This is probably going to be a somewhat unusual question. The current situation is this:

The company that my employer pays for providing e-mail doesn't know what they're doing. We've been plagued by frequent outages, excessive spam, unresponsiveness when adding users, etc. Because of this, I built an e-mail server using FreeBSD and Postfix. This has performed admirably, in part to the advice I received on this forum. I have SMTP AUTH required to send mail and TLS required to prevent plain text logins from being easily sniffed.

However, we have a CRM application does not support TLS. I know that the ideal solution would be to have the provider fix their application to adhere to industry standard TLS, but the company is so large, there's little to no chance of them ever fixing it. Because of this, we've had to remain with the 3rd party e-mail provider solely for SMTP service for CRM. By doing so, we're still affected by service outages; nobody could send e-mail from CRM from this past Friday evening until Monday around 10 am. I had an idea that I think will work to circumvent this, but I've been unable to locate information on such a configuration.

My idea, since the machine housing CRM has access to my employer's internal network, is to set up one of my Linux servers on my LAN with Postfix. I'd set the IP address of the CRM box as the mynetworks parameter of Postfix on this internal server - it's the only machine that would be allowed to use SMTP service on this machine. Postfix on this internal server would then simply bounce any messages received via SMTP out to my real mail server, handling the TLS and authentication. I *think* this should allow me to simply set the mail server in the CRM app to be the IP of my internal server and allow e-mails to be sent from CRM using the mail server I built by simply bouncing the traffic through an intermediate machine.

I (possibly erroneously) assume that this is possible. Does anyone have any advice, suggestions, thoughts, ideas of where to look, etc? Thanks in advance for any help.

That should work fine - does the CRM box have a static public IP or is it internal to your LAN though? I wouldn't have thought you'd need authentication from an internal relay, but perhaps I'm a bit confused - a simply diagram of you plan may help.

The CRM box does have a static IP address.

The problem I ran into when building the mail server is that our network providers are Nazis and would not forward any ports through the firewall. Because of this, I had to get a completely separate business-grade DSL line installed with a static IP address to use for the mail server. Therefore, I'm really connecting to my mail server through the Internet rather than locally when I send mail from my corporate network.

Dunno if this answers your question or not...

That's OK - a single static IP that can't be spoofed should be fine.

Set mynetworks and relayhost, and you're pretty much there.


You're not running this on one of those old RH boxes are you?

I was planning to run it on a RedHat 9.0 box I have set up to do IP masquerading/corporate IM server/file serving/internal web server/etc - I already downloaded and installed the postfix 2.4 RPM before posting the original message. Would this be a bad idea? Would it be better to use a Slackware 10.2 box that I have running another application I wrote myself?

Also, I found the relayhost in the postfix docs, but nothing in it related to TLS or authentication. Can you suggest where to look to find out how to configure this? (I was thinking of creating a user on my mail server strictly to allow CRM to send e-mail.)

Nevermind about pointers to more docs - I believe I've found what I need. This page, though geared for a different product entirely, seems to have the information I was looking for.

I'm currently waiting to set it up until I hear back from you Billy. I don't want to do a lot of work, then find out that there's a memory leak or something that's a known flaw on RH9. (Not that something like this has EVER happened to me in the past... )

Been away. It's just that RH9 is way old and hasn't had security updates or whatever for several years (2004 I think). Try something newer like RHEL5 (or CentOS5)

Hy,

i am using Postfix, Amavisd and Spamassassin.
I forward some mails from my postfix to an external mailserver.
I want my postfix to forward only "good" mails to the external server.
So all spam mails should not be forwarded.

How can I configure my postfix to do that?

I hope for help.