Stop spammers using outdated MX records.
in [Postfix]
|
From: "Hal Douglas" on 23 Jun 2010 22:47 Hi all, I've encountered a problem that I'd really appreciate some help with. We've been running postfix (v2.4.5) for a while in our DMZ, it handles email for three domains, one is delivered locally to the postfix machine, the other two are forwarded inside the firewall to one of two mailservers, each responsible for a different domain using a transport map that looks something like this: Domain1.edu smtp:[10.2.3.4] Domain2.edu smtp:[10.2.3.5] Domain3.edu local:$myhostname Domain2 has recently been signed up for a cloud spam scanning service, so our postfix host is no longer MX for this domain, the spam scanning service is MX and forwards mail to out postfix host. The problem I've encountered is that spammers don't seem to use the updated MX records, they still use the postfix host as if it were MX. So, what I assume I need to do here is tell postfix that for Domain2 only relay mail from the cloud spam scanning service and our networks. How can I do this with postfix? I've searched around these lists and the web in general, the best explanation I can find is this: http://groups.google.com/group/list.postfix.users/browse_thread/thread/1 40ad8d545413948/a4518a89cf62a33d?lnk=gst&q=mail+from+MX+only#a4518a89cf6 2a33d But it's five years old, so I'm not sure if it's current, and on reading RESTRICTION_CLASS_README it still wasn't clear on how to apply this to my situation. So any help you can provide would be appreciated. Many Thanks. ----------------------------------------- Hal Douglas I.T. Administrator Marist Regional College Email: hal(a)mrc.tas.edu.au ----------------------------------------- This e-mail message and any attached files are intended solely for the addressee/s identified herein. It may contain confidential and/or legally privileged information and may not necessarily represent the opinion of Marist Regional College. If you receive this message in error, please immediately notify the sender and delete it since you are not authorised to use, disclose, distribute, print or copy all or part of the contained information.
From: Sahil Tandon on 23 Jun 2010 23:05 On Thu, 2010-06-24 at 12:47:50 +1000, Hal Douglas wrote: > Domain2.edu smtp:[10.2.3.5] > > Domain2 has recently been signed up for a cloud spam scanning service, > so our postfix host is no longer MX for this domain, the spam scanning > service is MX and forwards mail to out postfix host. The problem I've > encountered is that spammers don't seem to use the updated MX records, > they still use the postfix host as if it were MX. So, what I assume I > need to do here is tell postfix that for Domain2 only relay mail from > the cloud spam scanning service and our networks. My understanding is that you want to refuse mail for domain2 recipients *unless* it originates from your network or the cloud. > How can I do this with postfix? I've searched around these lists and the > web in general, the best explanation I can find is this: You could use restriction classes but that is unnecessary. Assuming the cloud only sends mail to you for domain2, whitelist the cloud's IP *after* reject_unauth_destination but *before*, in the same restriction list, rejecting all mail addressed to domain2. http://www.postfix.org/postconf.5.html#check_client_access http://www.postfix.org/postconf.5.html#check_recipient_access http://www.postfix.org/access.5.html -- Sahil Tandon <sahil(a)FreeBSD.org>
|
Pages: 1 Prev: postmap -q and ldap Next: Monitoring SASL authenticated users |