[TriLUG] Postfix Configuration Question

Ken Mink ken.mink at gmail.com
Tue Oct 19 17:28:17 EDT 2004


Thanks to Jason and Aaron. Both of their ideas are spot on. The
gateway machine is one of those machines that has just been humming
along for quite a while. It's got RH7.3 and running an old postfix.
It's time for an upgrade.  This has become enough of an issue to put
the time in on it.

Thanks,
Ken


On Tue, 19 Oct 2004 17:06:14 -0400 (EDT), Jason Tower <jason at cerient.net> wrote:
> i've had to deal with this -exact- problem on several gateway servers, the
> answer is to use the verify feature available in postfix 2.1 and newer.
> if the local machine is not the final destination for a message, it will
> query the next hop mail server (as defined in the transports file) to see
> if the recipient is valid BEFORE it accepts.  if not the message will be
> denied with a 450 or 550.  no queueing, no bounces.  note that is is only
> a good idea when verifying against another one of your own mail servers,
> you do not want to query external mail servers.
> 
> if you need more info let me know and i'll dig up a config file for you.
> 
> jason
> 
> 
> 
> > Hi Folks,
> >    I've been trying to figure this out, but I'm stumped. I've got two
> > servers running postfix that handle email for our domain($WORK). One
> > is in the dmz and has relay_domain set for our domainname. In the
> > transport file, I have an entry for our domainname and the internal
> > server to forward it to. This works fine, but I have an issue with it.
> > Due to people who have left the comany, tons of spam comes in for
> > addresses in our domain, but that no longer exist. The server in the
> > dmz accepts the messages and forwards them on like it should. The
> > internal machine then tries to bounce the message since the user is
> > unknown. Since most spam uses a bogus from, the internal machine is
> > getting clogged with messages it can't bounce. There half a dozen
> > employees here, but a postqueue -p lists a couple thousand defferred
> > messages. What I'd like is for the dmz server to immediately reject
> > mail for unknown users. Apart from adding an account for everyone on
> > that machine, I don't klnow how to go about doing that. I've tried
> > explicitly putting each account in the transport file, but that just
> > added the bouncing to the dmz's deferred queue rather than the
> > internal server. Any ideas?
> >
> > Thanks,
> > Ken
> > --
> > ---------------------------------------------
> > "They that can give up essential liberty to obtain a little temporary
> > safety deserve neither liberty nor safety."--Benjamin Franklin
> > " 'Necessity' is the plea for every infringement of human liberty; it
> > is the argument of tyrants; it is the creed of slaves."--William Pitt
> > --
> 
> 
> > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> >
> >
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 


-- 
---------------------------------------------
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt



More information about the TriLUG mailing list