Hello. Tnx for the prompt answer.
I already have a bastion MTA and an internal mailhub, hosted on separate VMs. I'm also preparing an additional VM that will handle only the outgoing traffic, in order to apply specific headers filtering as we discussed some time ago. The issue I have is with the naming convention I'm using, as the VM hosting the bastion MTA is in a specific virtual LAN, and is also used as bastion for other exposed services. So I did want to use a generic host name inside this DNS zone. It seems that the simplest solution is to replicate in the public DNS the internal name of the bastion host, pointing to an external address, and change the MX record accordlying. Tnx and have a nice day Marco Il 29. 02. 16 19:27, Wietse Venema ha scritto: > Marco: >> Hello. >> >> I have a small security concern with my external SMTP server: >> >>> 220 mail.marcobaldo.ch ESMTP >> <ehlo localhost >>> 250-iprovider.dmz.marcobaldo.ch >>> 250-PIPELINING >>> 250-SIZE >>> 250-ETRN >>> 250-STARTTLS >>> 250-ENHANCEDSTATUSCODES >>> 250-8BITMIME >>> 250 DSN >> As you see smtpd_banner has been changed to reflect the MX records. Is >> there any way of changing the host name sent in the 250 ehlo answer >> without having to modify the definition of "myhostname", I would prefer >> to keep identical to the internal DNS name? > Postfix names, as seen on the external network, should be consistent > with the external world's view of DNS. > - The MTA name in Postfix SMTP server responses (banner, ehlo, etrn, quit, > ...) > - The MTA name in Postfix SMTP client EHLO commands > - The MTA name in Postfix delivery status notifications. > - Whatever else leaks the MTA name. > > You can add per-daemon overrides in master.cf, but it gets complicated, > and it breaks some of the loop detection safety mechanisms. > > It may be easier to use a separate MTAs for separate roles: one > "bastion" MTA that is exposed to the outside, one "mailhub" MTA > that is exposed to the inside, with mail forwarding between them. > Standard firewall setup. > > Wietse
