Mail routing

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Mail routing

[Redhosting] Egbert Groot
Hi,

I'm trying to set up a mail server who does a kind of 'source routing'.

All mail comes in on one ip / port
A- some mail comes from 'local' users: from my networks, or via sasl
authentication
B- some mail comes from the internet.
C- some mail has to be delivered direct locally
D- some mail has to go outbound to the internet.


I want to group the different combinations (a,b,c,d) in three different
ways to handle te mail:

1: direct local  delivery (virus / spamfiltering per end user
mailboxtransport)
2: relay to outbound transport1 (only virus filtering (globla))
3: relay to outbound transport2  (does more strict virus and spam
filtering (global))

A/B->C should always take route 1    (local delivery, doesn't matter
from where it came)
A->D should take route 3  (relaying from internal to outsite)
B->D should take route 2  (relaying from outsite to outsite, these are
domains hosted by me, with aliases resolving to external email adressess)

How can I accomplish this routing? Do I have to use the Restriction
Classes function for this? One of the problems seems to be Postfix
doesn't know on beforehand what the final destination will be, a local
user, or a remote email address. Added to that, postfix should not only
use the recipient address to route mail, but also has to consider from
where te mail came.

I appreciate some comments on this setup, and wether it will be possible
or not to configure.


(some background info: as most of the time I've to spend to email, it
has to do with spam. At this moment, all email leaves the same way, only
virus scanned. We host al lot of domains, who have no local email boxes,
but just forward the email to email addresses elsewhere. This way, we
also forward quite large amounts of spam. The recipient mailservers does
notice this, and we get blacklisted for having a  'spammy' server. So I
want two things: sent email I only forward out via a different ip (that
maybe gets blocked), and filter that mail for spam (so I don't get
blocked as many times). The local originated mail should not suffer from
blocks intended for the forwarded email, and should use an own outgoing
ip. This mail I don't want to filter on spam, because this are my own
customers. When they will send spam, I can take action myself.)

thanks,
Egbert Groot,
Redhosting.

Reply | Threaded
Open this post in threaded view
|

Re: Mail routing

Brian Evans - Postfix List
[Redhosting] Egbert Groot wrote:
> Hi,
>
> I'm trying to set up a mail server who does a kind of 'source routing'.
Note: all comments are speculative as no `postconf -n` was posted.

>
> All mail comes in on one ip / port
> A- some mail comes from 'local' users: from my networks, or via sasl
> authentication
> B- some mail comes from the internet.
> C- some mail has to be delivered direct locally
> D- some mail has to go outbound to the internet.
>
>
> I want to group the different combinations (a,b,c,d) in three
> different ways to handle te mail:
>
> 1: direct local  delivery (virus / spamfiltering per end user
> mailboxtransport)
> 2: relay to outbound transport1 (only virus filtering (globla))
> 3: relay to outbound transport2  (does more strict virus and spam
> filtering (global))
>
> A/B->C should always take route 1    (local delivery, doesn't matter
> from where it came)
This is default postfix behavior, you just add a (before|after)-queue
filter for the virus/spam filter.
> A->D should take route 3  (relaying from internal to outsite)
Suggestion: close port 25 to mynetwork users and force them to use the
submission port (587). Otherwise they follow (your) path #1.
This method allows finer control of what happens to email upon
submission from a local network. (Do NOT open this up publicly)

> B->D should take route 2  (relaying from outsite to outsite, these are
> domains hosted by me, with aliases resolving to external email adressess)
>
> How can I accomplish this routing? Do I have to use the Restriction
> Classes function for this? One of the problems seems to be Postfix
> doesn't know on beforehand what the final destination will be, a local
> user, or a remote email address. Added to that, postfix should not
> only use the recipient address to route mail, but also has to consider
> from where te mail came.
>
> I appreciate some comments on this setup, and wether it will be
> possible or not to configure.
>
>
> (some background info: as most of the time I've to spend to email, it
> has to do with spam. At this moment, all email leaves the same way,
> only virus scanned. We host al lot of domains, who have no local email
> boxes, but just forward the email to email addresses elsewhere. This
> way, we also forward quite large amounts of spam. The recipient
> mailservers does notice this, and we get blacklisted for having a  
> 'spammy' server. So I want two things: sent email I only forward out
> via a different ip (that maybe gets blocked), and filter that mail for
> spam (so I don't get blocked as many times). The local originated mail
> should not suffer from blocks intended for the forwarded email, and
> should use an own outgoing ip. This mail I don't want to filter on
> spam, because this are my own customers. When they will send spam, I
> can take action myself.)
REJECT mail that should be rejected.   The easy way is to use
reject_rbl_client.   The better way is to implement a policy daemon like
policyd-weight or postfwd.  These allow several checks very quickly and
keep ACCEPT'ing spam to a minimum.
>
> thanks,
> Egbert Groot,
> Redhosting.
>