How to act based on the interface on which the mail was received?

classic Classic list List threaded Threaded
5 messages Options
RA
Reply | Threaded
Open this post in threaded view
|

How to act based on the interface on which the mail was received?

RA
Hi.

I have this postfix instance to relay all mail to a relay host but I wish to make this instance also an archiving MX for a domain. Initially the configuration was:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_interfaces = loopback-only
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2

In order to make it accept mail for a domain for archiving from the primary mail server, I removed the inet_interfaces so that it listens to public interface also and then configured the domain:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2
#
#
virtual_mailbox_domains = domain.com          
virtual_mailbox_base = /home/archive
virtual_mailbox_maps = static:mail/
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

But now even locally generated email for domain.com was getting stored in the virtual mailbox instead of getting relayed to the relayhost. So made virtual_mailbox_domains= empty in main.cf and configured public interface separately in master.cf:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2
#
#
virtual_mailbox_domains =          
virtual_mailbox_base = /home/archive
virtual_mailbox_maps = static:mail/
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

master.cf:

xx.xx.x.x:smtp inet n - y - - smtpd -o virtual_mailbox_domains=domain.com
127.0.0.1:smtp inet n - y - - smtpd

But this isn't working. The server is refusing to accept mail for domain.com on the public interface. In other words, how do I override virtual_mailbox_domains for the public IP? I wish to relay all locally generated emails to smarthost but store the email received on public IP for this domain.

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: How to act based on the interface on which the mail was received?

John Fawcett
On 11/02/2019 08:42, RA wrote:

> Hi.
>
> I have this postfix instance to relay all mail to a relay host but I wish to make this instance also an archiving MX for a domain. Initially the configuration was:
>
> mynetworks = 127.0.0.0/8
> mailbox_size_limit = 0
> inet_interfaces = loopback-only
> inet_protocols = ipv4
> myhostname = domain.com
> mydestination =
> biff = no
> append_dot_mydomain = no
> soft_bounce = yes
> relayhost = ***************
> smtp_sasl_password_maps = ***************
> smtp_use_tls=yes
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options =
> smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
> compatibility_level=2
>
> In order to make it accept mail for a domain for archiving from the primary mail server, I removed the inet_interfaces so that it listens to public interface also and then configured the domain:
>
> mynetworks = 127.0.0.0/8
> mailbox_size_limit = 0
> inet_protocols = ipv4
> myhostname = domain.com
> mydestination =
> biff = no
> append_dot_mydomain = no
> soft_bounce = yes
> relayhost = ***************
> smtp_sasl_password_maps = ***************
> smtp_use_tls=yes
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options =
> smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
> compatibility_level=2
> #
> #
> virtual_mailbox_domains = domain.com          
> virtual_mailbox_base = /home/archive
> virtual_mailbox_maps = static:mail/
> virtual_uid_maps = static:1000
> virtual_gid_maps = static:1000
>
> But now even locally generated email for domain.com was getting stored in the virtual mailbox instead of getting relayed to the relayhost. So made virtual_mailbox_domains= empty in main.cf and configured public interface separately in master.cf:
>
> mynetworks = 127.0.0.0/8
> mailbox_size_limit = 0
> inet_protocols = ipv4
> myhostname = domain.com
> mydestination =
> biff = no
> append_dot_mydomain = no
> soft_bounce = yes
> relayhost = ***************
> smtp_sasl_password_maps = ***************
> smtp_use_tls=yes
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options =
> smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
> compatibility_level=2
> #
> #
> virtual_mailbox_domains =          
> virtual_mailbox_base = /home/archive
> virtual_mailbox_maps = static:mail/
> virtual_uid_maps = static:1000
> virtual_gid_maps = static:1000
>
> master.cf:
>
> xx.xx.x.x:smtp inet n - y - - smtpd -o virtual_mailbox_domains=domain.com
> 127.0.0.1:smtp inet n - y - - smtpd
>
> But this isn't working. The server is refusing to accept mail for domain.com on the public interface. In other words, how do I override virtual_mailbox_domains for the public IP? I wish to relay all locally generated emails to smarthost but store the email received on public IP for this domain.
>
> Thanks.
I believe the way to do it is to set up two postfix instances. There is
a tool that makes that easier than it sounds.

http://www.postfix.org/postmulti.1.html

John


RA
Reply | Threaded
Open this post in threaded view
|

Re: How to act based on the interface on which the mail was received?

RA
Thanks for your response. Would want to avoid running multiple instances as far as possible. I feel I am missing something in the configuration or my approach isn't correct. Postfix should be able to handle this trivial task in a single instance.

----- Original message -----
From: John Fawcett <[hidden email]>
To: Postfix users <[hidden email]>
Subject: Re: How to act based on the interface on which the mail was received?
Date: Mon, 11 Feb 2019 12:36:14 +0100

On 11/02/2019 08:42, RA wrote:

> Hi.
>
> I have this postfix instance to relay all mail to a relay host but I wish to make this instance also an archiving MX for a domain. Initially the configuration was:
>
> mynetworks = 127.0.0.0/8
> mailbox_size_limit = 0
> inet_interfaces = loopback-only
> inet_protocols = ipv4
> myhostname = domain.com
> mydestination =
> biff = no
> append_dot_mydomain = no
> soft_bounce = yes
> relayhost = ***************
> smtp_sasl_password_maps = ***************
> smtp_use_tls=yes
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options =
> smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
> compatibility_level=2
>
> In order to make it accept mail for a domain for archiving from the primary mail server, I removed the inet_interfaces so that it listens to public interface also and then configured the domain:
>
> mynetworks = 127.0.0.0/8
> mailbox_size_limit = 0
> inet_protocols = ipv4
> myhostname = domain.com
> mydestination =
> biff = no
> append_dot_mydomain = no
> soft_bounce = yes
> relayhost = ***************
> smtp_sasl_password_maps = ***************
> smtp_use_tls=yes
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options =
> smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
> compatibility_level=2
> #
> #
> virtual_mailbox_domains = domain.com          
> virtual_mailbox_base = /home/archive
> virtual_mailbox_maps = static:mail/
> virtual_uid_maps = static:1000
> virtual_gid_maps = static:1000
>
> But now even locally generated email for domain.com was getting stored in the virtual mailbox instead of getting relayed to the relayhost. So made virtual_mailbox_domains= empty in main.cf and configured public interface separately in master.cf:
>
> mynetworks = 127.0.0.0/8
> mailbox_size_limit = 0
> inet_protocols = ipv4
> myhostname = domain.com
> mydestination =
> biff = no
> append_dot_mydomain = no
> soft_bounce = yes
> relayhost = ***************
> smtp_sasl_password_maps = ***************
> smtp_use_tls=yes
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options =
> smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
> compatibility_level=2
> #
> #
> virtual_mailbox_domains =          
> virtual_mailbox_base = /home/archive
> virtual_mailbox_maps = static:mail/
> virtual_uid_maps = static:1000
> virtual_gid_maps = static:1000
>
> master.cf:
>
> xx.xx.x.x:smtp inet n - y - - smtpd -o virtual_mailbox_domains=domain.com
> 127.0.0.1:smtp inet n - y - - smtpd
>
> But this isn't working. The server is refusing to accept mail for domain.com on the public interface. In other words, how do I override virtual_mailbox_domains for the public IP? I wish to relay all locally generated emails to smarthost but store the email received on public IP for this domain.
>
> Thanks.
I believe the way to do it is to set up two postfix instances. There is
a tool that makes that easier than it sounds.

http://www.postfix.org/postmulti.1.html

John


Reply | Threaded
Open this post in threaded view
|

Re: How to act based on the interface on which the mail was received?

Wietse Venema
RA:
> Thanks for your response. Would want to avoid running multiple
> instances as far as possible. I feel I am missing something in the
> configuration or my approach isn't correct. Postfix should be able
> to handle this trivial task in a single instance.

It's not trivial. Postfix routing can depend on destination
or (to some extent) on source, but it cannot depend on both.

        Wietse

RA
Reply | Threaded
Open this post in threaded view
|

Re: How to act based on the interface on which the mail was received?

RA
Thanks for your input. I really wanted to avoid multiple instances so I finally configured it by re-writing domain.com rcpts to a local mailbox domain.com.backup on the public interface:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2
#
#
$accept_domain_com=check_recipient_access inline:{{domain.com=REDIRECT [hidden email]}} check_recipient_access inline:{domain.com=OK} reject
virtual_mailbox_domains = domain.com.backup          
virtual_mailbox_base = /home/archive
virtual_mailbox_maps = static:mail/
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

master.cf:

xx.xx.x.x:smtp inet n - y - - smtpd -o smtpd_relay_restrictions=$accept_domain_com
127.0.0.1:smtp inet n - y - - smtpd

----- Original message -----
From: Wietse Venema <[hidden email]>
To: Postfix users <[hidden email]>
Subject: Re: How to act based on the interface on which the mail was received?
Date: Mon, 11 Feb 2019 19:20:38 -0500 (EST)

RA:
> Thanks for your response. Would want to avoid running multiple
> instances as far as possible. I feel I am missing something in the
> configuration or my approach isn't correct. Postfix should be able
> to handle this trivial task in a single instance.

It's not trivial. Postfix routing can depend on destination
or (to some extent) on source, but it cannot depend on both.

        Wietse