[geeks] Postfix configuration help

[Ido Dubrawsky]

I've got a quick question.  I've got a Solaris 10/Postfix SMTP server 
behind my firewall providing mail hosting for my home domain.  I've got 
Postfix locked down pretty tightly to block spam with the following 
configuration:

smtpd_helo_restrictions = check_helo_access 
hash:/etc/postfix/helo_checks, reject_unknown_hostname, 
reject_invalid_hostname
smtpd_sender_restrictions = hash:/etc/postfix/access, 
reject_unknown_client, reject_unknown_address, 
reject_unknown_sender_domain, permit
smtpd_client_restrictions = hash:/etc/postfix/access, permit_mynetworks, 
reject_unknown_client, reject_rbl_client domain-name
smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination, reject_rbl_client cbl.abuseat.org, 
reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, 
reject_rbl_client bl.spamcop.net, reject_rbl_client dul.dnsbl.sorbs.net, 
permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
#maps_rbl_domains = bl.spamcop.net, sbl-xbl.spamhaus.org, list.dsbl.org, 
cbl.abuseat.org, dul.dnsbl.sorbs.net, pbl.spamhaus.org
maps_rbl_domains = bl.spamcop.net, list.dsbl.org, cbl.abuseat.org, 
dul.dnsbl.sorbs.net, zen.spamhaus.org
parent_domain_matches_subdomains = yes

I've got some people that I know that are running Exchange (2003 and 
2007) in one box (for 2007 the Edge and Hub roles are all on one 
system).  When they send me e-mail their Exchange server exposes it's 
machine name (which could be something like mailsrv1.local) to Postfix 
which cannot resolve the name in DNS (they are publishing their Exchange 
server using an external DNS name such as mail.companyname.com, etc.).  
I've looked for documentation on how to tell Postfix that if it gets a 
connection from a specific mail server to bypass the rules 
reject_unknown_hostname and reject_invalid_hostname which are the ones 
that typically cause Postfix to reject the e-mail.  Fortunately our 
esteemed Mr. Bradford is more forgiving in his configuration and 
provides me with secondary MX -- and so the e-mail from my friends 
eventually get to me but come through his system.  Can anyone suggest 
something to fix this?

Ido

P.S. Yes, I went overboard on this, but I got sick and tired of my wife 
complaining about the spam getting through and forwarding me the spam 
when it did.

-- 
Ido Dubrawsky
Network Security Architect
dubrawsky.org


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.