I neglected to mention the exchange server, source outbound server,
is on internal edge of the dmz.
On Fri, Dec 24, 2010 at 12:02 AM, Stan Hoeppner <s...@hardwarefreak.com> wrote:
> Roman Gelfand put forth on 12/23/2010 10:01 PM:
>
>> I am now looking to use the postfix mail gateway, smart host,
>> to send mail out. Specifically, I would like to bypass all of
>> the checks done for incoming mail
>
> If you are referring to user submitted mail to be relayed to the outside
> world, you would use the 587 smtpd server for this purpose, configured
> very similarly to your re-injection smtpd server, possibly similar to
> this example:
>
> 587 inet n - n - - smtpd
> -o smtpd_enforce_tls=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o content_filter=
> -o smtpd_recipient_restrictions=permit_sasl_authenticated, \
> permit_mynetworks,reject
> -o receive_override_options=no_unknown_recipient_checks, \
> no_address_mappings,no_header_body_checks
>
I am looking to send out exchange outbound email via the postfix
server. Based on what you said, I need to add another server to
master.cf to handle outgoing requests. This mail server will be
listening on port 587.
587 inet n - n - - smtpd
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o content_filter=
So, it appears that exchange is handing over the message to postfix's
smtpd server. However, postfix's smtp is, perhaps, sending something
that remote server doesn't understand and ultimately times out?
Dec 24 11:35:47 mail postfix/smtp[4442]: connect to
mx1.targetdomain.com[xx.xx.xx.xx]:25: Connection timed out
Dec 24 11:36:17 mail postfix/smtp[4442]: connect to
mx2.targetdomain.com[xx.xx.xx.xx]:25: Connection timed out
Dec 24 11:36:17 mail postfix/smtp[4442]: 0CA34640C3:
to=<recei...@targetdomain.com>, relay=none, delay=61,
delays=0.45/0.07/60/0, dsn=4.4.1, status=deferred (connect to
mx2.targetdomain.com[xx.xx.xx.xx]:25: Connection timed out)
0CA34640C3 2935 Fri Dec 24 11:35:16 sen...@mydomain.com
(connect to mx2.targetdomain.com[xx.xx.xx.xx]:25:
Connection timed out)
recei...@targetdomain.com
>> and tightly control the outbound
>> traffic. How can I accomplish this?
In making the postfix the smart host, I would like to make it very
difficult if not impossible to relay emails from sources other than
the internal exchange server. I have noticed you added tls and
authentication. Is that the standard way to lock down relay server?
>
> You need to be more specific than "tightly control the outbound
> traffic". "Smart hosting" is simply accomplished via a transport maps
> table. See:
>
> http://www.postfix.org/transport.5.html
>
> If you want to route (smart host) some mail to some destination domains
> via an external submission relay(s) (e.g. ISP's TCP 25 or 587 submission
> server) then you'll need some things we'll cover in later emails after
> your reply confirming you need this capability.
>
> --
> Stan
>
