Solved

Ubuntu Postfix & SpamAssassin Backup MX Server

Posted on 2010-08-30
2
1,424 Views
Last Modified: 2012-05-10
Trying to configure an ubuntu 9.10 server to serve as a backup mx/relay server. Essentially if a site's mail server goes down, we'd like this box to queue mails until the server comes back up and then deliver them accordingly.

1. It's working as is
2. Spam Assassin is being used to filter (tag?) spam
3. It is queuing a ton of spam for various other domains which will stay on the server for the default 5 days until it expires.

How can I configure the box so that unless the mail being received (recipient domain) is part of the relay domains list, to drop/reject the email automatically.  The logic is if we haven't added the recipient email's domain to our relay domains, then this server should not be handling/processing it.  Any help would be appreciated in advance. Thanks.

My Main.CF is enclosed below.


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

relay_transport = relay

smtpd_banner = ESMTP - Domain 1
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mx1.domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mx1.domain1.com, lsubuntumx.lsconnections.com, localhost.lsconnections.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +

smtpd_helo_required = yes

        #reject_invalid_hostname  
        #reject_non_fqdn_hostname

smtpd_sender_restrictions = reject_non_fqdn_sender
        #hash:/etc/postfix/access
        #reject_non_fqdn_sender 
        #reject_uknown_sender_domain 
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_unknown_reverse_client_hostname permit_mx_backup

smtpd_data_restrictions =
        #reject_unauth_pipelining  (stops bulk mail senders)

strict_rfc821_envelopes = no

smtp_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no

relay_domains = domain1.com, domain2.com, domain3.com

# You must specify your NAT/proxy external address.
proxy_interfaces = 208.x.x.x

Open in new window

0
Comment
Question by:Malevolo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Expert Comment

by:madunix
ID: 33562429
0
 
LVL 5

Accepted Solution

by:
bougui earned 500 total points
ID: 33567063
Hi

Maybe you dont look closely enough in you're mail queue.

What I suspect is that mail is sent to UserthatdoestNotExist@domain1.com via the mx backup server ( this is usual from spamer they use the backup mx server ).

Then you server queue the email and try to send it to the real email server because your accepting anything to domain1.com

The real email server responds back to your mx backup server this user doesn't not exist.

then your backup server try to respond to the sender ( which is 99 % invalid ) because it was spam and your mx backup server is stuck with the mail in is queue and will try to resend the email during 4 days.

Possible solution:

1) extract the valid email for all your domain and create a recipeient map
and add something like this to main.cf

relay_recipient_maps = hash:/etc/postfix/domain1-recipients

entry example:

ventes@domain1.com            OK


That way you will only accept email to existing users for your domain and your mx server should not filled is queue

2) don't accept spam, you have relax restrictions in your main.cf file this is an indeep doc for this http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

but at least

smtpd_helo_required = yes
disable_vrfy_command = yes


smtpd_recipient_restrictions =
      permit_mynetworks,
      reject_invalid_hostname,
      reject_non_fqdn_hostname,
      reject_non_fqdn_sender,
      reject_non_fqdn_recipient,
      reject_unknown_sender_domain,
      reject_unknown_recipient_domain,
      reject_unauth_destination,
      check_recipient_access hash:/etc/postfix/access,
      reject_rbl_client cbl.abuseat.org,
      reject_rbl_client sbl.spamhaus.org,
      reject_rbl_client pbl.spamhaus.org,
      permit

smtpd_data_restrictions =
      reject_unauth_pipelining,
      permit


With this you should be okay.

Good luck !
 
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question