reggieblak
14th October 2009, 08:53
Helo out there! ;)
I went through the spamsnake setup for Ubuntu Server 9.04. I am able to see mail tagged as clean and as spam in the mailwatch UI, but nothing ever gets forwarded to my exchange server.
The setup is Internet -> Firewall -> Spamsnake -> Exchange.
SpamSnake is in the DMZ. It is connecting to an Exchange Front End server that handles OWA. I have configured Apache on the SpamSnake to reverse Proxy connections for my OWA users, and that works without a problem. To test settings, I replace the SPAMSNAKE with the Exchange front end box in my routers NAT filter. That way i do not have to change external DNS or anything. When i do this, and run
tail -f /var/log/mail.log
I can see connections to the spamsnake from outside.
Here is an excerpt from the log:
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pmurdoch@shawscience.com> proto=ESMTP helo=<ILYMITSV>
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pchipere@shawscience.com> proto=ESMTP helo=<ILYMITSV>
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: lost connection after DATA (0 bytes) from unknown[114.204.31.75]
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: disconnect from unknown[114.204.31.75]
Oct 14 02:22:58 sspnix1 postfix/smtpd[2875]: connect from unknown[117.204.225.95]
Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: NOQUEUE: reject: RCPT from unknown[117.204.225.95]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [117.204.225.95]; from=<aLange_sohne@excite.fr> to=<rsanna@shawscience.com> proto=ESMTP helo=<[117.204.225.95]>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<wo@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: disconnect from unknown[117.204.225.95]
Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[125.90.221.160]
Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: disconnect from unknown[125.90.221.160]
Oct 14 02:23:00 sspnix1 postfix/smtpd[2765]: connect from unknown[123.18.115.245]
Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: connect from unknown[123.98.188.182]
Oct 14 02:23:01 sspnix1 postfix/pickup[2627]: 7E03843637F: uid=0 from=<root>
Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 7E03843637F: message-id=<20091014062301.7E03843637F@mail.shawscience.com>
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: from=<root@shawscience.com>, size=581, nrcpt=1 (queue active)
Oct 14 02:23:01 sspnix1 postfix/local[3432]: 7E03843637F: to=<IT@shawscience.com>, orig_to=<root>, relay=local, delay=0.07, delays=0.04/0.01/0/0.02, dsn=5.1.1, status=bounced (unknown user: "it")
Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 89EDF436383: message-id=<20091014062301.89EDF436383@mail.shawscience.com>
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: from=<>, size=2361, nrcpt=1 (queue active)
Oct 14 02:23:01 sspnix1 postfix/bounce[3433]: 7E03843637F: sender non-delivery notification: 89EDF436383
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: removed
Oct 14 02:23:01 sspnix1 postfix/local[3432]: 89EDF436383: to=<IT@shawscience.com>, orig_to=<root@shawscience.com>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "it")
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: removed
Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[123.98.188.182]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.98.188.182]; from=<comminglesid9@ehostpad.com> to=<petgord34truew@shawscience.com> proto=ESMTP helo=<VEZIBRYHZL>
Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[123.98.188.182]
Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: disconnect from unknown[123.98.188.182]
Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: NOQUEUE: reject: RCPT from unknown[123.18.115.245]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.18.115.245]; from=<big-discounts@dwp.net> to=<pbhahn@shawscience.com> proto=ESMTP helo=<[123.18.115.245]>
Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: disconnect from unknown[123.18.115.245]
I have manually created a relay_recipients file and placed it in /etc/postfix directory. However NOQUEUE: reject: RCPT errors from regardless of whether the email address is valid for my domain or not.
Postconf -n :
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_notice_recipient = bkwayisi@shawscience.com
config_directory = /etc/postfix
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
local_recipient_maps =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 10.15.0.0/24, 192.168.6.0/24, 127.0.0.0/8
myorigin = mydomain.com
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_pipelining reject_rbl_client zen.spamhaus.org bl.spamcop.net permit check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mydomain.local
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
I have used "mydomian" as a place holder.
The funny thing is that once I send test emails from my external yahoo account to my corporate email address, and I can see them as clean messages in mailwatch. After I replace the exchange server in my firewall's NAT table, mail is restored, but then it seems like the messages that were in mailscanner are slowly released. I'll see the emails i sent from my yahoo account like thirty minutes after I make the NAT change and the SPAMsnake is no longer visible to the outside. Please somebody help me!!??
Ben K
I went through the spamsnake setup for Ubuntu Server 9.04. I am able to see mail tagged as clean and as spam in the mailwatch UI, but nothing ever gets forwarded to my exchange server.
The setup is Internet -> Firewall -> Spamsnake -> Exchange.
SpamSnake is in the DMZ. It is connecting to an Exchange Front End server that handles OWA. I have configured Apache on the SpamSnake to reverse Proxy connections for my OWA users, and that works without a problem. To test settings, I replace the SPAMSNAKE with the Exchange front end box in my routers NAT filter. That way i do not have to change external DNS or anything. When i do this, and run
tail -f /var/log/mail.log
I can see connections to the spamsnake from outside.
Here is an excerpt from the log:
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pmurdoch@shawscience.com> proto=ESMTP helo=<ILYMITSV>
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pchipere@shawscience.com> proto=ESMTP helo=<ILYMITSV>
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: lost connection after DATA (0 bytes) from unknown[114.204.31.75]
Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: disconnect from unknown[114.204.31.75]
Oct 14 02:22:58 sspnix1 postfix/smtpd[2875]: connect from unknown[117.204.225.95]
Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: NOQUEUE: reject: RCPT from unknown[117.204.225.95]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [117.204.225.95]; from=<aLange_sohne@excite.fr> to=<rsanna@shawscience.com> proto=ESMTP helo=<[117.204.225.95]>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<wo@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>
Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: disconnect from unknown[117.204.225.95]
Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[125.90.221.160]
Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: disconnect from unknown[125.90.221.160]
Oct 14 02:23:00 sspnix1 postfix/smtpd[2765]: connect from unknown[123.18.115.245]
Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: connect from unknown[123.98.188.182]
Oct 14 02:23:01 sspnix1 postfix/pickup[2627]: 7E03843637F: uid=0 from=<root>
Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 7E03843637F: message-id=<20091014062301.7E03843637F@mail.shawscience.com>
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: from=<root@shawscience.com>, size=581, nrcpt=1 (queue active)
Oct 14 02:23:01 sspnix1 postfix/local[3432]: 7E03843637F: to=<IT@shawscience.com>, orig_to=<root>, relay=local, delay=0.07, delays=0.04/0.01/0/0.02, dsn=5.1.1, status=bounced (unknown user: "it")
Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 89EDF436383: message-id=<20091014062301.89EDF436383@mail.shawscience.com>
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: from=<>, size=2361, nrcpt=1 (queue active)
Oct 14 02:23:01 sspnix1 postfix/bounce[3433]: 7E03843637F: sender non-delivery notification: 89EDF436383
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: removed
Oct 14 02:23:01 sspnix1 postfix/local[3432]: 89EDF436383: to=<IT@shawscience.com>, orig_to=<root@shawscience.com>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "it")
Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: removed
Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[123.98.188.182]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.98.188.182]; from=<comminglesid9@ehostpad.com> to=<petgord34truew@shawscience.com> proto=ESMTP helo=<VEZIBRYHZL>
Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[123.98.188.182]
Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: disconnect from unknown[123.98.188.182]
Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: NOQUEUE: reject: RCPT from unknown[123.18.115.245]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.18.115.245]; from=<big-discounts@dwp.net> to=<pbhahn@shawscience.com> proto=ESMTP helo=<[123.18.115.245]>
Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: disconnect from unknown[123.18.115.245]
I have manually created a relay_recipients file and placed it in /etc/postfix directory. However NOQUEUE: reject: RCPT errors from regardless of whether the email address is valid for my domain or not.
Postconf -n :
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_notice_recipient = bkwayisi@shawscience.com
config_directory = /etc/postfix
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
local_recipient_maps =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 10.15.0.0/24, 192.168.6.0/24, 127.0.0.0/8
myorigin = mydomain.com
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_pipelining reject_rbl_client zen.spamhaus.org bl.spamcop.net permit check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mydomain.local
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
I have used "mydomian" as a place holder.
The funny thing is that once I send test emails from my external yahoo account to my corporate email address, and I can see them as clean messages in mailwatch. After I replace the exchange server in my firewall's NAT table, mail is restored, but then it seems like the messages that were in mailscanner are slowly released. I'll see the emails i sent from my yahoo account like thirty minutes after I make the NAT change and the SPAMsnake is no longer visible to the outside. Please somebody help me!!??
Ben K