Helo out there! I went through the spamsnake setup for Ubuntu Server 9.04. I am able to see mail tagged as clean and as spam in the mailwatch UI, but nothing ever gets forwarded to my exchange server. The setup is Internet -> Firewall -> Spamsnake -> Exchange. SpamSnake is in the DMZ. It is connecting to an Exchange Front End server that handles OWA. I have configured Apache on the SpamSnake to reverse Proxy connections for my OWA users, and that works without a problem. To test settings, I replace the SPAMSNAKE with the Exchange front end box in my routers NAT filter. That way i do not have to change external DNS or anything. When i do this, and run tail -f /var/log/mail.log I can see connections to the spamsnake from outside. Here is an excerpt from the log: Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ILYMITSV> Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: NOQUEUE: reject: RCPT from unknown[114.204.31.75]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [114.204.31.75]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ILYMITSV> Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: lost connection after DATA (0 bytes) from unknown[114.204.31.75] Oct 14 02:22:56 sspnix1 postfix/smtpd[2877]: disconnect from unknown[114.204.31.75] Oct 14 02:22:58 sspnix1 postfix/smtpd[2875]: connect from unknown[117.204.225.95] Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: NOQUEUE: reject: RCPT from unknown[117.204.225.95]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [117.204.225.95]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[117.204.225.95]> Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn> Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn> Oct 14 02:22:59 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[125.90.221.160]: 554 5.7.1 Service unavailable; Client host [125.90.221.160] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=125.90.221.160; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<160.221.90.125.broad.zq.gd.dynamic.163data.com.cn> Oct 14 02:22:59 sspnix1 postfix/smtpd[2875]: disconnect from unknown[117.204.225.95] Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[125.90.221.160] Oct 14 02:23:00 sspnix1 postfix/smtpd[2878]: disconnect from unknown[125.90.221.160] Oct 14 02:23:00 sspnix1 postfix/smtpd[2765]: connect from unknown[123.18.115.245] Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: connect from unknown[123.98.188.182] Oct 14 02:23:01 sspnix1 postfix/pickup[2627]: 7E03843637F: uid=0 from=<root> Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 7E03843637F: message-id=<[email protected]> Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: from=<[email protected]>, size=581, nrcpt=1 (queue active) Oct 14 02:23:01 sspnix1 postfix/local[3432]: 7E03843637F: to=<[email protected]>, orig_to=<root>, relay=local, delay=0.07, delays=0.04/0.01/0/0.02, dsn=5.1.1, status=bounced (unknown user: "it") Oct 14 02:23:01 sspnix1 postfix/cleanup[3426]: 89EDF436383: message-id=<[email protected]> Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: from=<>, size=2361, nrcpt=1 (queue active) Oct 14 02:23:01 sspnix1 postfix/bounce[3433]: 7E03843637F: sender non-delivery notification: 89EDF436383 Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 7E03843637F: removed Oct 14 02:23:01 sspnix1 postfix/local[3432]: 89EDF436383: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "it") Oct 14 02:23:01 sspnix1 postfix/qmgr[2629]: 89EDF436383: removed Oct 14 02:23:01 sspnix1 postfix/smtpd[2878]: NOQUEUE: reject: RCPT from unknown[123.98.188.182]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.98.188.182]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<VEZIBRYHZL> Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: lost connection after DATA (0 bytes) from unknown[123.98.188.182] Oct 14 02:23:02 sspnix1 postfix/smtpd[2878]: disconnect from unknown[123.98.188.182] Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: NOQUEUE: reject: RCPT from unknown[123.18.115.245]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [123.18.115.245]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[123.18.115.245]> Oct 14 02:23:02 sspnix1 postfix/smtpd[2765]: disconnect from unknown[123.18.115.245] I have manually created a relay_recipients file and placed it in /etc/postfix directory. However NOQUEUE: reject: RCPT errors from regardless of whether the email address is valid for my domain or not. Postconf -n : alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_notice_recipient = [email protected] config_directory = /etc/postfix header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html local_recipient_maps = mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = mydomain.com myhostname = mail.mydomain.com mynetworks = 10.15.0.0/24, 192.168.6.0/24, 127.0.0.0/8 myorigin = mydomain.com readme_directory = /usr/share/doc/postfix recipient_delimiter = + relay_domains = hash:/etc/postfix/relay_domains relay_recipient_maps = hash:/etc/postfix/relay_recipients smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces reject_unknown_reverse_client_hostname smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks reject_unauth_pipelining reject_rbl_client zen.spamhaus.org bl.spamcop.net permit check_relay_domains smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mydomain.local smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache transport_maps = hash:/etc/postfix/transport virtual_alias_maps = hash:/etc/postfix/virtual I have used "mydomian" as a place holder. The funny thing is that once I send test emails from my external yahoo account to my corporate email address, and I can see them as clean messages in mailwatch. After I replace the exchange server in my firewall's NAT table, mail is restored, but then it seems like the messages that were in mailscanner are slowly released. I'll see the emails i sent from my yahoo account like thirty minutes after I make the NAT change and the SPAMsnake is no longer visible to the outside. Please somebody help me!!?? Ben K
Additional Info I've also been advised that while the spamsnake server is exposed to the outside it is bouncing back email to valid senders with the following: Reporting-MTA: dns; mail.mydomain.com X-Postfix-Queue-ID: 9514E43637F X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Wed, 14 Oct 2009 01:44:27 -0400 (EDT) Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822;[email protected] Action: failed Status: 5.1.1 Diagnostic-Code: X-Postfix; unknown user: "internaluser"
Hi, Try changing your smtpd sender and recipient restrictions to look like the below: smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit Also, make sure you postmap your transport, relay_recipients, relay_domains and any other files you may have created. Make sure to restart postfix after you're finished.