| View previous topic :: View next topic |
| Author |
Message |
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
 Posted: Mon Jul 16, 2007 9:06 am Post subject: (solved) Postfix Relay |
 |
|
Hi All,
I currently have a Gentoo mail server (virtual setup) that is running just great, mail is delivered locally to virtual users but I have had a request if I can relay the mail for three domains to another - external - mail server. The question is how to do this securely without becoming an open relay?
I've done some reading and from what I can tell I need to put the domains to relay mail for in the postfix relay_domains config parameter but I'm not sure where to put the target server IP/host and how it relates to those specific domains? It looks like it has something to do with the relay_transport and/or relayhosts but I'm not sure as the postfix docs aren't as clear as they could be...at least for a relative mail server noob.
Could anybody let me know if I'm on the right track with this and how to finish off the setup.
Thanks.
_________________
--
______
Crispy
Last edited by Crispy Beef on Mon Jul 16, 2007 2:05 pm; edited 1 time in total |
|
| Back to top |
|
 |
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Mon Jul 16, 2007 10:13 am Post subject: |
|
|
Hi,
i run a similar setup. Here are the relevant parts of my config:
/etc/postfix/main.cf
| Code: | relay_domains = remotedomain.com
relay_recipient_maps = proxy:ldap:/etc/postfix/ldap/relay_recipients.cf
|
/etc/postfix/transport
| Code: | | remotedomain.com smtp:[mailgw.remotedomain.com] |
This should be sufficient for your request. |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Mon Jul 16, 2007 10:21 am Post subject: |
|
|
Maybe we could use a bit more info.
Are you planning to be the server shown in the MX record for, say, example.com? If so, you can take mail (but I'd recommend some kind of checking for valid recipients) and then process and use a dedicated transport in Postfix to forward to their otherwise unknown mail servers. |
|
| Back to top |
|
|
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
| Posted: Mon Jul 16, 2007 10:28 am Post subject: |
|
|
Thanks for the response guys, here's some more details.
My mail server is being listed as the main MX for the three external domains. The three domains are located on a MS Exchange server at a clients company on their network. They requested that I be the main MX and relay mail onto them. However I do not want to create backscatter if I can avoid it, so it would seem I'd need to tell postfix the domains that will relay to the client, the hostname of the Exchange server and have some kind of recipient map so unknown recipients will be dropped at my server and not bother the resources on the clients network and server.
Currently my machine is setup to deliver mail locally only to virtual mailboxes. I use MySQL to store various information; user table, domains allowed, networks allowed, virtaul alias maps etc.
Ideally I'd like to add the info for external mail relaying into a new MySQL table but as I can do that at a later date once I understand the basics of relaying with postifx.
Hope that clears a few things up.
_________________
--
______
Crispy |
|
| Back to top |
|
|
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Mon Jul 16, 2007 10:34 am Post subject: |
|
|
| Apart from the fact that i use LDAP as "database" you could use the config i passed earlier. Afaik you can store all the required information to MySQL. As magic919 wrote you should check the incoming mails for a valid recipient. I don't know how to export the user data from exchange but it should be possible. |
|
| Back to top |
|
|
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
| Posted: Mon Jul 16, 2007 10:35 am Post subject: |
|
|
Bit of an update, have just talked to the client and they say they don't care about backscatter and just need everything to their domains relayed even if the recipient doesn't exist, they say they are happy for their MS Exchange server to deal with the NDRs.
Not ideal but there we go; so all I need to do is tell postfix to shuffle all mail for those domains to their host.
_________________
--
______
Crispy |
|
| Back to top |
|
|
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
| Posted: Mon Jul 16, 2007 12:44 pm Post subject: |
|
|
| vad3r wrote: | | Apart from the fact that i use LDAP as "database" you could use the config i passed earlier. Afaik you can store all the required information to MySQL. As magic919 wrote you should check the incoming mails for a valid recipient. I don't know how to export the user data from exchange but it should be possible. |
Do I just put the external domains in the relay_domains parameter? What schema do you have for the recipient_maps database?
_________________
--
______
Crispy |
|
| Back to top |
|
|
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Mon Jul 16, 2007 12:52 pm Post subject: |
|
|
| All domains you add to the relay_domains parameter are forwarded because Postfix considers itself NOT to be the final destination for these mails. I thought you will forward all mails to the client no matter if the user exists or not. I can post you a ldap entry and the configuration if you want. |
|
| Back to top |
|
|
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
| Posted: Mon Jul 16, 2007 12:58 pm Post subject: |
|
|
| vad3r wrote: | | All domains you add to the relay_domains parameter are forwarded because Postfix considers itself NOT to be the final destination for these mails. I thought you will forward all mails to the client no matter if the user exists or not. I can post you a ldap entry and the configuration if you want. |
Hi, yes that's correct, just wanted to be sure. I've now set this up as suggested and am testing it out. I've also partially convinced the client to let me implement a recipient map...I've found a nice Perl script that will grab recipients from their Exchange server, fingers crossed on that though!
_________________
--
______
Crispy |
|
| Back to top |
|
|
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Mon Jul 16, 2007 1:06 pm Post subject: |
|
|
| Please add "(SOLVED)" to the subject if all your questions are answered |
|
| Back to top |
|
|
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
| Posted: Mon Jul 16, 2007 1:35 pm Post subject: |
|
|
Not quite there yet. 
I'm getting a bounced message saying:
| Code: | | mail for example.com loops back to myself |
My mail server is listed as the primary mail exchanger for the domain so that's fine, when I created the transport file I then imported this to postfix with the postmap command as follows:
| Code: | | postmap /etc/postfix/transport |
That didn't complain, to be sure I restarted postfix and still getting the bounced mail and error in the log files.
_________________
--
______
Crispy |
|
| Back to top |
|
|
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Mon Jul 16, 2007 1:50 pm Post subject: |
|
|
| If you have MX troube use brackets in the transport table. By using them you ensure that the mail will be sent to the server even if another server is the "official" MX for the domain. See my first post... |
|
| Back to top |
|
|
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
| Posted: Mon Jul 16, 2007 1:54 pm Post subject: |
|
|
| vad3r wrote: | | If you have MX troube use brackets in the transport table. By using them you ensure that the mail will be sent to the server even if another server is the "official" MX for the domain. See my first post... |
Yup, I have this:
/etc/postfix/transport
| Code: | | example.com smtp:[IP Address]:25 |
_________________
--
______
Crispy |
|
| Back to top |
|
|
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Mon Jul 16, 2007 2:03 pm Post subject: |
|
|
| This should work then. Just make sure that your client configured their exchange servers properly. They must accept the mail and act as final destination. Which server sends the bounce? Is it the exchange server or your box? |
|
| Back to top |
|
|
Crispy Beef
Apprentice
Joined: 29 Apr 2003
Posts: 194
Location: UK
|
| Posted: Mon Jul 16, 2007 2:05 pm Post subject: |
|
|
Ha! Got it working, found that I hadn't uncommented the config line which points to the newly created transport_maps hash file.
Thanks for the help guys.
_________________
--
______
Crispy |
|
| Back to top |
|
|
vad3r
Guru
Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
|
| Posted: Mon Jul 16, 2007 2:07 pm Post subject: |
|
|
It was a pleasure to help you  |
|
| Back to top |
|
|
|
Networking & Security
