Mail server (ispconfig) ... with relay host (frontend, Porxmox mail gateway) : possible ?

Discussion in 'Installation/Configuration' started by ledufakademy, Aug 14, 2020.

  1. ledufakademy

    ledufakademy Member HowtoForge Supporter

    you mentionned fake name ... but.
    one mail server can host several domains. (this is what ispconfig mail server is done for)
    hostaname -f , for me, has nothing to do with postfix config ... and so on with all other mx record domain that can point to the mail server.
    eg mail server name : mail1.domain.local (hostname -f)
    BuT mx record for domain.com => mail1.domain.com hosted by mail1.domain.local
    mx record for domain2.eu=> mail1.domain2.eu hosted by mail1.domain.local
    etc etc .
    so this is very strange why you use the term , fake name , for every other mail domain hosted by mail server first one is always a "fake name" . domain.com is a fake name for domain2.eu for example ?
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It certainly does out of the box, though you can change your postfix config so that it doesn't.

    When your server connects to another server and says, "EHLO mail1.domain.local", you will find a percentage of servers will reject anything you try to send them. That includes every up to date ISPConfig server which hasn't had manual config override by the way, as you can see reject_unknown_helo_hostname is currently the default setting, though that will be configurable in 3.2.
     
    ahrasis likes this.
  3. ledufakademy

    ledufakademy Member HowtoForge Supporter

    ok, jesse i see.
    so it's better or hightly recommended, for us to reinstall all actual ispconfig servers (11) but with domain.com (instead of domain.local) ?
    and i guess that renaming all hostname ,fqdn, for each server will break ispconfig ... isn't it ?
    note: we have no data on ours ispconfig servers, and http/https stuff will be under haproxying (tcp mode, with SNI referal) because we only have 4 public ip.(in ipv6 a lot ;-))
     
    Last edited: Aug 21, 2020
  4. nhybgtvfr

    nhybgtvfr Active Member

    this is another reason for using the real domain name, eg mail1.domain.com, and using that same fqdn for ALL mx records.
    it may not be a big issue if you only have a few domains, but once you start getting a lot of domains, it'll become more hassle,
    you'll need every domain added to the certificates for smtp/dovecot.

    hopefully won't be an issue in the future with postfix supporting SNI, but ispconfig doesn't support postfix sni yet, and i'm not sure it's included in the upcoming ispconfig 3.2 release either.
     
    Th0m likes this.
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    It is not a must, but it speeds rspamd because it makes so much DNS queries. The server would work even if no dns server is installed.
    It is explained in Rspamd FAQ, where I looked it up when wondering why unbound.
    https://rspamd.com/doc/faq.html#resolver-setup
     
  6. ledufakademy

    ledufakademy Member HowtoForge Supporter

    must i re install all my ispconfig servers or just mail servers ?
    (for changing hostname fqdn, with domain.com instead of domain.local)
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no reinstall required. change the hostnames in /etc/hostname, /etc/mailname and /etc/postfiux main.cf and in ISPConfig under System > server config. The hostname of the ispcsrv* users in master database needs to be adjusted as well, use the phpmyadmin user editor for that as the users contain of many records in various tables. If you change the hostname of the master too, then you'll have to adjust the master hostname in all config.inc.php files on the slave servers.
     
  8. ledufakademy

    ledufakademy Member HowtoForge Supporter

    thank you Till,But i will reinstall (there no datas, so it's only time !)
    it will give a chance to make a new test of my Ansible playbook for building ispconfig infra. ;)
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Why reinstall if it's not needed?
     
  10. ledufakademy

    ledufakademy Member HowtoForge Supporter

    modifiy record in database ... it's not my way to do ... ;-)
     
  11. nhybgtvfr

    nhybgtvfr Active Member

    better to learn how to do it 'relatively' safely now when there's little to no user data than later when you have lots of live production data in there.
    can pretty much guarantee you will need to modify live records in the production database at some point in the future, most likely just after the point at which a complete backup and re-install becomes the more difficult/time-consuming option.
    and good luck with ansible, from experience it seems like you just get a complete working multi-server install script working and fully tested and they release an update with significant syntax changes and your playbook no longer works without major editing.
     
    Th0m likes this.

Share This Page