Proper setup of our postfix relays
in [Postfix]
|
Prev: Bypassing content filter or mail filter if one of them crashes out
Next: BCC to Undisclosed-Recipient
From: Jon Giles on 30 Mar 2010 12:52 Hello There! I have looked around the net for an answer to this with no luck. Our company has a pair of Postfix relays that relay mail in and out of our network. We use an outside email service for email archiving, and this requires all the mail to be sent through the service. We can not just send the mail to the open internet. So I set this up in the main.cf file. relay_domains = maildomain1 maildomain2 maildomain3 relayhost = to the DNS name of the email archiving service fallback_relay = to the second DNS name of the email archiving service In a transport file: maildomain1 :[mailboxserverIP] maildomain2 :[mailboxserverIP] maildomain3 :[mailboxserverIP] Etc. Everything works fine, except when we have a problem with the mailbox server. When the mailbox server can not accept email for any reason we get mail loops on incoming mail. It seems to be something like this: 1. Email from outside goes to email archive service 2. email archive service sends it to our postfix relays 3. postfix relay tries to send it to mailbox server, but mailbox server is not available 4. postfix then sends the email back to the archive service (fallback relay?) causing a mail loop Anybody have any ideas? Thanks! jg Jon Giles Network Engineer The CDM Group 220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 [http://esig.sscggroup.com/The_CDM_Group.jpg] ________________________________ Please consider the environment before printing this e-mail. ________________________________ ________________________________ Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
From: Victor Duchovni on 30 Mar 2010 13:06 On Tue, Mar 30, 2010 at 12:52:28PM -0400, Jon Giles wrote: > So I set this up in the main.cf file. > > relay_domains = maildomain1 maildomain2 maildomain3 > relayhost = to the DNS name of the email archiving service > fallback_relay = to the second DNS name of the email archiving service DO NOT use fallback_relay here. Rather use internal DNS MX records, to specify a single relayhost domain name with multiple underlying hosts. > In a transport file: > > maildomain1 :[mailboxserverIP] > maildomain2 :[mailboxserverIP] > maildomain3 :[mailboxserverIP] > Etc. > > Everything works fine, except when we have a problem with the mailbox server. When the mailbox server can not accept email for any reason we get mail loops on incoming mail. > DO NOT use fallback_relay, and the problem will go away. If you simply cannot configure DNS, use a separate relay_transport, with "-o smtp_fallback_relay=..." in master.cf for the dedicated transport. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
From: Jon Giles on 30 Mar 2010 13:16 Very good. Thanks very much for the help! jg On 3/30/10 1:06 PM, "Victor Duchovni" <Victor.Duchovni(a)morganstanley.com> wrote: > On Tue, Mar 30, 2010 at 12:52:28PM -0400, Jon Giles wrote: > >> So I set this up in the main.cf file. >> >> relay_domains = maildomain1 maildomain2 maildomain3 >> relayhost = to the DNS name of the email archiving service >> fallback_relay = to the second DNS name of the email archiving service > > DO NOT use fallback_relay here. Rather use internal DNS MX records, to > specify a single relayhost domain name with multiple underlying hosts. > >> In a transport file: >> >> maildomain1 :[mailboxserverIP] >> maildomain2 :[mailboxserverIP] >> maildomain3 :[mailboxserverIP] >> Etc. >> >> Everything works fine, except when we have a problem with the mailbox server. >> When the mailbox server can not accept email for any reason we get mail loops >> on incoming mail. >> > > DO NOT use fallback_relay, and the problem will go away. > > If you simply cannot configure DNS, use a separate relay_transport, > with "-o smtp_fallback_relay=..." in master.cf for the dedicated > transport. Jon Giles Network Engineer The CDM Group 220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 -------------------------------------------------------------------------- Please consider the environment before printing this e-mail. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
From: Jon Giles on 31 Mar 2010 13:28 Victor: Thanks again for the suggestions. Having removed fallback_relay has stopped the loops, but I am still challenged in setting up the failover to the second relayhost. Unless there is something I am missing, using a local DNS server to create the failover isn't an option for me. I can't use A records to point to the relayhosts because the Ips might change over time without my knowledge. If I use cnames to relay to, I have a problem setting up cnames for additional relayhosts. It seems to work fine with A records, and if I knew for a fact that the IPs would not change I would be happy to use this config. Trying to use a * transport declaration works fine, as long as my local mailbox server is working correctly. If it goes down, however, I have the same mail loop problem. Here are the pieces of the config that might explain why I am having trouble with it. Master.cf has relay unix - - n - - smtp -o fallback_relay=secondrelayhost.relaydomain.com Main.cf has relay_transport = relay Transport has * relay: firstrelayhost.relaydomain.com Do you have any suggestions? Thanks! Jg On 3/30/10 1:06 PM, "Victor Duchovni" <Victor.Duchovni(a)morganstanley.com> wrote: > On Tue, Mar 30, 2010 at 12:52:28PM -0400, Jon Giles wrote: > >> So I set this up in the main.cf file. >> >> relay_domains = maildomain1 maildomain2 maildomain3 >> relayhost = to the DNS name of the email archiving service >> fallback_relay = to the second DNS name of the email archiving service > > DO NOT use fallback_relay here. Rather use internal DNS MX records, to > specify a single relayhost domain name with multiple underlying hosts. > >> In a transport file: >> >> maildomain1 :[mailboxserverIP] >> maildomain2 :[mailboxserverIP] >> maildomain3 :[mailboxserverIP] >> Etc. >> >> Everything works fine, except when we have a problem with the mailbox server. >> When the mailbox server can not accept email for any reason we get mail loops >> on incoming mail. >> > > DO NOT use fallback_relay, and the problem will go away. > > If you simply cannot configure DNS, use a separate relay_transport, > with "-o smtp_fallback_relay=..." in master.cf for the dedicated > transport. Jon Giles Network Engineer The CDM Group 220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 -------------------------------------------------------------------------- Please consider the environment before printing this e-mail. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
From: Victor Duchovni on 31 Mar 2010 13:55 On Wed, Mar 31, 2010 at 01:28:22PM -0400, Jon Giles wrote: > Thanks again for the suggestions. Having removed fallback_relay has > stopped the loops, but I am still challenged in setting up the failover to > the second relayhost. > > Unless there is something I am missing, using a local DNS server to create > the failover isn't an option for me. I can't use A records to point to the > relayhosts because the Ips might change over time without my knowledge. That's why you would use MX records: localhost zone on MTA DNS server: xyzzy.localhost. IN MX 0 primarymx.example.net. xyzzy.localhost. IN MX 10 secondarymx.example.net. main.cf: relayhost = xyzzy.localhost -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
|
Next
|
Last
Pages: 1 2 Prev: Bypassing content filter or mail filter if one of them crashes out Next: BCC to Undisclosed-Recipient |