Little Help

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Little Help

David Porsche'
All,

I am setting up a pair of new postfix servers for mx.domain.com (obviously
not really domain.com).  I have what I thought was a working postfix
configuration until I decided to test it out.  I have created both primary
and
secondary DNS MX entries for the domain.  When I try to send mail to the
primary postfix mail exchanger it does not recognize itself as the primary
from the DNS query and tries to deliver to itself via the external IP
address that DNS resolves (NATTED IP).  This connection times out due to
firewall rules (separate issue) and tries to deliver to the secondary
postfix mail exchanger.  This connection also fails because of the
smtp_client_restrictions I have in place as I am waiting for the PTR
records to propagate.  I have explicitly set the fqdn in the postfix
config, which matches the DNS query results for the primary MX.

I am at a loss right now because I believe that I have set everything up
correctly but this doesn't not seem to be the case.  I am sure I am
missing something very silly and would appreciate any help locating what
that might be.  Bellow I have including slightly modified postconf -n
output as well as some logging data with the -v flag turned on.


May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_parse_destination:
mx.domain.com smtp
May 28 15:33:23 ms6 postfix/smtp[3475]: connecting to mx.domain.com port 25
May 28 15:33:23 ms6 postfix/smtp[3475]: dns_query: mx.domain.com (MX): OK
May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type MX for
mx.domain.com
May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type MX for
mx.domain.com
May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_addr_one: host ms6.mx.domain.com
May 28 15:33:23 ms6 postfix/smtp[3475]: lookup ms6.mx.domain.com type A
flags 128
May 28 15:33:23 ms6 postfix/smtp[3475]: dns_query: ms6.mx.domain.com (A): OK
May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type A for
ms6.mx.domain.com
May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_addr_one: host
ms60.mx.domain.com
May 28 15:33:23 ms6 postfix/smtp[3475]: lookup ms60.mx.domain.com type A
flags 128
May 28 15:33:23 ms6 postfix/smtp[3475]: dns_query: ms60.mx.domain.com (A): OK
May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type A for
ms60.mx.domain.com
May 28 15:33:23 ms6 postfix/smtp[3475]: begin mx.domain.com address list
May 28 15:33:23 ms6 postfix/smtp[3475]: pref   10 host
ms6.mx.domain.com/AAA.BBB.CCC.DDD
May 28 15:33:23 ms6 postfix/smtp[3475]: pref   20 host
ms60.mx.domain.com/AAA.BBB.CCC.DDD
May 28 15:33:23 ms6 postfix/smtp[3475]: end mx.domain.com address list
May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_find_self: not found
May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_connect_addr: trying:
ms6.mx.domain.com[AAA.BBB.CCC.DDD] port 25...
May 28 15:33:53 ms6 postfix/smtp[3475]: connect to
ms6.mx.domain.com[AAA.BBB.CCC.DDD]: Connection timed out (port 25)



alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 6h
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_process_limit = 100
disable_vrfy_command = yes
home_mailbox = Mailbox
html_directory = no
local_header_rewrite_clients = permit_mynetworks
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient,
envelope_recipient
masquerade_domains = $mydomain
maximal_queue_lifetime = 6h
message_size_limit = 40960000
mydestination = $myhostname, localhost.$mydomain, localhost, ms60.$mydomain
mydomain = mx.domain.com
myhostname = ms6.mx.domain.com
mynetworks = 10.5.0.0/16, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = lga2.domain.com, domain.com
remote_header_rewrite_domain = domain.invalid
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks   reject_rbl_client
sbl.spamhaus.org        reject_rbl_client cbl.abuseat.org
reject_unknown_client
smtpd_helo_restrictions = permit_mynetworks        reject_invalid_hostname
       reject_unknown_hostname        reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks
permit_auth_destination        reject_non_fqdn_recipient
reject_unauth_destination        reject_unknown_recipient_domain
smtpd_sender_restrictions = permit_mynetworks
reject_unknown_sender_domain        reject_non_fqdn_hostname
strict_rfc821_envelopes = yes
unknown_local_recipient_reject_code = 550

Thanks,
David
Reply | Threaded
Open this post in threaded view
|

Re: Little Help

mouss-2
David Porsche' wrote:
> All,
>
> I am setting up a pair of new postfix servers for mx.domain.com (obviously
> not really domain.com).

if it's not really domain.com, then please use example.com and the like.

>   I have what I thought was a working postfix
> configuration until I decided to test it out.  I have created both primary
> and
> secondary DNS MX entries for the domain.  When I try to send mail to the
> primary postfix mail exchanger it does not recognize itself as the primary
> from the DNS query and tries to deliver to itself via the external IP
> address that DNS resolves (NATTED IP).

http://www.postfix.org/postconf.5.html#proxy_interfaces

but where do you want mail for example.com to be delivered? you
apparently have put the domain as a relay domain. so it will be relayed
(via MX lookup, transport_maps, ... etc).

>  This connection times out due to
> firewall rules (separate issue) and tries to deliver to the secondary
> postfix mail exchanger.  This connection also fails because of the
> smtp_client_restrictions I have in place as I am waiting for the PTR
> records to propagate.  I have explicitly set the fqdn in the postfix
> config, which matches the DNS query results for the primary MX.
>
> I am at a loss right now because I believe that I have set everything up
> correctly but this doesn't not seem to be the case.  I am sure I am
> missing something very silly and would appreciate any help locating what
> that might be.  Bellow I have including slightly modified postconf -n
> output as well as some logging data with the -v flag turned on.
>
>
> May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_parse_destination:
> mx.domain.com smtp
> May 28 15:33:23 ms6 postfix/smtp[3475]: connecting to mx.domain.com port 25
> May 28 15:33:23 ms6 postfix/smtp[3475]: dns_query: mx.domain.com (MX): OK
> May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type MX for
> mx.domain.com
> May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type MX for
> mx.domain.com
> May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_addr_one: host ms6.mx.domain.com
> May 28 15:33:23 ms6 postfix/smtp[3475]: lookup ms6.mx.domain.com type A
> flags 128
> May 28 15:33:23 ms6 postfix/smtp[3475]: dns_query: ms6.mx.domain.com (A): OK
> May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type A for
> ms6.mx.domain.com
> May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_addr_one: host
> ms60.mx.domain.com
> May 28 15:33:23 ms6 postfix/smtp[3475]: lookup ms60.mx.domain.com type A
> flags 128
> May 28 15:33:23 ms6 postfix/smtp[3475]: dns_query: ms60.mx.domain.com (A): OK
> May 28 15:33:23 ms6 postfix/smtp[3475]: dns_get_answer: type A for
> ms60.mx.domain.com
> May 28 15:33:23 ms6 postfix/smtp[3475]: begin mx.domain.com address list
> May 28 15:33:23 ms6 postfix/smtp[3475]: pref   10 host
> ms6.mx.domain.com/AAA.BBB.CCC.DDD
> May 28 15:33:23 ms6 postfix/smtp[3475]: pref   20 host
> ms60.mx.domain.com/AAA.BBB.CCC.DDD
> May 28 15:33:23 ms6 postfix/smtp[3475]: end mx.domain.com address list
> May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_find_self: not found
> May 28 15:33:23 ms6 postfix/smtp[3475]: smtp_connect_addr: trying:
> ms6.mx.domain.com[AAA.BBB.CCC.DDD] port 25...
> May 28 15:33:53 ms6 postfix/smtp[3475]: connect to
> ms6.mx.domain.com[AAA.BBB.CCC.DDD]: Connection timed out (port 25)
>
>
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> bounce_queue_lifetime = 6h
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_process_limit = 100
> disable_vrfy_command = yes
> home_mailbox = Mailbox
> html_directory = no
> local_header_rewrite_clients = permit_mynetworks
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient,
> envelope_recipient
> masquerade_domains = $mydomain
> maximal_queue_lifetime = 6h
> message_size_limit = 40960000
> mydestination = $myhostname, localhost.$mydomain, localhost, ms60.$mydomain
> mydomain = mx.domain.com
> myhostname = ms6.mx.domain.com
> mynetworks = 10.5.0.0/16, 127.0.0.0/8
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> relay_domains = lga2.domain.com, domain.com
> remote_header_rewrite_domain = domain.invalid
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions = permit_mynetworks   reject_rbl_client
> sbl.spamhaus.org        reject_rbl_client cbl.abuseat.org
> reject_unknown_client
> smtpd_helo_restrictions = permit_mynetworks        reject_invalid_hostname
>        reject_unknown_hostname        reject_non_fqdn_hostname
> smtpd_recipient_restrictions = permit_mynetworks
> permit_auth_destination        reject_non_fqdn_recipient
> reject_unauth_destination        reject_unknown_recipient_domain
> smtpd_sender_restrictions = permit_mynetworks
> reject_unknown_sender_domain        reject_non_fqdn_hostname
> strict_rfc821_envelopes = yes
> unknown_local_recipient_reject_code = 550
>
> Thanks,
> David
>