more mail transport

Discussion in 'Feature Requests' started by maumar, Nov 23, 2011.

  1. maumar

    maumar Member HowtoForge Supporter

    we have more then one mx records for domain

    @ IN MX 10 mx10.acme.eom.
    @ IN MX 11 mx11.acme.eom.
    @ IN MX 12 mx12.acme.eom.

    etc etc

    each mx server is an ispconfig that acts as mailgw, but after the first one, we are not able to insert the other ones into email routing form.

    We would manage, instead, many email routing servers for one domain
  2. maumar

    maumar Member HowtoForge Supporter

    i have skipped the check as per this diff:

    diff form/mail_transport.tform.php  form/mail_transport.tform.php-org
    >                       'validators'    => array (      0 => array (    'type'  => 'UNIQUE',
    >                                                                                                               'errmsg'=> 'domain_error_unique'),
    >                                                                       ),
    please, do you see any side-effect a part from that it will be overwritten at next upgrade?

    i am testing it; it seems working well

    even if my tests are ok, i ask you as maybe there is some side-effect that is not seen by my tests
    Last edited: Nov 24, 2011
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I know, postfix uses in transports the first matching entry only to forward the email to the target and skips the next ones. So postfix will ignore the additional records that you added by disabling the ispconfig duplicate check anyway as postfix checks for duplicates too and ignores them.

    So adding more MX records in DNS makes sense for mailgateways for high availability and load balancing but you would add only one record to postfix transports in that case and not all.
  4. maumar

    maumar Member HowtoForge Supporter

    Hello Till, thnx for helping me..
    Without that hack, how can setup secondary mailgws to relay mails when primary is down?

    i was unable to do it and so i disabled the check, but it is not a solution, it's a dirty hack; what do u suggest?
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    There should be no need to add any transports at all when you have setup the MX records as described above. The MX records are used by postfix to find a mail relay server for the given domain name and if one of them is not available, postfix tries the other ones automtically.
  6. maumar

    maumar Member HowtoForge Supporter

    ok, but the problem is that the other mx points to ispconfig server; i have 2 xen servers on 2 different datacenter; on each xen server i have all the servers of multiserver set, e.g. web,dns,mail,mysql etc etc, and a mail server that act as a mailgateway

    so, i have
    datacenter1 => ispconfig multiserver with mailgateway server (ispconfig)
    datacenter2 => ispconfig multiserver with mailgateway server (ispconfig)

    each mailgateway is an ispconfig that i setup using Email Routing and disabling recipients relay check on, it's easy to do

    i have domain1 on mailserver on datacenter1 with crossed mailgw on datacenter2 and viceversa, so if a datacenter is down, mail are queued on mailgateway of the other datacenter

    But I can configure others transports only disabling check, sadly.
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    This will make your system a backscatter spam system. Your servers are likely to get banned for backscatter spam as tehy will accpet emails for non existing recipients, then forward these emails to the mail gw where they get rejected later. As the rejection does not happen on the first mailserver, a bounce message is send by postfix instead of a reject and this causes backscatter spam.

    Ok. So you need just one transport and not more. As the transport of each mail gw. points only to the other gw. All other transports are ignored by postfix anyway, so it does not matter if you add them or not.

    A mailsystem consisting of several ispconfig servers is normally setup in a different way:

    1) Install two or more ispconfig mail servers and use the ispconfig mirroring features to replicate configuration data trough the whole cluster.
    2) Setup DNS MX records for the domains on these servers for each mailserver that you have installed.
    3) Use a technology to sync the /var/vmail folder of all mailsystems, e.g. unison for near realtime replication of 2 nodes or glusterfs for more then 2 nodes.

    This setup gives you full redundany and even load balancing.
  8. maumar

    maumar Member HowtoForge Supporter

    i was not clear enough ;(

    to setup an ispconfig to act as a mailgw, ispconfig should accept mail for all the domains that stay on target mail server, so i have:

    mail1 => ispconfig mail server with mail imap/pop3 accounts
    mailgw1 => relay messages only for domains configured on mail1

    to setup mailgw one shuld:

    1. disable relay_recipient_maps
    # relay_recipient_maps = mysql:/etc/postfix/ 
    2. use verify to limit relay to account on target server
    address_verify_map = btree:/var/lib/postfix/verify
    3. add verify check into
    smtpd_recipient_restrictions =  permit_mynetworks,...,reject_unverified_recipient
    4. relay for domain on target server
    relay_domains = mysql:/etc/postfix/
    5 use transport to know where delivery mails
    transport_maps = proxy:mysql:/etc/postfix/
    6. disable every smtp authenticated
    sed -i -e s/sasl/d
    keep care to have option of smtpd_recipient_restrictions one for line, otherwise this wipe your smtpd_recipient_restrictions

    done :)

    if this mailgw goes down, you need another one one able to relay to the same target.
    So you need 2 transport
    same domain
    same target ip
    different mail server_id IN MX 10 IN MX 20
    imap IN A x.y.w.z deliver mails to x.y.w.z
    if goes down with MX 20 deliver mails to x.y.w.z

    nothing more, nothing less

    maybe this configuration can be useful to other people, here
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok. I will remove the unique check.

Share This Page