Loading ...
Sorry, an error occurred while loading the content.

sending mail using more then one smarthost\relayhost and sasl?

Expand Messages
  • Eliezer Croitoru
    Hey, I have a situation with a working postfix install which I am not sure how to implement. the main problem is that from time to time I get a rejected mail
    Message 1 of 3 , Sep 2, 2013
    • 0 Attachment
      Hey,

      I have a situation with a working postfix install which I am not sure
      how to implement.

      the main problem is that from time to time I get a "rejected" mail from
      a remote system and which I cannot do a thing about.
      the setup is like this:
      Local client(sasl) ->(submission 587)Local POSTFIX

      the local postfix hosts one\two virtual domains.

      the postfix uses an amavisd-new for mail filtering.
      The setup works fine and the local POSTFIX is setup with:
      smtp sasl auth using a relayhost.
      I have a faileover relayhost in postfix but I want another thing.

      I want to define that all local\virtual domains will be delivered to the
      dovecot mailer.
      and specific outgoing domains will be relayed using specific relay
      servers while all other traffic will be relayed using the relayhost or
      failover relayhost.

      the current postfix config is:
      # cat main.cf |grep -v ^#|grep -v '^$'
      queue_directory = /var/spool/postfix
      command_directory = /usr/sbin
      daemon_directory = /usr/libexec/postfix
      data_directory = /var/lib/postfix
      mail_owner = postfix
      myhostname = mail.example.com
      inet_interfaces = all
      inet_protocols = all
      mydestination = $myhostname, localhost.$mydomain, www1
      unknown_local_recipient_reject_code = 550
      alias_maps = hash:/etc/aliases
      alias_database = hash:/etc/aliases


      debug_peer_level = 2
      debugger_command =
      PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
      ddd $daemon_directory/$process_name $process_id & sleep 5
      sendmail_path = /usr/sbin/sendmail.postfix
      newaliases_path = /usr/bin/newaliases.postfix
      mailq_path = /usr/bin/mailq.postfix
      setgid_group = postdrop
      html_directory = no
      manpage_directory = /usr/share/man
      sample_directory = /usr/share/doc/postfix-2.6.6/samples
      readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
      home_mailbox = .maildir/
      virtual_mailbox_domains =
      mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
      virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
      local_transport = dovecot
      virtual_transport = dovecot
      dovecot_destination_recipient_limit = 1
      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
      smtpd_sasl_auth_enable = yes
      smtpd_recipient_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_unauth_destination,
      reject_unknown_sender_domain,
      check_policy_service unix:private/policy,
      check_client_access
      hash:/etc/postfix/rbl_override
      reject_rbl_client bl.spamcop.net,
      reject_rbl_client sbl.spamhaus.org,
      smtpd_sender_restrictions = permit_sasl_authenticated,
      permit_mynetworks,
      check_sender_access
      mysql:/etc/postfix/mysql-block-virtual-domains.cf
      reject_invalid_helo_hostname,
      reject_non_fqdn_sender,
      warn_if_reject,
      permit
      mynetworks_style = host
      smtp_sasl_auth_enable = yes
      smtp_sasl_password_maps = hash:/etc/postfix/saslpass
      smtpd_sasl_local_domain = $myorigin
      smtp_sasl_security_options =
      smtp_sasl_tls_security_options = noanonymous
      relayhost = [smtp.012.net.il]
      smtp_fallback_relay = [mail.example1.com]:25
      smtpd_tls_cert_file = /etc/ssl/ssl.crt
      smtpd_tls_key_file = /etc/ssl/ssl.key
      smtpd_tls_security_level = may
      smtpd_tls_CAfile = /etc/ssl/dca.pem
      biff = no
      empty_address_recipient = MAILER-DAEMON
      queue_minfree = 120000000
      content_filter=amavisfeed:[127.0.0.1]:10024
      policy_time_limit = 3600
      message_size_limit = 20480000

      the master.cf is:
      # cat master.cf
      #
      # Postfix master process configuration file. For details on the format
      # of the file, see the master(5) manual page (command: "man 5 master").
      #
      # Do not forget to execute "postfix reload" after editing this file.
      #
      # ==========================================================================
      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      # ==========================================================================
      smtp inet n - n - - smtpd
      submission inet n - n - - smtpd
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      #smtps inet n - n - - smtpd
      # -o smtpd_tls_wrappermode=yes
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      # -o milter_macro_daemon_name=ORIGINATING
      #628 inet n - n - - qmqpd
      pickup fifo n - n 60 1 pickup
      cleanup unix n - n - 0 cleanup
      qmgr fifo n - n 300 1 qmgr
      #qmgr fifo n - n 300 1 oqmgr
      tlsmgr unix - - n 1000? 1 tlsmgr
      rewrite unix - - n - - trivial-rewrite
      bounce unix - - n - 0 bounce
      defer unix - - n - 0 bounce
      trace unix - - n - 0 bounce
      verify unix - - n - 1 verify
      flush unix n - n 1000? 0 flush
      proxymap unix - - n - - proxymap
      proxywrite unix - - n - 1 proxymap
      smtp unix - - n - - smtp
      # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
      relay unix - - n - - smtp
      -o smtp_fallback_relay=
      # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq unix n - n - - showq
      error unix - - n - - error
      retry unix - - n - - error
      discard unix - - n - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - n - - lmtp
      anvil unix - - n - 1 anvil
      scache unix - - n - 1 scache
      #
      # ====================================================================
      # Interfaces to non-Postfix software. Be sure to examine the manual
      # pages of the non-Postfix software to find out what options it wants.
      #
      # Many of the following services use the Postfix pipe(8) delivery
      # agent. See the pipe(8) man page for information about ${recipient}
      # and other message envelope options.
      # ====================================================================
      #
      # maildrop. See the Postfix MAILDROP_README file for details.
      # Also specify in main.cf: maildrop_destination_recipient_limit=1
      #
      #maildrop unix - n n - - pipe
      # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
      #
      # ====================================================================
      #
      # The Cyrus deliver program has changed incompatibly, multiple times.
      #
      #old-cyrus unix - n n - - pipe
      # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
      ${extension} ${user}
      #
      # ====================================================================
      #
      # Cyrus 2.1.5 (Amos Gouaux)
      # Also specify in main.cf: cyrus_destination_recipient_limit=1
      #
      #cyrus unix - n n - - pipe
      # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
      ${extension} ${user}
      #
      # ====================================================================
      #
      # See the Postfix UUCP_README file for configuration details.
      #
      #uucp unix - n n - - pipe
      # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
      ($recipient)
      #
      # ====================================================================
      #
      # Other external delivery methods.
      #
      #ifmail unix - n n - - pipe
      # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      #
      #bsmtp unix - n n - - pipe
      # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
      $recipient
      #
      #scalemail-backend unix - n n - 2 pipe
      # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
      # ${nexthop} ${user} ${extension}
      #
      #mailman unix - n n - - pipe
      # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      # ${nexthop} ${user}

      dovecot unix - n n - - pipe
      flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f
      ${sender} -d ${recipient}
      policy unix - n n - 0 spawn
      user=nobody argv=/usr/bin/perl /usr/local/lib/policyd-spf-perl

      amavisfeed unix - - n - 2 lmtp
      -o lmtp_data_done_timeout=1200
      -o lmtp_send_xforward_command=yes
      -o disable_dns_lookups=yes
      -o max_use=20
      127.0.0.1:10025 inet n - n - - smtpd
      -o content_filter=
      -o smtpd_delay_reject=no
      -o smtpd_client_restrictions=permit_mynetworks,reject
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o smtpd_data_restrictions=reject_unauth_pipelining
      -o smtpd_end_of_data_restrictions=
      -o smtpd_restriction_classes=
      -o mynetworks=127.0.0.0/8
      -o smtpd_error_sleep_time=0
      -o smtpd_soft_error_limit=1001
      -o smtpd_hard_error_limit=1000
      -o smtpd_client_connection_count_limit=0
      -o smtpd_client_connection_rate_limit=0
      -o
      receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
      -o local_header_rewrite_clients=
      -o smtpd_milters=
      -o local_recipient_maps=
      -o relay_recipient_maps=
      ##END

      Thanks in advance,

      Eliezer
    • Jeroen Geilman
      ... You re not sure how to implement... a working situation ? ... What kind of mail ? What system ? What does the log say ? Any information would help, here -
      Message 2 of 3 , Sep 8, 2013
      • 0 Attachment
        On 09/02/2013 10:56 PM, Eliezer Croitoru wrote:
        > Hey,
        >
        > I have a situation with a working postfix install which I am not sure
        > how to implement.

        You're not sure how to implement... a working situation ?

        > the main problem is that from time to time I get a "rejected" mail from
        > a remote system and which I cannot do a thing about.

        What kind of mail ? What system ? What does the log say ?
        Any information would help, here - but you're providing nothing.

        > the setup is like this:
        > Local client(sasl) ->(submission 587)Local POSTFIX
        >
        > the local postfix hosts one\two virtual domains.
        >
        > the postfix uses an amavisd-new for mail filtering.
        > The setup works fine and the local POSTFIX is setup with:
        > smtp sasl auth using a relayhost.
        > I have a faileover relayhost in postfix but I want another thing.
        >
        > I want to define that all local\virtual domains will be delivered to the
        > dovecot mailer.

        There is no "dovecot mailer"; dovecot is an IMAP/LMTP server.
        The way to deliver *virtual* domains to dovecot is to use dovecot as
        your *virtual* transport.
        Local domains won't be distinguished from one another; use virtual
        domains for that.

        > and specific outgoing domains will be relayed using specific relay
        > servers

        That's what transport(5) is for.

        > the current postfix config is:
        > # cat main.cf |grep -v ^#|grep -v '^$'

        Configuration should be shared by providing the output of "postconf -nf".
        The list welcome message contains clear instructions on how to ask for help.

        > the master.cf is:
        > # cat master.cf

        THIS is where excluding comments would actually help, although for
        modern versions (2.9+) there is postconf -Mf.


        > Thanks in advance,

        Did you ask any other question than the one about transport(5) I
        answered above ?
        If so, I am afraid it was lost in the noise.

        --
        J.
      • Eliezer Croitoru
        ... Thanks, No my setup is working perfectly and I know how to ask questions most of the time. If I do ask it do mean I have tried one thing or another. My
        Message 3 of 3 , Sep 12, 2013
        • 0 Attachment
          On 09/08/2013 11:47 PM, Jeroen Geilman wrote:
          >
          > Did you ask any other question than the one about transport(5) I
          > answered above ?
          > If so, I am afraid it was lost in the noise.
          Thanks,

          No my setup is working perfectly and I know how to ask questions most of
          the time.
          If I do ask it do mean I have tried one thing or another.

          My main question was regarding transport(5).
          I have tried hash:/etc/postfix/transport and it didn't worked while using:
          postmap /etc/postfix/transport.
          When I have used the same command but with
          "btree:/etc/postfix/transport"
          it worked fine.
          the main thing I think is that using postmap to run "postmap
          btree:/etc/postfix/transport"
          is not the same as "postmap /path/to/file" but asking the mailing list
          is the right thing instead of storming my mind to more then 24 hours of
          no sleep.

          Hope you understood and can answer my assumption.

          Eliezer
        Your message has been successfully submitted and would be delivered to recipients shortly.