Re: Relaying email to exchange
- -----BEGIN PGP SIGNED MESSAGE-----
Kevin Blackwell said the following on 14/02/2013 20:31:
> I'm using postfix to relay email to our exchange server.As Reindl Harald pointed out, the spam filter should be in only one place: the
> The problem I'm running into is the spam filtering on the exchange filter
> is being bypassed because the relayed email shows a from address of the
> email relay server and not the originating ip address.
> Is there a was to configure postfix to relay male but retain the received
> from IP address when it was received by postfix?
If you add something like (che the documentation before adding this parameters)
to smtpd_recipient_restrictions you block nearly 90% of spam
My advice is to disable antispam on Exchange _and_ Outlook (if you have any)
and filter in just one point.
This is useful also if you want to debug the filter, i.e. if a user asks why a
mail has been rejected.
Of course smtpd_recipient_restrictions alone is not an antispam filter, you
should also add at least an antivirus scanner.
Talk is cheap because supply exceeds demand.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
-----END PGP SIGNATURE-----
- * Kevin Blackwell <akblackwel@...>:
> I have 2 mx records. The primary is Exchanges edge server that has it's ownWrong setup. If you have more than one MX, each of them should apply
> internal spam filtering. The secondary is poxtfix server relaying mail to
> the edge server as a backup mx record. Are you saying the postfix server
> should be behind the Exchange edge server?
the exact same content filter policies. Either buy a second Exchange
edge server or get rid of Exchange and buy a second MX running
- Am 15.02.2013 01:30, schrieb Simon Walter:
> On 02/15/2013 06:10 AM, Reindl Harald wrote:in this case the setup sould be done by people which are
>> no need for two MX records at all
> I think perhaps that is a bit of hasty advice. I'm quite sure given a large enough infrastructure and traffic load
> that you'd want two or more MX records with a different SMTP server sitting behind each IP address. I could (and
> have been) wrong though.
knowing what they are doing and you have unlikely a
exchange as MX
having two MX and only one of them filters spam is dumb
the two MX must behave identical from outside
On 02/14/2013 09:41 PM, Kevin Blackwell wrote:
> I have 2 mx records. The primary is Exchanges edge server that has it's
> own internal spam filtering. The secondary is poxtfix server relaying
> mail to the edge server as a backup mx record. Are you saying the
> postfix server should be behind the Exchange edge server?
A rule of thumb is that if you must have a backup MX you should have the
same spam defence as on the primary one.
If you can't do that, I suggest you drop the backup MX.
Alternatively you can hide the exchange behind a postfix, but the you
should let postfix do the spam filtering and disable spam filter on the
You must now ask you the question why you need a backup MX.