, please, anyone who can help me with this - would like to implement next week if possible...? Thanks in advance :-) ! ~maymann 2012/1/5 Michael Maymann
                    Message 9 of 16 , Jan 8, 2012
                    • 0 Attachment
                      Hi list,

                      please, anyone who can help me with this - would like to implement next week if possible...?

                      Thanks in advance :-) !
                      ~maymann

                      2012/1/5 Michael Maymann <michael@...>
                      Hi Ralf,

                      one additional question.
                      I figured that our printers perhaps should be allowed to send mails to anyone - hence I need to specifically relay mail for these to any domain.
                      This mean I have to configure the following rules in postfix:
                      1. All mail to our_own_domain are send to our_external_hosted_mailserver (done)
                      2. All mail from our printers to external domains are send to our_isp_mailrelay
                      3. All mail from everything but our printers to "whitelisted" external domains are send to our_isp_mailrelay (done ?)
                      4. All other mail is bounced to bounce@our_own_domain.com

                      Can you help with what I need to configure to get this working as well...:-) !


                      Thanks in advance :-) !
                      ~maymann

                      2012/1/3 Ralf Hildebrandt <Ralf.Hildebrandt@...>
                      * Michael Maymann <michael@...>:
                      > Hi Ralf,
                      >
                      > Thanks again :-) !,
                      >
                      > If I keep relayhost there, it will still be possible to send mails to
                      > others than my "whitelisted" transport_maps,

                      yes

                      > or will transport_maps make relayhost irrelevant (not working /
                      > commented out) ?

                      no.


                      --
                      Ralf Hildebrandt
                       Geschäftsbereich IT | Abteilung Netzwerk
                       Charité - Universitätsmedizin Berlin
                       Campus Benjamin Franklin
                       Hindenburgdamm 30 | D-12203 Berlin
                       Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                       ralf.hildebrandt@... | http://www.charite.de



                    • Michael Maymann
                      Please, anyone who can help me with this...:-) ! ~maymann 2012/1/8 Michael Maymann ... Please, anyone who can help me with this...:-) !
                      Message 10 of 16 , Jan 10, 2012
                      • 0 Attachment
                        Please, anyone who can help me with this...:-) !

                        ~maymann

                        2012/1/8 Michael Maymann <michael@...>
                        Hi list,

                        please, anyone who can help me with this - would like to implement next week if possible...?


                        Thanks in advance :-) !
                        ~maymann

                        2012/1/5 Michael Maymann <michael@...>
                        Hi Ralf,

                        one additional question.
                        I figured that our printers perhaps should be allowed to send mails to anyone - hence I need to specifically relay mail for these to any domain.
                        This mean I have to configure the following rules in postfix:
                        1. All mail to our_own_domain are send to our_external_hosted_mailserver (done)
                        2. All mail from our printers to external domains are send to our_isp_mailrelay
                        3. All mail from everything but our printers to "whitelisted" external domains are send to our_isp_mailrelay (done ?)
                        4. All other mail is bounced to bounce@our_own_domain.com

                        Can you help with what I need to configure to get this working as well...:-) !


                        Thanks in advance :-) !
                        ~maymann

                        2012/1/3 Ralf Hildebrandt <Ralf.Hildebrandt@...>
                        * Michael Maymann <michael@...>:
                        > Hi Ralf,
                        >
                        > Thanks again :-) !,
                        >
                        > If I keep relayhost there, it will still be possible to send mails to
                        > others than my "whitelisted" transport_maps,

                        yes

                        > or will transport_maps make relayhost irrelevant (not working /
                        > commented out) ?

                        no.


                        --
                        Ralf Hildebrandt
                         Geschäftsbereich IT | Abteilung Netzwerk
                         Charité - Universitätsmedizin Berlin
                         Campus Benjamin Franklin
                         Hindenburgdamm 30 | D-12203 Berlin
                         Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                         ralf.hildebrandt@... | http://www.charite.de




                      • Noel Jones
                        ... I don t think anyone quite knows what you re asking. Please explain your goals and current config as described here:
                        Message 11 of 16 , Jan 10, 2012
                        • 0 Attachment
                          On 1/10/2012 3:02 PM, Michael Maymann wrote:
                          > Please, anyone who can help me with this...:-) !
                          >
                          > ~maymann


                          I don't think anyone quite knows what you're asking.

                          Please explain your goals and current config as described here:
                          http://www.postfix.org/DEBUG_README.html#mail







                          -- Noel Jones
                        • Michael Maymann
                          Hi Noel, Thanks for you kind reply, and sorry for not being informative enough . I would like to configure the following rules in postfix: 1. All mail to
                          Message 12 of 16 , Jan 10, 2012
                          • 0 Attachment
                            Hi Noel,

                            Thanks for you kind reply, and sorry for not being informative enough
                            .
                            I would like to configure the following rules in postfix:
                            1. All mail to our_own_domain are send to our_external_hosted_mailserver (Ralf already helped me with this...)
                            2. All mail from our printers to external domains are send to our_isp_mailrelay
                            3. All mail from everything but our printers to "whitelisted" external domains are send to our_isp_mailrelay (Ralf already helped me with this, but does this need to change...?)
                            4. All other mail is bounced to bounce@our_own_domain.com

                            As I'm pretty new to Postfix, can you point out the variables/configfiles that I need to edit to achieve this - or perhaps even give config example...:-) !

                            Thanks in advance :-) !
                            ~maymann

                            2012/1/10 Noel Jones <njones@...>
                            On 1/10/2012 3:02 PM, Michael Maymann wrote:
                            > Please, anyone who can help me with this...:-) !
                            >
                            > ~maymann


                            I don't think anyone quite knows what you're asking.

                            Please explain your goals and current config as described here:
                            http://www.postfix.org/DEBUG_README.html#mail







                             -- Noel Jones

                          • Wietse Venema
                            ... Printers can send mail to all destinations, but users cannot? What problem are you trying to solve by doing that? Describe the problem, instead of your
                            Message 13 of 16 , Jan 10, 2012
                            • 0 Attachment
                              Michael Maymann:
                              > Hi Noel,
                              >
                              > Thanks for you kind reply, and sorry for not being informative enough
                              > .
                              > I would like to configure the following rules in postfix:
                              > 1. All mail to our_own_domain are send to our_external_hosted_mailserver
                              > (Ralf already helped me with this...)
                              > 2. All mail from our printers to external domains are send to
                              > our_isp_mailrelay
                              > 3. All mail from everything but our printers to "whitelisted" external
                              > domains are send to our_isp_mailrelay (Ralf already helped me with this,
                              > but does this need to change...?)

                              Printers can send mail to all destinations, but users cannot?

                              What problem are you trying to solve by doing that? Describe
                              the problem, instead of your solution above.

                              Wietse

                              > 4. All other mail is bounced to bounce@our_own_domain.com
                              >
                              > As I'm pretty new to Postfix, can you point out the variables/configfiles
                              > that I need to edit to achieve this - or perhaps even give config
                              > example...:-) !
                              >
                              > Thanks in advance :-) !
                              > ~maymann
                              >
                              > 2012/1/10 Noel Jones <njones@...>
                              >
                              > > On 1/10/2012 3:02 PM, Michael Maymann wrote:
                              > > > Please, anyone who can help me with this...:-) !
                              > > >
                              > > > ~maymann
                              > >
                              > >
                              > > I don't think anyone quite knows what you're asking.
                              > >
                              > > Please explain your goals and current config as described here:
                              > > http://www.postfix.org/DEBUG_README.html#mail
                              > >
                              > >
                              > >
                              > >
                              > >
                              > >
                              > >
                              > > -- Noel Jones
                              > >
                            • Michael Maymann
                              Hi Wietse, thanks for your kind reply...:-) ! You re right... - We currently have a setup where all mail from R&D internal- external is send to my mailrelay in
                              Message 14 of 16 , Jan 10, 2012
                              • 0 Attachment
                                Hi Wietse,

                                thanks for your kind reply...:-) !
                                You're right...

                                - We currently have a setup where all mail from R&D internal->external is send to my mailrelay in a specific site, as our_isp_relay only allows us to send from there to their mailrelay - no restrictions (this is not our primary mail).
                                - Our_isp_relay has already blacklisted my mailrelay twice, caused by reputation based filtering - no spamming occurred though (all known domains at-least...), but the number of mails was rather high...
                                - We are about to send monitoring alert through my mailrelay pretty soon, and therefore I would like to avoid spam filtering if possible - but saw domain-whitelisting as a solution to limit damages to a minimum if a host goes hostile...
                                - Our Printers are also on the R&D network and they need scan->email functionality, so I still need to allow printers to send to anyone.
                                - 99.96% of mail going through my mailrelay goes to our own official mailboxes, so my thinking was to route all this directly to our official mailserver and get my mailrelay whitelisted there (so no spamfiltering is done on mails from this IP)...

                                Thanks in advance :-) !
                                ~maymann

                                2012/1/10 Wietse Venema <wietse@...>
                                Michael Maymann:
                                > Hi Noel,
                                >
                                > Thanks for you kind reply, and sorry for not being informative enough
                                > .
                                > I would like to configure the following rules in postfix:
                                > 1. All mail to our_own_domain are send to our_external_hosted_mailserver
                                > (Ralf already helped me with this...)
                                > 2. All mail from our printers to external domains are send to
                                > our_isp_mailrelay
                                > 3. All mail from everything but our printers to "whitelisted" external
                                > domains are send to our_isp_mailrelay (Ralf already helped me with this,
                                > but does this need to change...?)

                                Printers can send mail to all destinations, but users cannot?

                                What problem are you trying to solve by doing that? Describe
                                the problem, instead of your solution above.

                                       Wietse

                                > 4. All other mail is bounced to bounce@our_own_domain.com
                                >
                                > As I'm pretty new to Postfix, can you point out the variables/configfiles
                                > that I need to edit to achieve this - or perhaps even give config
                                > example...:-) !
                                >
                                > Thanks in advance :-) !
                                > ~maymann
                                >
                                > 2012/1/10 Noel Jones <njones@...>
                                >
                                > > On 1/10/2012 3:02 PM, Michael Maymann wrote:
                                > > > Please, anyone who can help me with this...:-) !
                                > > >
                                > > > ~maymann
                                > >
                                > >
                                > > I don't think anyone quite knows what you're asking.
                                > >
                                > > Please explain your goals and current config as described here:
                                > > http://www.postfix.org/DEBUG_README.html#mail
                                > >
                                > >
                                > >
                                > >
                                > >
                                > >
                                > >
                                > >  -- Noel Jones
                                > >

                              • Wietse Venema
                                Michael Maymann: [ Charset ISO-8859-1 unsupported, converting... ] ... You need to rate-limit the clients. Use policyd or postfwd or something with similar
                                Message 15 of 16 , Jan 10, 2012
                                • 0 Attachment
                                  Michael Maymann:
                                  [ Charset ISO-8859-1 unsupported, converting... ]
                                  > Hi Wietse,
                                  >
                                  > thanks for your kind reply...:-) !
                                  > You're right...
                                  >
                                  > - We currently have a setup where all mail from R&D internal->external is
                                  > send to my mailrelay in a specific site, as our_isp_relay only allows us to
                                  > send from there to their mailrelay - no restrictions (this is not our
                                  > primary mail).
                                  > - Our_isp_relay has already blacklisted my mailrelay twice, caused by
                                  > reputation based filtering - no spamming occurred though (all known domains
                                  > at-least...), but the number of mails was rather high...

                                  You need to rate-limit the clients. Use policyd or postfwd or
                                  something with similar capabilities.

                                  > - We are about to send monitoring alert through my mailrelay pretty soon,
                                  > and therefore I would like to avoid spam filtering if possible - but saw
                                  > domain-whitelisting as a solution to limit damages to a minimum if a host
                                  > goes hostile...

                                  Rate limit the clients, and you won't have to keep updating whitelists.

                                  If you have PC-class systems on the network, having anti-spam/virus on the
                                  mail server would be a good idea because some box will get infected.

                                  > - Our Printers are also on the R&D network and they need scan->email
                                  > functionality, so I still need to allow printers to send to anyone.

                                  You need to exclude the printers from the rate limit.

                                  Wietse
                                  > - 99.96% of mail going through my mailrelay goes to our own official
                                  > mailboxes, so my thinking was to route all this directly to our official
                                  > mailserver and get my mailrelay whitelisted there (so no spamfiltering is
                                  > done on mails from this IP)...
                                  >
                                  > Thanks in advance :-) !
                                  > ~maymann
                                • Michael Maymann
                                  Hi Wietse, Thanks again for your nice/quick reply... 2012/1/10 Wietse Venema ... All our IP s in mynetworks should be allowed to send
                                  Message 16 of 16 , Jan 10, 2012
                                  • 0 Attachment
                                    Hi Wietse,

                                    Thanks again for your nice/quick reply...
                                    2012/1/10 Wietse Venema <wietse@...>
                                    Michael Maymann:
                                    [ Charset ISO-8859-1 unsupported, converting... ]
                                    > Hi Wietse,
                                    >
                                    > thanks for your kind reply...:-) !
                                    > You're right...
                                    >
                                    > - We currently have a setup where all mail from R&D internal->external is
                                    > send to my mailrelay in a specific site, as our_isp_relay only allows us to
                                    > send from there to their mailrelay - no restrictions (this is not our
                                    > primary mail).
                                    > - Our_isp_relay has already blacklisted my mailrelay twice, caused by
                                    > reputation based filtering - no spamming occurred though (all known domains
                                    > at-least...), but the number of mails was rather high...

                                    You need to rate-limit the clients. Use policyd or postfwd or
                                    something with similar capabilities.
                                     
                                    All our IP's in "mynetworks" should be allowed to send mails without filtering at this stage. But this looks like a good thing to implement later on though... (at this stage, I would like to make a quick fix to the very open solution we have now)...:-)

                                    > - We are about to send monitoring alert through my mailrelay pretty soon,
                                    > and therefore I would like to avoid spam filtering if possible - but saw
                                    > domain-whitelisting as a solution to limit damages to a minimum if a host
                                    > goes hostile...

                                    Rate limit the clients, and you won't have to keep updating whitelists.

                                    It is only to our own domain and a handfull of external vendors (systems sending support-alerts to vendors directly). This will not be a problem in my setup.

                                    If you have PC-class systems on the network, having anti-spam/virus on the
                                    mail server would be a good idea because some box will get infected.

                                    PC-vlans are not in my "mynetworks", so DC vlans and some specific LAB-equipment IP's are allowed to send...
                                    I would really like to avoid anti-spam/virus filtering (at-least in this stage), as this can potentially filter my monitoring alerts, etc.
                                     

                                    > - Our Printers are also on the R&D network and they need scan->email
                                    > functionality, so I still need to allow printers to send to anyone.

                                    You need to exclude the printers from the rate limit.

                                    This is my current configuration:

                                    main.cf:
                                    ---
                                    queue_directory = /var/spool/postfix
                                    command_directory = /usr/sbin
                                    daemon_directory = /usr/libexec/postfix
                                    mail_owner = postfix
                                    mydomain = <MYDOMAIN>
                                    myorigin = $mydomain
                                    inet_interfaces = all
                                    mydestination = localhost, localhost.localdomain, $mydomain, dfm.test.com
                                    local_recipient_maps = unix:passwd.byname $alias_maps
                                    unknown_local_recipient_reject_code = 550
                                    mynetworks = 127.0.0.0/8, <MYVLAN1>, <MYVLAN2>, etc
                                    relay_domains = $mydestination
                                    relayhost = [<MYISP>] # this will be commented out when we effectuate the new config
                                    # transport_maps = hash:/etc/postfix/transport # this will be commented in when we effectuate the new config
                                    alias_maps = hash:/etc/aliases
                                    alias_database = hash:/etc/aliases
                                    debug_peer_level = 2
                                    debugger_command =
                                             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
                                             xxgdb $daemon_directory/$process_name $process_id & sleep 5
                                    sendmail_path = /usr/sbin/sendmail.postfix
                                    mailq_path = /usr/bin/mailq.postfix
                                    setgid_group = postdrop
                                    html_directory = no
                                    manpage_directory = /usr/share/man
                                    sample_directory = /usr/share/doc/postfix-2.3.3/samples
                                    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
                                    ---

                                    transport (everything will be commented in when we effectuate the new config):
                                    ---
                                    ## Relay own mail to own server
                                    #our_own_domain      relay:<OUR_OFFICIAL_MAILSERVER>
                                    ## Relay only mail to known external vendors
                                    #<MY_VENDOR1> relay:<OUR_ISP_MAILRELAY>
                                    #<MY_VENDOR2> relay:<OUR_ISP_MAILRELAY>
                                    #<MY_VENDOR3> relay:<OUR_ISP_MAILRELAY>
                                    #<MY_VENDOR4> relay:<OUR_ISP_MAILRELAY>
                                    #<MY_VENDOR5> relay:<OUR_ISP_MAILRELAY>
                                    ---

                                    1. How can I exclude my printers from the "transport" whitelisting - can you give example in configfile ?
                                    2. How can I send bounced mails to bounce@our_own_domain.com - can you give example in configfile ?


                                    Thanks for your nice support - really appreciate it...:-) !

                                    ~maymann



                                           Wietse
                                    > - 99.96% of mail going through my mailrelay goes to our own official
                                    > mailboxes, so my thinking was to route all this directly to our official
                                    > mailserver and get my mailrelay whitelisted there (so no spamfiltering is
                                    > done on mails from this IP)...
                                    >
                                    > Thanks in advance :-) !
                                    > ~maymann

                                  Your message has been successfully submitted and would be delivered to recipients shortly.