Loading ...
Sorry, an error occurred while loading the content.

Re: Relaying email to exchange

Expand Messages
  • Simon Walter
    ... I think perhaps that is a bit of hasty advice. I m quite sure given a large enough infrastructure and traffic load that you d want two or more MX records
    Message 1 of 9 , Feb 14, 2013
    • 0 Attachment
      On 02/15/2013 06:10 AM, Reindl Harald wrote:
      >
      > no need for two MX records at all

      I think perhaps that is a bit of hasty advice. I'm quite sure given a
      large enough infrastructure and traffic load that you'd want two or more
      MX records with a different SMTP server sitting behind each IP address.
      I could (and have been) wrong though.

      --
      htholidays.com
    • Luigi Rosa
      ... Hash: SHA1 ... As Reindl Harald pointed out, the spam filter should be in only one place: the border server. If you add something like (che the
      Message 2 of 9 , Feb 14, 2013
      • 0 Attachment
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        Kevin Blackwell said the following on 14/02/2013 20:31:

        > I'm using postfix to relay email to our exchange server.
        >
        > The problem I'm running into is the spam filtering on the exchange filter
        > is being bypassed because the relayed email shows a from address of the
        > email relay server and not the originating ip address.
        >
        > Is there a was to configure postfix to relay male but retain the received
        > from IP address when it was received by postfix?

        As Reindl Harald pointed out, the spam filter should be in only one place: the
        border server.

        If you add something like (che the documentation before adding this parameters)

        reject_invalid_hostname
        reject_non_fqdn_hostname
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        reject_unknown_sender_domain
        reject_rbl_client cbl.abuseat.org
        reject_rbl_client sbl.spamhaus.org
        reject_rbl_client pbl.spamhaus.org

        to smtpd_recipient_restrictions you block nearly 90% of spam

        My advice is to disable antispam on Exchange _and_ Outlook (if you have any)
        and filter in just one point.

        This is useful also if you want to debug the filter, i.e. if a user asks why a
        mail has been rejected.

        Of course smtpd_recipient_restrictions alone is not an antispam filter, you
        should also add at least an antivirus scanner.



        Ciao,
        luigi

        - --
        /
        +--[Luigi Rosa]--
        \

        Talk is cheap because supply exceeds demand.
        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v1.4.11 (GNU/Linux)
        Comment: Using GnuPG with undefined - http://www.enigmail.net/

        iEYEARECAAYFAlEduNEACgkQ3kWu7Tfl6ZSC1QCgymM8xcjCLLMn/9C0HqrHn6Ln
        JPsAoIKeVd2RkEcHUMi2yZYz84yZJVIq
        =lOiv
        -----END PGP SIGNATURE-----
      • Stefan Foerster
        ... Wrong setup. If you have more than one MX, each of them should apply the exact same content filter policies. Either buy a second Exchange edge server or
        Message 3 of 9 , Feb 14, 2013
        • 0 Attachment
          * Kevin Blackwell <akblackwel@...>:
          > I have 2 mx records. The primary is Exchanges edge server that has it's own
          > internal spam filtering. The secondary is poxtfix server relaying mail to
          > the edge server as a backup mx record. Are you saying the postfix server
          > should be behind the Exchange edge server?

          Wrong setup. If you have more than one MX, each of them should apply
          the exact same content filter policies. Either buy a second Exchange
          edge server or get rid of Exchange and buy a second MX running
          Postfix.


          Stefan
        • Reindl Harald
          ... in this case the setup sould be done by people which are knowing what they are doing and you have unlikely a exchange as MX having two MX and only one of
          Message 4 of 9 , Feb 15, 2013
          • 0 Attachment
            Am 15.02.2013 01:30, schrieb Simon Walter:
            > On 02/15/2013 06:10 AM, Reindl Harald wrote:
            >>
            >> no need for two MX records at all
            >
            > I think perhaps that is a bit of hasty advice. I'm quite sure given a large enough infrastructure and traffic load
            > that you'd want two or more MX records with a different SMTP server sitting behind each IP address. I could (and
            > have been) wrong though.

            in this case the setup sould be done by people which are
            knowing what they are doing and you have unlikely a
            exchange as MX

            having two MX and only one of them filters spam is dumb
            the two MX must behave identical from outside
          • Mikael Bak
            Kevin, ... A rule of thumb is that if you must have a backup MX you should have the same spam defence as on the primary one. If you can t do that, I suggest
            Message 5 of 9 , Feb 15, 2013
            • 0 Attachment
              Kevin,

              On 02/14/2013 09:41 PM, Kevin Blackwell wrote:
              > I have 2 mx records. The primary is Exchanges edge server that has it's
              > own internal spam filtering. The secondary is poxtfix server relaying
              > mail to the edge server as a backup mx record. Are you saying the
              > postfix server should be behind the Exchange edge server?
              >

              A rule of thumb is that if you must have a backup MX you should have the
              same spam defence as on the primary one.
              If you can't do that, I suggest you drop the backup MX.

              Alternatively you can hide the exchange behind a postfix, but the you
              should let postfix do the spam filtering and disable spam filter on the
              exchange.

              You must now ask you the question why you need a backup MX.

              HTH,
              Mikael
            Your message has been successfully submitted and would be delivered to recipients shortly.