Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st August 2014, 14:00
panaitescuionel panaitescuionel is offline
Junior Member
 
Join Date: Aug 2014
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix Gateway with Exchange Mail With MX back-up

Hello,

We have been looking for ways of implementing some redundancy on our postfix gateways in our company. We have 4 Postfix Gateways.
mail2.domain.ro 10
mail.domain.ro 20
mail1.domain.ro 30
mail3.domain.ro 40
On nslookup we have like this:
domain.ro MX preference = 10, mail exchanger = mail2.domain.ro
domain.ro MX preference = 20, mail exchanger = mail.domain.ro
domain.ro MX preference = 30, mail exchanger = mail1.domain.ro
domain.ro MX preference = 40, mail exchanger = mail3.domain.ro

The postfix servers are only the gateways to the internet. In the company we use the Exchange from Microsoft.

So, every gateways points to a HUB.
mail2.domain.ro (10.10.9.10 ) points to the first hub ( hub 1 = 10.21.1.4 )
mail.domain.ro ( 10.10.9.99 ) points to the second hub ( hub 2 = 10.21.1.7 )
mail1.domain.ro ( 10.10.9.98 ) points to the 3rd hub ( hub 3 - at the moment is down )
mail.3.domain.ro - it will be emplented in other city.

For the 2 postfix gateways we have configured the files like this:

main.cf

$ cat /etc/postfix/main.cf | egrep -v "(^#.*|^$)" > /home/yo/main.cf
smtp_data_xfer_timeout = 600
smtpd_error_sleep_time = 2s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_tls_CAfile = /etc/postfix/tls/CA.txt
smtpd_tls_cert_file = /etc/postfix/tls/domain.ro.crt
smtpd_tls_key_file = /etc/postfix/tls/domain.ro.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_CAfile = /etc/postfix/tls/CA.txt
smtp_tls_cert_file = /etc/postfix/tls/domain.ro.crt
smtp_tls_key_file = /etc/postfix/tls/domain.ro.key
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 3
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_timeout = 3600s
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
smtpd_helo_required = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mydomain = domain.ro
inet_interfaces = all
mydestination =
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16
relay_domains = domain.ro
transport_maps = hash:/etc/postfix/transport
relayhost =

smtp_generic_maps = hash:/etc/postfix/generic
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

header_checks = regexp:/etc/postfix/header_checks
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
message_size_limit = 25600000



master.cf

$ cat /etc/postfix/master.cf | egrep -v "(^#.*|^$)" > /home/yo/master.cf

smtp inet n - n - - smtpd -o content_filter=spamassassin
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}


transport

$ cat /etc/postfix/transport | egrep -v "(^#.*|^$)" > /home/yo/transport

domain.ro smtp:[10.21.1.4]
.domain.ro smtp:[10.21.1.4]



This is the actual configuration, so the postfix gateway points to a exchange HUB.

Our goal is : if the first hub drops from the first gateway, if we can manage to connect to the second hub .
We use the transport conf to connect to the hub, but how can we manage to points to a second hub if the first hub is dropped.

I found this link: http://postfix.1071664.n5.nabble.com...s-td39675.html , but becouse its a production environment we can't test ...
If we change in the master.cf with this: relay unix ... smtp -o smtp_fallback_relay=[fallback.example.com] and in the transport we still keep the current configuration it will work corectly?

How can we do this ?
Reply With Quote
Sponsored Links
  #2  
Old 22nd August 2014, 00:25
thctlo thctlo is offline
Junior Member
 
Join Date: Jun 2006
Posts: 9
Thanks: 2
Thanked 1 Time in 1 Post
Default

wel i have 1 mailgateway with 2 nics.
nic 1 internal net
nic 2 external net.
nic 1 is on lan switch
nic2 to is connected to a swich for internet use, in this switch are 2 internet modems.

on my linux server if use advanded routing.
explained here : http://www.debian-administration.org...ltiple_uplinks

config in your postfix master all ipadresses for smtp (port 25)
i have 4 lines 127.0.0.1:25 internalip:25 external1 and 2.
like
127.0.0.1:smtp unix - - n - - smtp
-o syslog_name=postfix-smtp1
-o smtp_helo_name=FQDN
-o smtp_bind_address=IP

internalip:smtp unix - - n - - smtp
-o syslog_name=postfix-smtp1
-o smtp_helo_name=FQDN
-o smtp_bind_address=IP

no need of transport maps, that is done by dns resolving the mx records.

this is a vhost1 and i'v done the same voor vhost2.
dns resolving internal to virtual host1 or 2, and both have 2 internet connections.
and host1 and to are no 2 differende xen servers.
pretty safe, wel ok for me. ;-)

so to test, get xen server 6.2 its free. install it. now you can migrate the production server to the a virtual machine.
google for it, xen has ok documentation has lots to find on the internet.

now you can test ;-)

and really ... postfix-2.3.3 ... old red-hat or centos..
as long you can do your upgrades...

Last edited by thctlo; 22nd August 2014 at 00:34.
Reply With Quote
  #3  
Old 22nd August 2014, 09:29
panaitescuionel panaitescuionel is offline
Junior Member
 
Join Date: Aug 2014
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hello,

Thank you for the response.

I don't have 1 server with 2 nic cards. I have 4 different blade servers for each gateway.
Everyone has same configuration.
Our issue is : if a mail has entered the gateway and transport it to a Microsoft Exchange HUB ( this is what the company buyed , so this is what we use ) , if a hub is down , to deliver the mail to the other hub on other blade server.

We can't put 4 hubs on different nic card on the same gateway, becouse if the gateway drops we will not have redundancy.

Any ideeas?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dovecot/Postfix Not Working. Connor Greer Installation/Configuration 1 15th July 2014 19:00
Postfix/Trivial-Rewrite Nilpo HOWTO-Related Questions 8 9th December 2013 11:06
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 21:01
Undelivered Mail Returned to Sender Error202 General 5 7th May 2009 12:14
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 18:39


All times are GMT +2. The time now is 17:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.