Loading ...
Sorry, an error occurred while loading the content.

Re: Relaying email to exchange

Expand Messages
  • Luigi Rosa
    ... Hash: SHA1 ... As Reindl Harald pointed out, the spam filter should be in only one place: the border server. If you add something like (che the
    Message 1 of 9 , Feb 14, 2013
    • 0 Attachment
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      Kevin Blackwell said the following on 14/02/2013 20:31:

      > I'm using postfix to relay email to our exchange server.
      >
      > The problem I'm running into is the spam filtering on the exchange filter
      > is being bypassed because the relayed email shows a from address of the
      > email relay server and not the originating ip address.
      >
      > Is there a was to configure postfix to relay male but retain the received
      > from IP address when it was received by postfix?

      As Reindl Harald pointed out, the spam filter should be in only one place: the
      border server.

      If you add something like (che the documentation before adding this parameters)

      reject_invalid_hostname
      reject_non_fqdn_hostname
      reject_non_fqdn_sender
      reject_non_fqdn_recipient
      reject_unknown_sender_domain
      reject_rbl_client cbl.abuseat.org
      reject_rbl_client sbl.spamhaus.org
      reject_rbl_client pbl.spamhaus.org

      to smtpd_recipient_restrictions you block nearly 90% of spam

      My advice is to disable antispam on Exchange _and_ Outlook (if you have any)
      and filter in just one point.

      This is useful also if you want to debug the filter, i.e. if a user asks why a
      mail has been rejected.

      Of course smtpd_recipient_restrictions alone is not an antispam filter, you
      should also add at least an antivirus scanner.



      Ciao,
      luigi

      - --
      /
      +--[Luigi Rosa]--
      \

      Talk is cheap because supply exceeds demand.
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.11 (GNU/Linux)
      Comment: Using GnuPG with undefined - http://www.enigmail.net/

      iEYEARECAAYFAlEduNEACgkQ3kWu7Tfl6ZSC1QCgymM8xcjCLLMn/9C0HqrHn6Ln
      JPsAoIKeVd2RkEcHUMi2yZYz84yZJVIq
      =lOiv
      -----END PGP SIGNATURE-----
    • Stefan Foerster
      ... Wrong setup. If you have more than one MX, each of them should apply the exact same content filter policies. Either buy a second Exchange edge server or
      Message 2 of 9 , Feb 14, 2013
      • 0 Attachment
        * Kevin Blackwell <akblackwel@...>:
        > I have 2 mx records. The primary is Exchanges edge server that has it's own
        > internal spam filtering. The secondary is poxtfix server relaying mail to
        > the edge server as a backup mx record. Are you saying the postfix server
        > should be behind the Exchange edge server?

        Wrong setup. If you have more than one MX, each of them should apply
        the exact same content filter policies. Either buy a second Exchange
        edge server or get rid of Exchange and buy a second MX running
        Postfix.


        Stefan
      • Reindl Harald
        ... in this case the setup sould be done by people which are knowing what they are doing and you have unlikely a exchange as MX having two MX and only one of
        Message 3 of 9 , Feb 15, 2013
        • 0 Attachment
          Am 15.02.2013 01:30, schrieb Simon Walter:
          > On 02/15/2013 06:10 AM, Reindl Harald wrote:
          >>
          >> no need for two MX records at all
          >
          > I think perhaps that is a bit of hasty advice. I'm quite sure given a large enough infrastructure and traffic load
          > that you'd want two or more MX records with a different SMTP server sitting behind each IP address. I could (and
          > have been) wrong though.

          in this case the setup sould be done by people which are
          knowing what they are doing and you have unlikely a
          exchange as MX

          having two MX and only one of them filters spam is dumb
          the two MX must behave identical from outside
        • Mikael Bak
          Kevin, ... A rule of thumb is that if you must have a backup MX you should have the same spam defence as on the primary one. If you can t do that, I suggest
          Message 4 of 9 , Feb 15, 2013
          • 0 Attachment
            Kevin,

            On 02/14/2013 09:41 PM, Kevin Blackwell wrote:
            > I have 2 mx records. The primary is Exchanges edge server that has it's
            > own internal spam filtering. The secondary is poxtfix server relaying
            > mail to the edge server as a backup mx record. Are you saying the
            > postfix server should be behind the Exchange edge server?
            >

            A rule of thumb is that if you must have a backup MX you should have the
            same spam defence as on the primary one.
            If you can't do that, I suggest you drop the backup MX.

            Alternatively you can hide the exchange behind a postfix, but the you
            should let postfix do the spam filtering and disable spam filter on the
            exchange.

            You must now ask you the question why you need a backup MX.

            HTH,
            Mikael
          Your message has been successfully submitted and would be delivered to recipients shortly.