PDA

View Full Version : more mail transport


maumar
23rd November 2011, 20:57
we have more then one mx records for domain acme.com

@ IN MX 10 mx10.acme.eom.
@ IN MX 11 mx11.acme.eom.
@ IN MX 12 mx12.acme.eom.

etc etc

each mx server is an ispconfig that acts as mailgw, but after the first one, we are not able to insert the other ones into email routing form.

We would manage, instead, many email routing servers for one domain

maumar
24th November 2011, 10:58
i have skipped the check as per this diff:


diff form/mail_transport.tform.php form/mail_transport.tform.php-org
74a75,77
> 'validators' => array ( 0 => array ( 'type' => 'UNIQUE',
> 'errmsg'=> 'domain_error_unique'),
> ),




please, do you see any side-effect a part from that it will be overwritten at next upgrade?

i am testing it; it seems working well

even if my tests are ok, i ask you as maybe there is some side-effect that is not seen by my tests

till
24th November 2011, 11:15
As far as I know, postfix uses in transports the first matching entry only to forward the email to the target and skips the next ones. So postfix will ignore the additional records that you added by disabling the ispconfig duplicate check anyway as postfix checks for duplicates too and ignores them.

So adding more MX records in DNS makes sense for mailgateways for high availability and load balancing but you would add only one record to postfix transports in that case and not all.

maumar
24th November 2011, 11:25
Hello Till, thnx for helping me..
Without that hack, how can setup secondary mailgws to relay mails when primary is down?

i was unable to do it and so i disabled the check, but it is not a solution, it's a dirty hack; what do u suggest?

till
24th November 2011, 11:43
There should be no need to add any transports at all when you have setup the MX records as described above. The MX records are used by postfix to find a mail relay server for the given domain name and if one of them is not available, postfix tries the other ones automtically.

maumar
24th November 2011, 12:04
ok, but the problem is that the other mx points to ispconfig server; i have 2 xen servers on 2 different datacenter; on each xen server i have all the servers of multiserver set, e.g. web,dns,mail,mysql etc etc, and a mail server that act as a mailgateway

so, i have
datacenter1 => ispconfig multiserver with mailgateway server (ispconfig)
datacenter2 => ispconfig multiserver with mailgateway server (ispconfig)

each mailgateway is an ispconfig that i setup using Email Routing and disabling recipients relay check on main.cf, it's easy to do

i have domain1 on mailserver on datacenter1 with crossed mailgw on datacenter2 and viceversa, so if a datacenter is down, mail are queued on mailgateway of the other datacenter

But I can configure others transports only disabling check, sadly.

till
24th November 2011, 12:17
and disabling recipients relay check on main.cf, it's easy to do

This will make your system a backscatter spam system. Your servers are likely to get banned for backscatter spam as tehy will accpet emails for non existing recipients, then forward these emails to the mail gw where they get rejected later. As the rejection does not happen on the first mailserver, a bounce message is send by postfix instead of a reject and this causes backscatter spam.

i have domain1 on mailserver on datacenter1 with crossed mailgw on datacenter2 and viceversa, so if a datacenter is down, mail are queued on mailgateway of the other datacenter

Ok. So you need just one transport and not more. As the transport of each mail gw. points only to the other gw. All other transports are ignored by postfix anyway, so it does not matter if you add them or not.

A mailsystem consisting of several ispconfig servers is normally setup in a different way:

1) Install two or more ispconfig mail servers and use the ispconfig mirroring features to replicate configuration data trough the whole cluster.
2) Setup DNS MX records for the domains on these servers for each mailserver that you have installed.
3) Use a technology to sync the /var/vmail folder of all mailsystems, e.g. unison for near realtime replication of 2 nodes or glusterfs for more then 2 nodes.

This setup gives you full redundany and even load balancing.

maumar
24th November 2011, 12:49
i was not clear enough ;(

to setup an ispconfig to act as a mailgw, ispconfig should accept mail for all the domains that stay on target mail server, so i have:

mail1 => ispconfig mail server with mail imap/pop3 accounts
mailgw1 => relay messages only for domains configured on mail1

to setup mailgw one shuld:

1. disable relay_recipient_maps

# relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf


2. use verify to limit relay to account on target server

address_verify_map = btree:/var/lib/postfix/verify


3. add verify check into

smtpd_recipient_restrictions = permit_mynetworks,...,reject_unverified_recipient


4. relay for domain on target server

relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf


5 use transport to know where delivery mails

transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf


6. disable every smtp authenticated

sed -i -e s/sasl/d main.cf

keep care to have option of smtpd_recipient_restrictions one for line, otherwise this wipe your smtpd_recipient_restrictions

done :)

if this mailgw goes down, you need another one one able to relay to the same target.
So you need 2 transport
same domain
same target ip
different mail server_id

acme.com. IN MX 10 mailgw1.acme.com.
acme.com. IN MX 20 mailgw2.acme.com.
imap IN A x.y.w.z

mailgw1.acme.com. deliver mails to imap.acme.com x.y.w.z
if mailgw1.acme.com. goes down
mailgw2.acme.com. with MX 20 deliver mails to imap.acme.com x.y.w.z

nothing more, nothing less

maybe this configuration can be useful to other people, here

till
24th November 2011, 12:55
Ok. I will remove the unique check.