moving RELAY from sendmail to postfix
in [Postfix]
|
Prev: problems with permit_sasl and unknown_address
Next: (still same spam problem) Pop-Before Smtpd question and also canyou quicky check the log file for issues?
From: charles on 2 Apr 2010 07:56 *** Looking for some best practices / suggestions ... *** I have inherited an "internal" sendmail relay that I am in the process of moving to postfix. The relay processes about 20-30k messages a day. I have followed: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall Question 1: --------------------- This "internal" relay was put in for "system" messages and does not allow attachments. Attachments are stripped by mimedefang. Would like to strip attachments the Postfix way using Ralf Hilderbrandt's suggestion: http://www.arschkrebs.de/postfix/mime_header_checks.regexp main.cf : mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp file: mime_header_checks.regexp --- /filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\"?$/ REJECT For security reasons we reject attachments of this type /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))"?\s*$/ REJECT Attachment type not allowed. File "$2" has the unacceptable extension "$3" --- --------------------- Question 2: --------------------- The sendmail mailterable that has some specific entries but most go to one outbound relay. sendmail mailertable ---------------------- ..net ..com ..org host1 relay:host1-relay hostn relay:hostn-relay --------------------- Is there a postfix transport "wild-card" to specify these and then just put my "exceptions" in like: postfix transport: ------------------------------- host1 smtp:[host1-relay] hostn smtp:[hostn-relay] (wildcard) smtp:[main-relay] (wildcard) smtp:[my-relay] -------------------------------- The relay that "can" relay directly to the outside, but only a few thing domains go directly to the Internet most go to the main relay. For the ones that go out directly, what is the best way to specify those? Thx Charles
From: charles on 2 Apr 2010 08:19
Forgot postfix version: http://ftp.wl0.org/official/2.5/RPMS-rhel5-i386/ Version : 2.5.1 |