Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th October 2009, 08:53
reggieblak reggieblak is offline
Junior Member
 
Join Date: Oct 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Problem with SpamSnake not releasing mail to Exchange server

Helo out there!

I went through the spamsnake setup for Ubuntu Server 9.04. I am able to see mail tagged as clean and as spam in the mailwatch UI, but nothing ever gets forwarded to my exchange server.

The setup is Internet -> Firewall -> Spamsnake -> Exchange.

SpamSnake is in the DMZ. It is connecting to an Exchange Front End server that handles OWA. I have configured Apache on the SpamSnake to reverse Proxy connections for my OWA users, and that works without a problem. To test settings, I replace the SPAMSNAKE with the Exchange front end box in my routers NAT filter. That way i do not have to change external DNS or anything. When i do this, and run

tail -f /var/log/mail.log

I can see connections to the spamsnake from outside.

Here is an excerpt from the log:


Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pmurdoch@shawscience.com> proto=ESMTP helo=<ILYMITSV>

Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pchipere@shawscience.com> proto=ESMTP helo=<ILYMITSV>

Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: lost connection after DATA (0 bytes) from unknown[114.204.31.75]

Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: disconnect from unknown[114.204.31.75]

Oct 14 02:22:58 sspnix1 postfix/smtpd[2875]: connect from unknown[117.204.225.95]

Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: NOQUEUE: reject: RCPT from unknown[117.204.225.95]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [117.204.225.95]; from=<aLange_sohne@excite.fr> to=<rsanna@shawscience.com> proto=ESMTP helo=<[117.204.225.95]>

Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.c om.cn>

Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<wo@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.c om.cn>

Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.c om.cn>

Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: disconnect from unknown[117.204.225.95]
Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[125.90.221.160]

Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: disconnect from unknown[125.90.221.160]

Oct 14 02:23:00 sspnix1 postfix/smtpd[2765]: connect from unknown[123.18.115.245]

Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: connect from unknown[123.98.188.182]

Oct 14 02:23:01 sspnix1 postfix/pickup[2627]: 7E03843637F: uid=0 from=<root>

Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 7E03843637F: message-id=<20091014062301.7E03843637F@mail.shawscience.co m>

Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: from=<root@shawscience.com>, size=581, nrcpt=1 (queue active)

Oct 14 02:23:01 sspnix1 postfix/local[3432]: 7E03843637F: to=<IT@shawscience.com>, orig_to=<root>, relay=local, delay=0.07, delays=0.04/0.01/0/0.02, dsn=5.1.1, status=bounced (unknown user: "it")

Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 89EDF436383: message-id=<20091014062301.89EDF436383@mail.shawscience.co m>

Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: from=<>, size=2361, nrcpt=1 (queue active)

Oct 14 02:23:01 sspnix1 postfix/bounce[3433]: 7E03843637F: sender non-delivery notification: 89EDF436383

Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: removed

Oct 14 02:23:01 sspnix1 postfix/local[3432]: 89EDF436383: to=<IT@shawscience.com>, orig_to=<root@shawscience.com>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "it")

Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: removed

Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[123.98.188.182]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.98.188.182]; from=<comminglesid9@ehostpad.com> to=<petgord34truew@shawscience.com> proto=ESMTP helo=<VEZIBRYHZL>

Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[123.98.188.182]

Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: disconnect from unknown[123.98.188.182]

Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: NOQUEUE: reject: RCPT from unknown[123.18.115.245]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.18.115.245]; from=<big-discounts@dwp.net> to=<pbhahn@shawscience.com> proto=ESMTP helo=<[123.18.115.245]>

Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: disconnect from unknown[123.18.115.245]

I have manually created a relay_recipients file and placed it in /etc/postfix directory. However NOQUEUE: reject: RCPT errors from regardless of whether the email address is valid for my domain or not.

Postconf -n :

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_notice_recipient = bkwayisi@shawscience.com
config_directory = /etc/postfix
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
local_recipient_maps =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 10.15.0.0/24, 192.168.6.0/24, 127.0.0.0/8
myorigin = mydomain.com
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_pipelining reject_rbl_client zen.spamhaus.org bl.spamcop.net permit check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mydomain.local
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual

I have used "mydomian" as a place holder.

The funny thing is that once I send test emails from my external yahoo account to my corporate email address, and I can see them as clean messages in mailwatch. After I replace the exchange server in my firewall's NAT table, mail is restored, but then it seems like the messages that were in mailscanner are slowly released. I'll see the emails i sent from my yahoo account like thirty minutes after I make the NAT change and the SPAMsnake is no longer visible to the outside. Please somebody help me!!??


Ben K
Reply With Quote
Sponsored Links
  #2  
Old 14th October 2009, 18:15
reggieblak reggieblak is offline
Junior Member
 
Join Date: Oct 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Additional Info

I've also been advised that while the spamsnake server is exposed to the outside it is bouncing back email to valid senders with the following:

Reporting-MTA: dns; mail.mydomain.com
X-Postfix-Queue-ID: 9514E43637F
X-Postfix-Sender: rfc822; external.sender@outsidedomain.com
Arrival-Date: Wed, 14 Oct 2009 01:44:27 -0400 (EDT)

Final-Recipient: rfc822; internaluser@mydomain.com
Original-Recipient: rfc822;internaluser@mydomain.com
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user: "internaluser"
Reply With Quote
  #3  
Old 19th October 2009, 17:33
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
 
Default

Hi,

Try changing your smtpd sender and recipient restrictions to look like the below:

smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permit

Also, make sure you postmap your transport, relay_recipients, relay_domains and any other files you may have created. Make sure to restart postfix after you're finished.
__________________
Home of the SpamSnake
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Help configure Postfix to use alt port 465 or 587 BoloMarkIII Installation/Configuration 10 16th March 2009 17:57
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16
Can not recieve mail with de virtual mail adress Mounir Installation/Configuration 9 24th July 2006 23:16


All times are GMT +2. The time now is 10:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.