Email Routing (Postfix) Question

Discussion in 'Server Operation' started by david_hitt@lionlike.com, Sep 10, 2013.

  1. Quick question,

    If I use my ispconfig 3.0.5.3 server to route email to another box for example.com, why does it require me to put the individual users on the ispconfig server?

    Example:

    A.
    mail.example.com goes to 10.10.10.10
    ispconfig server (10.10.10.10) receives email for user1@example.com
    routing has transport set to smtp:[192.168.10.10] for example.com
    user1@ exists at 192.168.10.10 but not 10.10.10.10
    /var/log/mail shows error that user does not exist in virtual table, mail not delivered

    B.
    same scenario except:
    user2@ exists at both 192.168.10.10 and 10.10.10.10
    user2 will receive the message at 192.168.10.10

    Is there a way to override checking the user virtual table if a transport rule exists? Or do I have something configured incorrectly. It's a default 3.0.5.3 mail server install as per howtoforge instructions for Ubuntu 12.04.

    Thanks!

    Corey
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    To prevent backscatter spam. But you dont have to add all users, you can also add just the domain as described in the manual. But if you add just the domain, you might get banned by other isp's mail servers.

    Backscatter spam works like this:

    Server1 forwards email for domain.tld to server2. If server1 does nt know that the address joe@domain.tld does not exist, so it will send emails for this address to server2, server2 will reject the email and send it back to the sender. If I use a faked sender address then, I can use your server2 to send someone else a email and thats called backscatter and the other ISP will ban your serevr2 for that.
     
  3. Never thought of it that way. Good to know.

    Makes the management script a little more complex, but seems more secure in the long run.

    Thank you Till.
     
  4. Wait, follow up question...

    In your scenario, if someone faked a return address and you had each account in ispconfig (server1), wouldn't server1 just reply and get banned by the ISP instead of server2? Or is that where SPF record checks and other spam prevention would catch that at server1?
     
    Last edited: Sep 10, 2013

Share This Page