[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Postfix filtering for Exchange server



On Thu, May 20, 2004 at 05:30:26PM -0500, Travis Owens wrote:
> I'm looking to setup a postfix server on a firewall/router to filter
> emails -- blocking spam -- then relaying it to the MS Exchange server on
> the LAN.
> 
> First, does this make sense, and is it plausible? (I'm pretty sure it
> is)

Yes, and yes.

> I believe if I use the relay_domains parameter with the
> relay_recipients_maps setup for all the valid addresses listed, along
> with the Exchange server setup with a higher priority in the DNS records
> for internal resolution, the firewall/postfix server will accept the
> mail via postfix and filter via the rules that I establish, then pass
> the valid emails on to the Exchange server.

I don't think you want to do this via DNS.  You should let postfix
route everything based on explicit rules.

> Here's the basic setup in case I'm having trouble explaining in an
> understandable format:
> 
> Postfix:	rt1.domain.com 		10.0.0.254
> Exchange:	ntmain.domain.com	10.0.0.2
> 
> DNS records = rt1 = priority 10, while ntmain = priority 5
> 
> INET -> Postfix (10.0.0.254) -> Win2K (10.0.0.2)

What you really want to do is not even list ntmain as an MX.  You want
all incoming traffic to hit rt1, and on that box you want the
following:

/etc/postfix/main.cf:

  mydestination = $myhostname, localhost.$mydomain, localhost,
                  /etc/postfix/local-host-names

  transport_maps = hash:/etc/postfix/transport

/etc/postfix/local-host-names:

  domain.com
  ntmain.domain.com

/etc/postfix/transport:

  domain.com		smtp:[ntmain.domain.com]:25
  ntmain.domain.com	smtp:[ntmain.domain.com]:25

Make sure you do "postmap /etc/postfix/transport".

Oh, and if you happen to be running Fedora/Red Hat, I have packages
for amavis, and I would be happy to give you the other few steps that
it takes to set that up so you can easily use it for all the
spam/virus filtering...

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-7360             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.