Nicholas Skinner

I recently setup Googles Postni message filtering service on another one of my domain names. It is a very effective spam filtering service that fits in between the Internet, and your mail server (you change your MX record to Postini, it filters the spam, then passes on only good messages to your server).

I had a problem however since a number of spam messages were still making it through. On closer inspection the spam that was getting through was somehow directly finding my mail server and bypassing the Postini service (even though the mail server is not mentioned anywhere in the MX records). The simple solution / recommended solution is to firewall port 25 to everything but Postini’s server but this is not entirely useful if authenticated users relay messages through the server, or some domains are using Postini’s service and others are not.

I am using Exim, therefore updated my configuration such that mail can be denied from mail servers other than *.postini.com where the domain name is using the Postini service (listed in a text file).

How to:

1. Create an empty text file ready to be populated with the list of domains using the Postini service:

   touch /etc/exim/postini_filtered
chmod 640 /etc/exim/postini_filtered
chown root:mail /etc/exim/postini_filtered

2. Add in domains to the list:

   echo domain_using_postini.com >> /etc/exim/postini_filtered
echo domain2_using_postini.com >> /etc/exim/postini_filtered

3. Edit /etc/eximn/exim.conf removing the section accepting mail for all local domains

   accept domains = +local_domains
endpass
verify = recipient

4. Add in statements allowing the receipt of mail in the list of domains using the Postini service, only if they come from Postini, and allowing the receipt of mail not in the list of domains using the Postini service:

   accept domains = +local_domains
domains = lsearch;/etc/exim/postini_filtered
hosts = *.postini.com
endpass
verify = recipient

   accept domains = +local_domains
domains = !lsearch;/etc/exim/postini_filtered
endpass
verify = recipient

This entry was posted on Monday, June 23rd, 2008 at 6:49 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.