postfix won't forward mail
I've got a very annoying problem. I'm at the end of my rope. If someone could help, I'd really appreciate it.
For a couple of years had a RedHat server running sendmail on my DMZ that forwards mail to my Exchange 5.5 server. I needed to upgrade so, I built a new Mandrake 9.2 box. The goal of this server is to be a spam filter and to then forward all mail to our existing Exchange 5.5 server. The problem I am having is that the linux box isn't forwarding any of the mail. I haven't seen any non-delivery reports on any of the mail I have sent to test it, and my firewall logs show that the mail made it to the linux server, but it never makes it to the Exchange server. I'm wondering if there is some way to check logs, or queues inside of postfix to see if the mail has been blocked or rejected or if it's some kind of misconfiguration. I also have a second question, there is an email "tester" at http://www.dnsreport.com that I've been using to test. I put in postmaster@mydomain.com and it give me the following error: "Could not connect: Could not receive data: Operation timed out." With my former server in place, it gives me a 200 OK. Any ideas? Let me know if you need more information. Thanks! |
Ok, I completely removed spamassassin to rule out that software and now I'm getting a totally different response when I test it.
Now I'm getting "451: Server configuration error" Any ideas?? |
You have to make sure that your postfix gateway doesn't consider itself the final destination of your mail-domain(s).
This is achived by setting mydestination i main.cf to the local host only: mydestination = $myhostname, localhost.$mydomain Then You have to verify your transport maps, so postfix knows what to do with the mail destined for the exchange server. My transport file is in /etc/postfix/, and sample line in transport could be: mail.destination.dom smtp:[exchange_ip_address] (brackets included) Remember to run "postmap /etc/postfix/transport" after you've edited the transport file. Also make sure to have transport_maps = hash:/etc/postfix/transport in your main.cf. Oh, and remember to do a "postfix reload" :) Regards, LTJ |
I think I have mydestination wrong, and I'm going to check that asap.
I already have the transport file but I accept mail for 3 domains so I have mine setup like this: domain1.com smtp:[exchange_ip_address] domain2.com smtp:[exchange_ip_address] domain3.com smtp:[exchange_ip_address] Your example shows: mail.domain1.com smtp:[exchange_ip_address] Do I need the mail dot prefix? or just the domain that the mail is being sent to? Thanks again, I'll reply on how the mydestination changes affect my testing. |
Quote:
/LTJ |
Ok, THANKS SO MUCH. I've gotten just a little bit closer now.
This never happened before, but now, I'm getting Error emails sent to my mailbox (on the exchange server) which means the linux box is now sending to the Exchange server correctly. This is an example of what I'm receiving: ____________________________________________________ From: MAILER-DAEMON@ns1.mydomain.com To: Postmaster@mydomain.com Subject: Postfix SMTP server: errors from unknown[66.137.223.193] Transcript of session follows. Out: 220 mail.ervincable.com In: EHLO pmoexchange.lambert-stl.org Out: 250-ns1.ervincable.com Out: 250-PIPELINING Out: 250-SIZE 100000000 Out: 250-VRFY Out: 250-ETRN Out: 250 8BITMIME In: MAIL FROM:<PJHilmes@lambert-stl.org> SIZE=57795 Out: 250 Ok In: RCPT TO:<PWard@apextv.com> Out: 451 Server configuration error In: RSET Out: 250 Ok In: QUIT Out: 221 Bye _______________________________________________ |
Is this when You are sending or recieving mails on the exchange server, perhaps both?
You can check your postfix configuration by running "postfix check" /LTJ |
I get that message sent to my "postmaster" mailbox whenever outside email hits the server trying to get to a mailbox on the Exchange Server.
|
zzero,
Could you please disclose your main.cf and master.cf. You can leave out ip-addresses and other security compromising stuff. Also make sure that name-resolution is configured correctly on the postfix box. Postfix should be able to do forward lookups when sending mail, and reverse lookups when recieving. Does postfix report anything from the postfix check? |
Here's my main.cf file...
alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 delay_warning_time = 4 inet_interfaces = all local_recipient_maps = local_transport = no local mail delivery mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -Y -a $DOMAIN mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net message_size_limit = 100000000 mydestination = $myhostname, localhost.$mydomain myhostname = ns1.ervincable.com mynetworks = 10.0.0.0/16, 192.0.0.0/16 myorigin = ervincable.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.0.13/README_FILES relayhost = firewall.ervincable.com sample_directory = /usr/share/doc/postfix-2.0.13/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = mail.ervincable.com smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_maps_rbl smtpd_recipient_restrictions = permit_mynetworks smtpd_sender_restrictions = reject_non_rqdn_sender, reject_unknown_sender_domain transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 Here's master.cf # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtps inet n - y - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - y - - smtpd # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickup fifo n - y 60 1 pickup cleanup unix n - y - 0 cleanup #qmgr fifo n - n 300 1 qmgr qmgr fifo n - y 300 1 nqmgr #tlsmgr fifo - - n 300 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - y - - smtp relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error local unix - n n - - local virtual unix - n y - - virtual lmtp unix - - y - - lmtp maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.1/8 -o strict_rfc821_envelopes=yes Postfix check shows no errors. |
Looks OK to me, but I can see that you're working on som filtering with postfix as well.
In general when working with postfix, i'd suggest that you make the things work one at a time, otherwise you'll be toying with your sanity :p Comments to your main.cf: Quote:
Quote:
Quote:
Quote:
smtpd_banner = $myhostname ESMTP some_text Quote:
I recently did a setup resembling yours, and I got a great deal of help from this documentation: http://www.securitysage.com/guides/postfix_uce.html Good luck. |
I'm sure you are right about getting postfix working before trying the spamblocking software. I'm introducing too many problems at one time. I've made so many changes, I think I'm going to start with a clean installation and go from there.
I was following a guide http://www.geocities.com/scottlhende...pamfilter.html when I built this server and the guide adds all the software at once. I've been reading the Postfix documentation and I have a much better grasp on it now, than when I started. I think if I leave the spamfiltering off, and just do a basic forwarding setup, I can get it working and then move on from there. Thanks for all your help. I really appreciate you taking the time to help me out. |
I read the Postfix documentation last night from home and went through each line of my config with the document beside me and wrote a new main.cf.
I used my new main.cf this morning and it worked perfectly! I have Spamassassin running on it now, and I'm not seeing much spam, but SOME valid emails aren't making it in either. I'm going to take a look at that spamassassin link you sent me, and see how it goes. Thanks for all the help. I guess when all else fails, RTM. ZZ |
A great article
This is a great article, I thought I'd post it for anyone else that might need help.
It tells how to setup a linux server as a spam filtering mail gateway. http://www.flakshack.com/anti-spam/ |
All times are GMT -5. The time now is 01:40 AM. |