On 2022 May 19, at 12:56, Jeremy Hansen <jer...@skidrow.la> wrote:
> I’m trying to do a ssh port forward of port 25 from my local mta to an aws
> node so my mta doesn’t have to be directly on the routable internet.
Why does your mta need port 25 at all if it's not routable?
> I’m seeing an interesting problem due to the fact that aws ip’s are so
> heavily probed.
>
> When a prober tries sending email to <random user>@<aws predictable
> hostname>, the mail tries to bounce back to the recipient’s address. Well
> since we’re port forwarding, the address it’s bouncing to is actually
> ourselves. Hence the loop and a really big mail queue.
>
> So in this scenario, how would I break this chain?
That really depends on your actaul1setup and what you are actaul1l trying to
do. The simplest solution based on waht1you've said is "connect to the was
server, not to an ssh tunnel.
> I thought sender/recipient address verification would break the loop but I’m
> having trouble figuring this out.
What do your logs say?
But mostly, what exactly are you trying to accomplish because I'm having
trouble thinking f a reason that you would be doing this.
> I think it may be good enough if I was able to tell postfix to just drop any
> mail coming from or destine to amazonaws.com but I’m not sure how to do this
> gracefully. Any suggestions on this aside from “don’t do that” :-)
Sometimes "don't do that" is the right answer.
--
It was the sort of grin people use when they stare at your left ear
and tell you in an urgent tone of voice that they are being spied
on by secret agents from the next galaxy. It was not a grin to
inspire confidence. More horrible grins had probably been seen,
but only on the sort of grinner that is orange with black
stripes, has a long tail and hangs around in jungles looking for
victims to grin at.
