Loading ...
Sorry, an error occurred while loading the content.

Inbound Only postfix gateway on home network/server lab CORRECTED **

Expand Messages
  • David Denny
    I am setting up an inbound postfix instance to run on a dmz host. Its purpose is to accept mail only for specific relay_recipients and to transport them to an
    Message 1 of 5 , Apr 3 3:23 AM
    View Source
    • 0 Attachment
      I am setting up an inbound postfix instance to run on a dmz host.

      Its purpose is to accept mail only for specific relay_recipients and to
      transport them to an internal postfix server.

      I have demonstrated proof of concept with this * but there is a tweak I
      cannot easily figure out from the documentation after having tried a few
      obvious options and reset them. Something basic is missing from my
      understanding, correcting which would be appreciated.

      Firstly I need to be sure that nothing entering this server will go out
      to the internet.

      All traffic needs to go to the internal smtp box which maildrops stuff
      into local unix accounts.

      There is a third box running outbound postfix which is meant to receive
      outbound mail from clients and have access (in the first place) to my
      ISPs smarthost.

      If this seems overengineered, sorry. But I am attempting to learn the
      details and having things on separate boxes helps.

      ** Anyway, the issue I am tussling with is that mails destined FOR
      internal hosts don't resolve locally and instead escape out to my ISP's
      smarthost where they are picked up with an invalid domain and bounced. I
      would like to stop this behaviour.

      ** Actually they don't go to the smarthost. Please see later

      Which fragments of my various configuration files would be useful to
      help diagnose this?

      I observe that mails are escaping directly from this machine and not
      going to the internal maildrop server nor to the outbound smtp box. In
      fact, the inbound postfix service is attempting to resolve the internal
      address as an Internet domain "Diagnostic-Code: X-Postfix; Host or
      domain name not found. Name service error for name=xxxxx.yyyyy
      type=AAAA: Host not found".

      where xxxxx.yyyyy is the internal host I was trying to send to.

      Anyway this is probably dead simple to someone :-(

      Thanks in advance
      DD
      Croydon, UK

      * with a previous ISP but have now transferred to another and would like
      to revive control of inbound mail.
    • Noel Jones
      ... OK, a standard relay_domain with valid recipients listed in relay_recipient_maps. ... relayhost = [ip.of.internal.gateway] ... and a transport_maps entry
      Message 2 of 5 , Apr 3 5:39 AM
      View Source
      • 0 Attachment
        David Denny wrote:
        > I am setting up an inbound postfix instance to run on a dmz host.
        >
        > Its purpose is to accept mail only for specific relay_recipients and to
        > transport them to an internal postfix server.

        OK, a standard relay_domain with valid recipients listed in
        relay_recipient_maps.

        >
        > I have demonstrated proof of concept with this * but there is a tweak I
        > cannot easily figure out from the documentation after having tried a few
        > obvious options and reset them. Something basic is missing from my
        > understanding, correcting which would be appreciated.
        >
        > Firstly I need to be sure that nothing entering this server will go out
        > to the internet.

        relayhost = [ip.of.internal.gateway]

        >
        > All traffic needs to go to the internal smtp box which maildrops stuff
        > into local unix accounts.
        >
        > There is a third box running outbound postfix which is meant to receive
        > outbound mail from clients and have access (in the first place) to my
        > ISPs smarthost.
        >
        > If this seems overengineered, sorry. But I am attempting to learn the
        > details and having things on separate boxes helps.
        >
        > ** Anyway, the issue I am tussling with is that mails destined FOR
        > internal hosts don't resolve locally and instead escape out to my ISP's
        > smarthost where they are picked up with an invalid domain and bounced. I
        > would like to stop this behaviour.
        >
        > ** Actually they don't go to the smarthost. Please see later
        >
        > Which fragments of my various configuration files would be useful to
        > help diagnose this?
        >
        > I observe that mails are escaping directly from this machine and not
        > going to the internal maildrop server nor to the outbound smtp box. In
        > fact, the inbound postfix service is attempting to resolve the internal
        > address as an Internet domain "Diagnostic-Code: X-Postfix; Host or
        > domain name not found. Name service error for name=xxxxx.yyyyy
        > type=AAAA: Host not found".

        and a transport_maps entry to help postfix find this host if
        it's different from the relayhost.

        # transport
        xxxxx.yyyyy relay:[ip.of.internal.host]


        -- Noel Jones
      • David Denny
        ... Thanks Noel. I added the relayhost and transport entries. If I mail to david@[i.p.add.ress] it reaches the internal destination. If I mail to
        Message 3 of 5 , Apr 3 8:21 AM
        View Source
        • 0 Attachment
          Noel Jones wrote:
          > David Denny wrote:
          >> I am setting up an inbound postfix instance to run on a dmz host.
          >>
          >> Its purpose is to accept mail only for specific relay_recipients and to
          >> transport them to an internal postfix server.
          >
          > OK, a standard relay_domain with valid recipients listed in
          > relay_recipient_maps.
          >
          >>
          >> I have demonstrated proof of concept with this * but there is a tweak I
          >> cannot easily figure out from the documentation after having tried a few
          >> obvious options and reset them. Something basic is missing from my
          >> understanding, correcting which would be appreciated.
          >>
          >> Firstly I need to be sure that nothing entering this server will go out
          >> to the internet.
          >
          > relayhost = [ip.of.internal.gateway]
          >
          >>
          >> All traffic needs to go to the internal smtp box which maildrops stuff
          >> into local unix accounts.
          >>
          >> There is a third box running outbound postfix which is meant to receive
          >> outbound mail from clients and have access (in the first place) to my
          >> ISPs smarthost.
          >>
          >> If this seems overengineered, sorry. But I am attempting to learn the
          >> details and having things on separate boxes helps.
          >>
          >> ** Anyway, the issue I am tussling with is that mails destined FOR
          >> internal hosts don't resolve locally and instead escape out to my ISP's
          >> smarthost where they are picked up with an invalid domain and bounced. I
          >> would like to stop this behaviour.
          >>
          >> ** Actually they don't go to the smarthost. Please see later
          >>
          >> Which fragments of my various configuration files would be useful to
          >> help diagnose this?
          >>
          >> I observe that mails are escaping directly from this machine and not
          >> going to the internal maildrop server nor to the outbound smtp box. In
          >> fact, the inbound postfix service is attempting to resolve the internal
          >> address as an Internet domain "Diagnostic-Code: X-Postfix; Host or
          >> domain name not found. Name service error for name=xxxxx.yyyyy
          >> type=AAAA: Host not found".
          >
          > and a transport_maps entry to help postfix find this host if it's
          > different from the relayhost.
          >
          > # transport
          > xxxxx.yyyyy relay:[ip.of.internal.host]
          >
          >
          > -- Noel Jones

          Thanks Noel. I added the relayhost and transport entries.
          If I mail to david@[i.p.add.ress] it reaches the internal destination.
          If I mail to david@... it goes out to the internet
          So looks like a DNS issue.
          I copied /etc/hosts into the chroot directory /var/spool/postfix but
          that had no beneficial effect.
          Stumped... will continue with google unless or until someone else gets
          here first.
          Cheers
          DD
        • Noel Jones
          ... If postfix is trying to send to the internet directly, your relayhost setting didn t take. http://www.postfix.org/postconf.5.html#relayhost If postfix
          Message 4 of 5 , Apr 3 9:26 AM
          View Source
          • 0 Attachment
            David Denny wrote:
            > Noel Jones wrote:
            >> and a transport_maps entry to help postfix find this host if it's
            >> different from the relayhost.
            >>
            >> # transport
            >> xxxxx.yyyyy relay:[ip.of.internal.host]
            >>
            >>
            >> -- Noel Jones
            >
            > Thanks Noel. I added the relayhost and transport entries.
            > If I mail to david@[i.p.add.ress] it reaches the internal destination.
            > If I mail to david@... it goes out to the internet
            > So looks like a DNS issue.
            > I copied /etc/hosts into the chroot directory /var/spool/postfix but
            > that had no beneficial effect.
            > Stumped... will continue with google unless or until someone else gets
            > here first.
            > Cheers
            > DD
            >

            If postfix is trying to send to the internet directly, your
            relayhost setting didn't take.
            http://www.postfix.org/postconf.5.html#relayhost

            If postfix can't find where to send mail for xxxx.yyyy, likely
            your transport_maps entry is incorrect.
            Note the lookup key in transport is the email domain, not
            necessarily the hostname.
            http://www.postfix.org/postconf.5.html#transport_maps
            http://www.postfix.org/transport.5.html

            -- Noel Jones
          • David Denny
            ... Thanks Noel. relayhost=[i.p.add.ress] now works Cheers DD
            Message 5 of 5 , Apr 3 10:12 AM
            View Source
            • 0 Attachment
              Noel Jones wrote:
              > David Denny wrote:
              >> Noel Jones wrote:
              >>> and a transport_maps entry to help postfix find this host if it's
              >>> different from the relayhost.
              >>>
              >>> # transport
              >>> xxxxx.yyyyy relay:[ip.of.internal.host]
              >>>
              >>>
              >>> -- Noel Jones
              >>
              >> Thanks Noel. I added the relayhost and transport entries.
              >> If I mail to david@[i.p.add.ress] it reaches the internal destination.
              >> If I mail to david@... it goes out to the internet
              >> So looks like a DNS issue.
              >> I copied /etc/hosts into the chroot directory /var/spool/postfix but
              >> that had no beneficial effect.
              >> Stumped... will continue with google unless or until someone else
              >> gets here first.
              >> Cheers
              >> DD
              >>
              >
              > If postfix is trying to send to the internet directly, your relayhost
              > setting didn't take.
              > http://www.postfix.org/postconf.5.html#relayhost
              >
              > If postfix can't find where to send mail for xxxx.yyyy, likely your
              > transport_maps entry is incorrect.
              > Note the lookup key in transport is the email domain, not necessarily
              > the hostname.
              > http://www.postfix.org/postconf.5.html#transport_maps
              > http://www.postfix.org/transport.5.html
              >
              > -- Noel Jones
              Thanks Noel.
              relayhost=[i.p.add.ress]
              now works

              Cheers
              DD
            Your message has been successfully submitted and would be delivered to recipients shortly.