Solved

Ubuntu Postfix & SpamAssassin Backup MX Server

Posted on 2010-08-30
2
1,389 Views
Last Modified: 2012-05-10
Trying to configure an ubuntu 9.10 server to serve as a backup mx/relay server. Essentially if a site's mail server goes down, we'd like this box to queue mails until the server comes back up and then deliver them accordingly.

1. It's working as is
2. Spam Assassin is being used to filter (tag?) spam
3. It is queuing a ton of spam for various other domains which will stay on the server for the default 5 days until it expires.

How can I configure the box so that unless the mail being received (recipient domain) is part of the relay domains list, to drop/reject the email automatically.  The logic is if we haven't added the recipient email's domain to our relay domains, then this server should not be handling/processing it.  Any help would be appreciated in advance. Thanks.

My Main.CF is enclosed below.


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

relay_transport = relay

smtpd_banner = ESMTP - Domain 1
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mx1.domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mx1.domain1.com, lsubuntumx.lsconnections.com, localhost.lsconnections.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +

smtpd_helo_required = yes

        #reject_invalid_hostname  
        #reject_non_fqdn_hostname

smtpd_sender_restrictions = reject_non_fqdn_sender
        #hash:/etc/postfix/access
        #reject_non_fqdn_sender 
        #reject_uknown_sender_domain 
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_unknown_reverse_client_hostname permit_mx_backup

smtpd_data_restrictions =
        #reject_unauth_pipelining  (stops bulk mail senders)

strict_rfc821_envelopes = no

smtp_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no

relay_domains = domain1.com, domain2.com, domain3.com

# You must specify your NAT/proxy external address.
proxy_interfaces = 208.x.x.x

Open in new window

0
Comment
Question by:Malevolo
2 Comments
 
LVL 25

Expert Comment

by:madunix
ID: 33562429
0
 
LVL 5

Accepted Solution

by:
bougui earned 500 total points
ID: 33567063
Hi

Maybe you dont look closely enough in you're mail queue.

What I suspect is that mail is sent to UserthatdoestNotExist@domain1.com via the mx backup server ( this is usual from spamer they use the backup mx server ).

Then you server queue the email and try to send it to the real email server because your accepting anything to domain1.com

The real email server responds back to your mx backup server this user doesn't not exist.

then your backup server try to respond to the sender ( which is 99 % invalid ) because it was spam and your mx backup server is stuck with the mail in is queue and will try to resend the email during 4 days.

Possible solution:

1) extract the valid email for all your domain and create a recipeient map
and add something like this to main.cf

relay_recipient_maps = hash:/etc/postfix/domain1-recipients

entry example:

ventes@domain1.com            OK


That way you will only accept email to existing users for your domain and your mx server should not filled is queue

2) don't accept spam, you have relax restrictions in your main.cf file this is an indeep doc for this http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

but at least

smtpd_helo_required = yes
disable_vrfy_command = yes


smtpd_recipient_restrictions =
      permit_mynetworks,
      reject_invalid_hostname,
      reject_non_fqdn_hostname,
      reject_non_fqdn_sender,
      reject_non_fqdn_recipient,
      reject_unknown_sender_domain,
      reject_unknown_recipient_domain,
      reject_unauth_destination,
      check_recipient_access hash:/etc/postfix/access,
      reject_rbl_client cbl.abuseat.org,
      reject_rbl_client sbl.spamhaus.org,
      reject_rbl_client pbl.spamhaus.org,
      permit

smtpd_data_restrictions =
      reject_unauth_pipelining,
      permit


With this you should be okay.

Good luck !
 
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now