LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-27-2010, 02:30 PM   #1
Scott8
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Rep: Reputation: 0
Postfix - messages from invalid domains getting through


We're using Postfix on a SuSE Linux system as our first line of defense to filter incoming email, the mail is subsequently passed on to another internal system. There are messages *to* users in invalid domains slipping through and I'm not sure why. By "invalid domains" I mean domains which are not part of my organization such as sesmail.com, psv.nl, yifan.com, etc. The invalid domains in question are not listed in the relay_domains section of the main.cf file nor are there any users listed in the relay_recipients file @ any of the invalid domains. Any Postfix experts out there have a suggestion on what to check / look for?

Thanks in advance
Scott

Here's the main.cf file:
Note, I've removed commented out info and I've changed the data under relay_domains and myhostname.

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
relay_domains = <my domain>
<my 2nd domain>
<my 3rd domain>
<my 4th domain>
<my 5th domain>

relay_recipient_maps = hash:/etc/postfix/relay_recipients
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = ipv4
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = <THIS SERVER NAME>
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = no
relayhost = [127.0.0.1]:10024
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain, hash:/etc/postfix/whitelist_senders
smtpd_client_restrictions = reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net
smtpd_helo_required = yes
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 25600000
smtp_helo_timeout = 120
smtp_data_init_timeout = 10m
smtp_data_xfer_timeout = 10m
 
Old 04-27-2010, 02:47 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614
Look into smtpd_recipient_restrictions, specifically "reject_unknown_recipient_domain"
 
Old 04-29-2010, 09:42 AM   #3
Scott8
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks but that didn't fix it.

The mail logs show destination addresses like this:
<iqajikyye5444@chello.nl> -> <usera@mydomain.com>
<211348@ilikeclick.com> -> <userb@mydomain.com>
<phonicsm59@websitedesignforbusiness.com> -> <userc@mydomain.com>
NOTE: I substituted the real user email addresses with usera@mydomain.com, userb@mydomain.com, and userc@mydomain.com.
Is this the same as "sender specific routing"?
It looks like this is disabled by default:
http://www.postfix.org/postconf.5.ht...rusted_routing (turned off by default)
but I went ahead and added the line "allow_untrusted_routing = no" just to make sure. That didn't fix the problem.

Any other ideas?
 
Old 04-29-2010, 10:11 AM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614
Ok, I misread. Please clarify, you only want to receive mail that is sent FROM your domain?
 
Old 04-29-2010, 11:29 AM   #5
Scott8
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
We have two locations, each has a different inbound Internet connection.
At each location we've got a system setup with SuSE Linux, Postfix, SpamAssassin, ClamAV. These are the systems I'm working on.
Mail from Internet goes to one or the other SuSE server, from there, we send it to a Barracuda Spam Firewall. Any messages that make it through the Barracuda, go to our end user mail server (running MS Exchange).
We do it this way for a couple reasons, first, the Barracuda provides (I believe) a better level of protection (my comment is mostly focused on their spam protection), second, by using the Linux systems as our Internet gateway devices, we only need to purchase one Barracuda.

We do not filter any outbound mail so the only mail going to the Barracuda is inbound from the SuSE servers.

The messages in question are making it through the SuSE system to the Barracuda. The Barracuda is stopping them.

The goal is to prevent these messages from making it to the Barracuda. "These messages" are defined as messages which have a final destination email address outside my environment.

Thanks again 8-)
 
Old 04-29-2010, 11:38 AM   #6
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614
What is 'mynetworks' set to? I don't see it in your first post.
 
Old 04-29-2010, 12:47 PM   #7
Scott8
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Not defined.
I was wondering about that one. Do you think I can set it to the IP of my Barracuda?
 
Old 04-29-2010, 01:32 PM   #8
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614Reputation: 614
Run "postconf -n", what is mynetworks set to? I'm guessing that "permit_mynetworks" in smtpd_recipient_restrictions is matching before "reject_unauth_destination"
 
Old 04-29-2010, 02:03 PM   #9
Scott8
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain

Good call.

Ok, I'm trying to follow the logic of the setting to see how the messages are getting through. I know it starts on the left, and takes the first match. Are you suggesting that the lack of an explicit $mynetworks setting is allowing any destination to match "permit_mynetworks"?

Sounds like I need to remove permit_mynetworks or put it at the right end of the restrictions.
 
Old 04-29-2010, 03:24 PM   #10
Scott8
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
I changed the entry to:
smtpd_recipient_restrictions = reject_unauth_destination, reject_unknown_recipient_domain, permit_mynetworks

It didn't work any better...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix: User messages are okay; but error messages themselves seem to be bouncing jgombos Linux - Server 3 03-03-2007 03:21 PM
Problems to send messages using Postfix on Debian Sarge to external domains gaiotto Debian 2 08-02-2006 04:35 AM
Postfix - how do hosted domains download their mail from my postfix franschoek Linux - Software 1 04-01-2006 10:41 PM
Invalid ICMP messages? Otto.W. Linux - Networking 2 04-04-2003 05:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration