MX backup doesn't queue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

MX backup doesn't queue

danjjde
Hi friends,
on a Debian Jessie and Postfix 2.11.x,

where DNS configuration seem fine, infact if I shutdonwn the primary
email server, the correspondence is delivered to the second correctly.
where SERVER1 is "the.backed-up.domain.tld"
where SERVER2 is "the backup MX)



My point is to understand why Postfix (on MX backup) store email into
mailbox and does not queue them.





It seems to me that the essential parameter is:


/relay_domains = . . . the.backed-up.domain.tld   ------------>
(server1)/

and then:

mydestination = server2, localhost.server2, localhost



as described on:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup

But nevertheless it does not queue messages but always registers them
within INBOX.


I'm using MySQL for:

virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps =
mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql-email2email.cf,mysql:/etc/postfix/mysql-virtual-alias-maps.cf

And into "virtual_mailbox_domains" also appears in the list
the.backed-up.domain.tld
So I've change "virtual_mailbox_domains" from MySQL to hash (and
postconf it) and excluding "the.backed-up.domain.tld" domain, but with
no luck.

Do you know how I could ascertain the reasons of this strange (for me)
behavior?


If you like to see my configuration files (main.cf) I've also posted
here its two minimal configuration:

SERVER1: https://pastebin.com/wVaqxj2i
SERVER2 (backup MX): https://pastebin.com/2mYBGvCN


and for more:

/etc/postfix/mysql-virtual-mailbox-domains.cf:
https://pastebin.com/7Wy1JrAS
/etc/postfix/mysql-virtual-mailbox-maps.cf:
https://pastebin.com/jSdX4bTu
/etc/postfix/mysql-virtual-alias-maps.cf: https://pastebin.com/L0eAYxPG
/etc/postfix/mysql-email2email.cf: https://pastebin.com/2vRGFJy7




Please give me a useful suggestion I'm going crazy! :-)

many thanks!

Davide

Reply | Threaded
Open this post in threaded view
|

Re: MX backup doesn't queue

Noel Jones-2
> My point is to understand why Postfix (on MX backup) store email
> into mailbox and does not queue them.


On the backup MX:


DO NOT list the domain in mydestination, virtual_alias_domains, or
mailbox_domains parameters.  These list domains for local delivery.

DO list the domain in relay_domains


DO NOT list the valid recipients in virtual_mailbox_maps, or
virtual_alias_maps.  These list local recipients.

DO list valid recipients in relay_recipient_maps

http://www.postfix.org/ADDRESS_CLASS_README.html


On the other hand, most folks these days think a backup MX is more
trouble than it's worth due to the way they are abused by spammers.




  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: MX backup doesn't queue

danjjde
Il 2017-09-01 22:57 Noel Jones ha scritto:
[..]
>
> On the backup MX:
>
>
> DO NOT list the domain in mydestination, virtual_alias_domains, or
> mailbox_domains parameters.  These list domains for local delivery.


You mean: do not list the domain of the *primary server* in
mydestination, virtual_alias_domains, or mailbox_domains parameters,
confirm?

>
> DO list the domain in relay_domains

Here I've the virtual domain list on mysql table (replicated/synced
with the primary server), could I use a mysql query here? This query
should exclude the primary sever domain from the list? And the query
output could be the list of all domain one for each row?

>
>
> DO NOT list the valid recipients in virtual_mailbox_maps, or
> virtual_alias_maps.  These list local recipients.

here could I simply comment the above parameters (virtual_mailbox_maps,
and virtual_alias_maps)?

>
> DO list valid recipients in relay_recipient_maps

Here, as above, could I use a MySQL query for list the all valid
recipients (included the alias), one for each row? The list contains
addresses for the primary server domain. Do I also have to remove
references to the primary server domain here?

>
> http://www.postfix.org/ADDRESS_CLASS_README.html
>

ok!

> On the other hand, most folks these days think a backup MX is more
> trouble than it's worth due to the way they are abused by spammers.
>


I think it's very important to manage the MX backup server autonomously
and that is most important too, be careful to not turn the backup server
into a backscatter mail server. For this reason I ask before acting.


Many thanks for the time you're dedicating me Jones!!



Davide





Reply | Threaded
Open this post in threaded view
|

Re: MX backup doesn't queue

Noel Jones-2
On 9/3/2017 6:28 AM, Davide Marchi wrote:

> Il 2017-09-01 22:57 Noel Jones ha scritto:
> [..]
>>
>> On the backup MX:
>>
>>
>> DO NOT list the domain in mydestination, virtual_alias_domains, or
>> mailbox_domains parameters.  These list domains for local delivery.
>
>
> You mean: do not list the domain of the *primary server* in
> mydestination, virtual_alias_domains, or mailbox_domains parameters,
> confirm?

Yes, I'm referring to the primary domain; the domain this box is a
secondary MX for.


>
>>
>> DO list the domain in relay_domains
>
> Here I've the virtual domain list on mysql table (replicated/synced
> with the primary server), could I use a mysql query here?

Yes, you can use any supported map type.

> This query
> should exclude the primary sever domain from the list? And the query
> output could be the list of all domain one for each row?

Your question is unclear.  If the domain your secondary for is
"example.com", then example.com should be a key in the table with
any result.  Do not return a list of domains.
If this is for only one or a few domains, probably easier to just
list them in master.cf rather than using a table.
http://www.postfix.org/postconf.5.html#relay_domains

>>
>> DO NOT list the valid recipients in virtual_mailbox_maps, or
>> virtual_alias_maps.  These list local recipients.
>
> here could I simply comment the above parameters
> (virtual_mailbox_maps, and virtual_alias_maps)?

Yes, if you don't need them for local purposes.


>
>> DO list valid recipients in relay_recipient_maps
>
> Here, as above, could I use a MySQL query for list the all valid
> recipients (included the alias), one for each row? The list contains
> addresses for the primary server domain. Do I also have to remove
> references to the primary server domain here?


Yes, you can use mysql for this map.  Each valid recipient is a
separate row.  Every address listed here will be accepted to relay
to the primary server; unlisted addresses will be rejected as unknown.
http://www.postfix.org/ADDRESS_CLASS_README.html#relay_domain_class





  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: MX backup doesn't queue

danjjde
>> Il 2017-09-01 22:57 Noel Jones ha scritto:
>> [..]
>>>
>>> On the backup MX:
>>> [..]

Well, finally we did it!
Basically I think we can say that the backup server does not have to
recognize as local, domains and addresses.

This is what I did:

"server1.org" the.backed-up.domain.tld (primary domain)
"server2.org" the backup MX (secondary domain)


1) never list in mydomains/myhostname the primary server domain.
2) never list in virtual_alias_domains the primary server domain.  I've
commented it.
3) never list in mailbox_domains o in virtual_mailbox_domains the
primary domain. I've commented it.
4) do not list in virtual_alias_maps the primary domain. I've commented
it.
5) this is useless: smtpd_sender_login_maps. I've commented it.
6) myorigin = $myhostname
7) mydestination = server2.org, localhost.server2.org, localhost
8) always list in relay_domains every domains (virtual too)

to do so via mysql add in main.cf the following files and their
configurations:

relay_domains = mysql:/etc/postfix/mysql-relay-domains.cf

then create a file called: "/etc/postfix/mysql-relay-domains.cf" with
content:


user = user-db-postfix
password = my-password
hosts = 127.0.0.1
dbname = db-postfix-server
query = SELECT name FROM virtual_domains WHERE name='%s'

(the query content depend from the database structure)



9) then add in main.cf:

relay_recipient_maps = mysql:/etc/postfix/mysql-relay-recipient-maps.cf

create file "/etc/postfix/mysql-relay-recipient-maps.cf" with content:


user = user-db-postfix
password = my-password
hosts = 127.0.0.1
dbname = db-postfix-server
query = SELECT email FROM virtual_users WHERE email = '%s'

(the query content depend from the database structure)



10) to ensure that aliases are also accepted (is it correct?):

add in main.cf too:

relay_recipient_maps =
mysql:/etc/postfix/mysql-alias-relay-recipient-maps.cf
(relay_recipient_maps =
mysql:/etc/postfix/mysql-relay-recipient-maps.cf,mysql:/etc/postfix/mysql-alias-relay-recipient-maps.cf)


create file:

/etc/postfix/mysql-alias-relay-recipient-maps.cf

whose content must be:


user = user-db-postfix
password = my-password
hosts = 127.0.0.1
dbname = db-postfix-server
query = SELECT source FROM virtual_aliases WHERE source = '%s'

(the query content depend from the database structure)


// I hope, if this is right, this scheme may be of help to others. //


Thanks to all