DO NOT TOP POST IF YOU GOT A REPLY BELOW YOUR MESSAGE ON MAILING-LISTS, SEE MY REPLY AT BOTTOM WHILE I REFUSE TO REPAIR THE THRAED BECAUSE NOBODY WOULD PAY THE WORK
Am 14.02.2013 21:41, schrieb Kevin Blackwell: > I have 2 mx records. The primary is Exchanges edge server that has it's own > internal spam filtering. The secondary > is poxtfix server relaying mail to the edge server as a backup mx record. Are > you saying the postfix server should > be behind the Exchange edge server? > > On Thu, Feb 14, 2013 at 1:36 PM, Reindl Harald <h.rei...@thelounge.net > <mailto:h.rei...@thelounge.net>> wrote: > > Am 14.02.2013 20:31, schrieb Kevin Blackwell: > > I'm using postfix to relay email to our exchange server. > > > > The problem I'm running into is the spam filtering on the exchange > filter is being bypassed because the relayed > > email shows a from address of the email relay server and not the > originating ip address. > > > > Is there a was to configure postfix to relay male but retain the > received from IP address when it was received by > > postfix? > > wrong setup > > the spamfilter has to be on the MX directly in front of > both machines and especially in front of exchange > > what do you imagine happens if spam would be caught > on the exchange? well, it jectes while postfix in front > of it has received it > > now you have two choices and btoh are completly wrong: > * get a backscatter > * drop messages which you accepted with 250 silently > which is not permitted per law i say simply the spam-filter has to be on the MX and not on a relay server after, how you design your infrastructure is yours > Is there a was to configure postfix to relay male but retain the > received from IP address when it was received by postfix? is simply impossible your postfix connects to the exchange the connection happens per TCP/IP how do you imagine that postfix retains anything in this case postfix is the client the client is not in the position to decide what UP the server sees for a connection, otherwise any netfilter would be impossible, and no, throw away the idea to rely on whatever headers for such decisions i would never setup a mail system at all where the final destination does spam-filtering, there are solutions dedicated for spam-filterung and the already filtered mails are dlivered to the final destination no need for two MX records at all one is enough - if is down, well that is the reason for why mail queue where invented, if the MX is down for maintainance - so what, try later again deliver the message, that is how SMTP was designed to work
signature.asc
Description: OpenPGP digital signature
