I’m trying to do a ssh port forward of port 25 from my local mta to an aws node so my mta doesn’t have to be directly on the routable internet.
I’m seeing an interesting problem due to the fact that aws ip’s are so heavily probed. When a prober tries sending email to <random user>@<aws predictable hostname>, the mail tries to bounce back to the recipient’s address. Well since we’re port forwarding, the address it’s bouncing to is actually ourselves. Hence the loop and a really big mail queue. So in this scenario, how would I break this chain? I thought sender/recipient address verification would break the loop but I’m having trouble figuring this out. I think it may be good enough if I was able to tell postfix to just drop any mail coming from or destine to amazonaws.com but I’m not sure how to do this gracefully. Any suggestions on this aside from “don’t do that” :-) Thanks
signature.asc
Description: PGP signature
