-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

most SMTP serves do a reverse DNS check on incoming SMTP servers.  so if
your server is going out an ip address that doesn't have its RDNS set to
mail.buffalo.k12.mn.us - i would guess that might be a good place to
start.  it is supposed to cut down on spam, in reality, i think it just
cuts down email being set out from mis-configured email servers.

if you don't want your server talking directly to the internet, or can't
get the RDNS setup - you can always make it relay email to anther
internal SMTP server, like a GroupWise server, which then if configured
to relay out, should work just fine.

Tim Wilson wrote:
> Hey everyone,
> 
> I'm finally getting back to working on the mail relay problem I was  
> having a couple weeks ago. To recap:  I'd like to have a simple email  
> server (mail.buffalo.k12.mn.us) sitting on our network that will  
> simply relay mail sent from various servers (like our nagios server)  
> out to the Internet, but with the return address domain set to our  
> standard one (buffalo.k12.mn.us). I wouldn't even need this except  
> that configuring our GroupWise system to do this has been a hassle,  
> and I figured this would be a simpler solution.
> 
> I've got it working internally. I can email any user on our GroupWise  
> system from my user account on the server (Ubuntu 6.06 w/ postfix as  
> the MTA). When I try to send a test message to my visi address I get  
> the following in mail.log on the mail server:
> 
> Jan 11 13:48:25 mail postfix/smtp[8221]: connect to  
> smx.visi.com.redcondor.net[208.80.202.253]: server dropped connection  
> without sending the initial SMTP greeting (port 25)
> Jan 11 13:48:25 mail postfix/smtp[8221]: 441041584AB: to=<wilson at visi.com 
>  >, relay=none, delay=0, status=deferred (connect to  
> smx.visi.com.redcondor.net[208.80.202.253]: server dropped connection  
> without sending the initial SMTP greeting)
> 
> I called visi, and the tech said she wasn't even seeing the message  
> hitting their server. She did say that there is no MX record listed  
> for mail.bufffalo.k12.mn.us. Would that matter if this server is  
> sending mail as buffalo.k12.mn.us? Perhaps visi is doing some reverse  
> dns on the mail.buffalo.k12.mn.us IP and rejecting it?
> 
> If anyone has a moment to look at my main.cf and master.cf configs  
> below, I'd sure appreciate it. Or perhaps someone would be willing to  
> look at their server logs as I try to send a test message?
> 
> Here's my main.cf:
> 
> --snip--
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> biff = no
> 
> # appending .domain is the MUA's job.
> append_dot_mydomain = no
> 
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> 
> #disable_dns_lookups = no
> masquerade_exceptions = root
> masquerade_classes = envelope_sender, header_sender, header_recipient
> myhostname = mail.buffalo.k12.mn.us
> masquerade_domains = buffalo.k12.mn.us
> mydestination = $myhostname, localhost.$mydomain
> mynetworks = 10.0.0.0/8
> relayhost =
> --snip--
> 
> And here's my master.cf:
> 
> --snip--
> #
> # Postfix master process configuration file.  For details on the format
> # of the file, see the Postfix master(5) manual page.
> #
> #  
> = 
> = 
> ========================================================================
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> #  
> = 
> = 
> ========================================================================
> smtp      inet  n       -       -       -       -       smtpd
> #submission inet n      -       -       -       -       smtpd
> #	-o smtpd_etrn_restrictions=reject
> #	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #smtps    inet  n       -       -       -       -       smtpd
> #  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #submission inet n      -       -       -       -       smtpd
> #  -o smtpd_etrn_restrictions=reject
> #  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
> #628      inet  n       -       -       -       -       qmqpd
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> #qmgr     fifo  n       -       -       300     1       oqmgr
> tlsmgr    unix  -       -       -       1000?   1       tlsmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       -       smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX  
> loops
> relay     unix  -       -       -       -       -       smtp
> 	-o fallback_relay=
> #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> discard   unix  -       -       -       -       -       discard
> #local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       -       -       -       lmtp
> anvil     unix  -       -       -       -       1       anvil
> scache	  unix	-	-	-	-	1	scache
> #
> # ====================================================================
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # Many of the following services use the Postfix pipe(8) delivery
> # agent.  See the pipe(8) man page for information about ${recipient}
> # and other message envelope options.
> # ====================================================================
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> #
> maildrop  unix  -       n       n       -       -       pipe
>    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> #
> # See the Postfix UUCP_README file for configuration details.
> #
> uucp      unix  -       n       n       -       -       pipe
>    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail  
> ($recipient)
> #
> # Other external delivery methods.
> #
> ifmail    unix  -       n       n       -       -       pipe
>    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender  
> $recipient
> scalemail-backend unix	-	n	n	-	2	pipe
>    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $ 
> {nexthop} ${user} ${extension}
> mailman   unix  -       n       n       -       -       pipe
>    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
>    ${nexthop} ${user}
> --snip--
> 
> I'd appreciate any pointers on this. Thanks everybody.
> 
> -Tim
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHh+zpvE9HrEfeE4cRArEcAKDPycABD3c+uEfovCqiaHVrY8/xEQCfd11s
r6tIqGmM534LB+BA0f7v3Ro=
=XoQx
-----END PGP SIGNATURE-----