Mandriva 2005 Postfix Anti-Spam, Anti-Virus Relay Server for Exchange Server 2000/2003 - Page 3

STEP 4: Configure Postfix

The steps below outline how to configure postfix to receive e-mail for your Exchange box, forward it to amavisd-new which in turns processes it with spamassasin and razor and if passes all the checks it gets forwarded back to postfix which in turn delivers to your exchange box. a) Issue the following command at your putty prompt to edit your /etc/postfix/main.cf file:

vi /etc/postfix/main.cf

Hit "i" to edit the file, and make sure the settings below are set obviously substituting your info and/or adding lines as necessary:
# User configurable parameters
inet_interfaces = all
#mynetworks_style = host
local_recipient_maps =
delay_warning_time = 4h
Do not give out more info to potential hackers than necessary. A lot of people leave the server type and version number on this field. I say, just be as vague as possible. Your choice.
smtpd_banner = yourdomain.tld ESMTP  

unknown_local_recipient_reject_code = 550
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
recipient_delimiter = +
owner_request_special = no
alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
content_filter = smtp-amavis:[127.0.0.1]:10025
receive_override_options = no_address_mappings
#empty_address_recipient =
header_checks = regexp:/etc/postfix/header_checks
message_size_limit = 1024000
In the following line you specify the domains that you will allow this server to relay mail for. Be careful here. Limit this to only your domains or you risk of becoming an open relay!
relay_domains = yourdomain.tld, anotherdomain.tld 
Obviously your domain name goes here. Multiple domains can go there separated by commas
mydomain = yourdomain.tld 
Enter the FQDN for your box here
myhostname = hostname.yourdomain.tld 
In this field, ensure that you put in the IP address of your exchange server and your domain name.
mynetworks = 192.168.1.10/32, yourdomain.tld 
This field actually makes the whole relay thing work. Make a note of the file and the path, we'll deal with it further down.
transport_maps = hash:/etc/postfix/transport 

#myorigin =
queue_minfree = 0 
Enter RBL lists in the following field. Please be very careful which lists you pick. Some lists are ran by tyrrants and sometimes legitimate server go on there. Also, keep in mind, any e-mail matched to a list gets rejected at the door. Which means it doesn't even get to your server which means the user or you will NEVER see that e-mail. Be very wise about which lists you pick.
maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, opm.blitzed.org, dun.dnsrbl.net 

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_hostname, reject_maps_rbl

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient

smtpd_sender_restrictions = reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender

The field below is very very important. Make a note of it and we'll deal with it further down this guide.

relay_recipient_maps = hash:/etc/postfix/exchange_recipients 
Once done with the editing, hit SHIFT, ZZ to save the file. b) Next issue the following command at your putty prompt where yourdomain.com is the name of the domain this server is going to be relaying e-mail for and 192.168.xxx.xxx is the actual IP address of your exchange server. You can add as many domains as you like.

echo "yourdomain.com smtp:[192.168.xxx.xxx]" >> /etc/postfix/transport

The following command will tell postfix to accept e-mail for ALL domains. I DO NOT recommend you process the following command unless you are 150% sure you know what you are doing. I merely put it there for reference.

echo "* smtp:[192.168.xxx.xxx]" >> /etc/postfix/transport

After you add the previous line(s) in your transport file, issue the following commands. One command per line:

postmap /etc/postfix/transport

postfix reload

service postfix restart

You should first see the message “postfix/postfix-script: refreshing the Postfix Mail system� and then “Shutting Down postfix� and “Starting Postfix�. You should see no errors during this. If you do, go back and fix them. Then do the postfix reload and the service postfix restart commands again and look for error. If no error, life is good! Proceed to next step.

Share this page:

5 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-07-07 20:50:43

This is an excelent guide step by step to build a mail gateway with
antivirus and antispam funcionalities. I've used it to build a mail
gateway to help to us domino's server to process email. I've build it
with Mandriva 2006 and there's not problem, all works fine. As I didn't
have Exchange, I had to look for information to build the file of valid
recipients manually.

Omar Rojas García

omarrojasg (at) gmail.com 

 

 

From: Anonymous at: 2010-01-13 18:34:59

Superb blog post. I thought your blog post is extremely fascinating. Thanks!

From: Anonymous at: 2006-06-29 15:59:46

Postfix can directly query Active directory and the setup is much simpler.  In addition, your postfix setup is now always up-to-date on active users.  In main.cf add:

relay_recipient_maps = ldap:/etc/postfix/ldap.cf

in ldap.cf:

server_host = ldap://dc1.example.com:389
search_base = cn=Users,dc=example,dc=com
timeout = 5
bind = yes
version = 3
bind_dn = ADuser@example.com
bind_pw = ADusersPW
query_filter = (proxyAddresses=smtp:%s)
result_attribute = extensionAttribute1
domain = hash:/etc/postfix/transport

in transport:

example.com smtp:exchange.example.com:25

Lastly in the Active Domain user management you need to put "OK" (no quotes) in the extensionAtribute1 for each user you wish to allow to receive external email.  This is required because Postfix looks for OK in the lookup response, anything else is a negative response.

Enjoy,

Woody (woody at linif dot org)

From: at: 2007-11-29 20:13:13

imap2mbox.exe --config="c:\imap2mbox\ham.cfg" --path="Pubic Folders/" --folder="HAM/" --server=YourExchangeServer --delete --username="YOURDOMAIN/username" --mbox="c:\imap2mbox\ham.mbox" --pass=yourpassword


 Watch out for the "Pubic" folders ;-)


 Also the username/password should be a user that has read/right to "all" in those folders or this will not work. Off of the top of my head, I think the role is "Publisher" for the folder. (I'm not near exchange at the moment).


 One other thing, someone previously posted a way of doing this ldap: style. Worked beutifuly for me, this should be added as an alternate. Maybe with an explanation of advantages and disadvantages. This walk through work great with debian, most of the stuff is very apt-get'able. Only a few configs were different, not much though.


 Thank you very much for your work.


 


dan 

From: Pawel at: 2010-02-16 12:07:49

Great tutorial! Thanks!