Problem with SpamSnake not releasing mail to Exchange server

Discussion in 'HOWTO-Related Questions' started by reggieblak, Oct 14, 2009.

  1. reggieblak

    reggieblak New Member

    Helo out there! ;)

    I went through the spamsnake setup for Ubuntu Server 9.04. I am able to see mail tagged as clean and as spam in the mailwatch UI, but nothing ever gets forwarded to my exchange server.

    The setup is Internet -> Firewall -> Spamsnake -> Exchange.

    SpamSnake is in the DMZ. It is connecting to an Exchange Front End server that handles OWA. I have configured Apache on the SpamSnake to reverse Proxy connections for my OWA users, and that works without a problem. To test settings, I replace the SPAMSNAKE with the Exchange front end box in my routers NAT filter. That way i do not have to change external DNS or anything. When i do this, and run

    tail -f /var/log/mail.log

    I can see connections to the spamsnake from outside.

    Here is an excerpt from the log:


    Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pmurdoch@shawscience.com> proto=ESMTP helo=<ILYMITSV>

    Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<sighl74@re-cones.com> to=<pchipere@shawscience.com> proto=ESMTP helo=<ILYMITSV>

    Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: lost connection after DATA (0 bytes) from unknown[114.204.31.75]

    Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: disconnect from unknown[114.204.31.75]

    Oct 14 02:22:58 sspnix1 postfix/smtpd[2875]: connect from unknown[117.204.225.95]

    Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: NOQUEUE: reject: RCPT from unknown[117.204.225.95]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [117.204.225.95]; from=<aLange_sohne@excite.fr> to=<rsanna@shawscience.com> proto=ESMTP helo=<[117.204.225.95]>

    Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>

    Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<wo@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>

    Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<dragginggqo5@holylotus.com> to=<everyone@shawscience.com> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn>

    Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: disconnect from unknown[117.204.225.95]
    Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[125.90.221.160]

    Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: disconnect from unknown[125.90.221.160]

    Oct 14 02:23:00 sspnix1 postfix/smtpd[2765]: connect from unknown[123.18.115.245]

    Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: connect from unknown[123.98.188.182]

    Oct 14 02:23:01 sspnix1 postfix/pickup[2627]: 7E03843637F: uid=0 from=<root>

    Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 7E03843637F: message-id=<20091014062301.7E03843637F@mail.shawscience.com>

    Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: from=<root@shawscience.com>, size=581, nrcpt=1 (queue active)

    Oct 14 02:23:01 sspnix1 postfix/local[3432]: 7E03843637F: to=<IT@shawscience.com>, orig_to=<root>, relay=local, delay=0.07, delays=0.04/0.01/0/0.02, dsn=5.1.1, status=bounced (unknown user: "it")

    Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 89EDF436383: message-id=<20091014062301.89EDF436383@mail.shawscience.com>

    Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: from=<>, size=2361, nrcpt=1 (queue active)

    Oct 14 02:23:01 sspnix1 postfix/bounce[3433]: 7E03843637F: sender non-delivery notification: 89EDF436383

    Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: removed

    Oct 14 02:23:01 sspnix1 postfix/local[3432]: 89EDF436383: to=<IT@shawscience.com>, orig_to=<root@shawscience.com>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "it")

    Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: removed

    Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[123.98.188.182]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.98.188.182]; from=<comminglesid9@ehostpad.com> to=<petgord34truew@shawscience.com> proto=ESMTP helo=<VEZIBRYHZL>

    Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[123.98.188.182]

    Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: disconnect from unknown[123.98.188.182]

    Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: NOQUEUE: reject: RCPT from unknown[123.18.115.245]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.18.115.245]; from=<big-discounts@dwp.net> to=<pbhahn@shawscience.com> proto=ESMTP helo=<[123.18.115.245]>

    Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: disconnect from unknown[123.18.115.245]

    I have manually created a relay_recipients file and placed it in /etc/postfix directory. However NOQUEUE: reject: RCPT errors from regardless of whether the email address is valid for my domain or not.

    Postconf -n :

    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    append_dot_mydomain = no
    biff = no
    bounce_notice_recipient = bkwayisi@shawscience.com
    config_directory = /etc/postfix
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = /usr/share/doc/postfix/html
    local_recipient_maps =
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    mydestination = mydomain.com
    myhostname = mail.mydomain.com
    mynetworks = 10.15.0.0/24, 192.168.6.0/24, 127.0.0.0/8
    myorigin = mydomain.com
    readme_directory = /usr/share/doc/postfix
    recipient_delimiter = +
    relay_domains = hash:/etc/postfix/relay_domains
    relay_recipient_maps = hash:/etc/postfix/relay_recipients
    smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_helo_required = yes
    smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_pipelining reject_rbl_client zen.spamhaus.org bl.spamcop.net permit check_relay_domains
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = mydomain.local
    smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit
    smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    transport_maps = hash:/etc/postfix/transport
    virtual_alias_maps = hash:/etc/postfix/virtual

    I have used "mydomian" as a place holder.

    The funny thing is that once I send test emails from my external yahoo account to my corporate email address, and I can see them as clean messages in mailwatch. After I replace the exchange server in my firewall's NAT table, mail is restored, but then it seems like the messages that were in mailscanner are slowly released. I'll see the emails i sent from my yahoo account like thirty minutes after I make the NAT change and the SPAMsnake is no longer visible to the outside. Please somebody help me!!??


    Ben K
     
  2. reggieblak

    reggieblak New Member

    Additional Info

    I've also been advised that while the spamsnake server is exposed to the outside it is bouncing back email to valid senders with the following:

    Reporting-MTA: dns; mail.mydomain.com
    X-Postfix-Queue-ID: 9514E43637F
    X-Postfix-Sender: rfc822; external.sender@outsidedomain.com
    Arrival-Date: Wed, 14 Oct 2009 01:44:27 -0400 (EDT)

    Final-Recipient: rfc822; internaluser@mydomain.com
    Original-Recipient: rfc822;internaluser@mydomain.com
    Action: failed
    Status: 5.1.1
    Diagnostic-Code: X-Postfix; unknown user: "internaluser"
     
  3. Rocky

    Rocky New Member

    Hi,

    Try changing your smtpd sender and recipient restrictions to look like the below:

    smtpd_sender_restrictions =
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    permit
    smtpd_recipient_restrictions =
    reject_non_fqdn_recipient,
    permit_mynetworks,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    permit

    Also, make sure you postmap your transport, relay_recipients, relay_domains and any other files you may have created. Make sure to restart postfix after you're finished.
     

Share This Page