mail for ... loops back to myself

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

mail for ... loops back to myself

Steve Atkins
I suspect the answer to this is going to be "Well, don't do that then." but I may as well ask...

I have a VM that's running two services. One of them is a vanilla postfix smarthost - it accepts mail on port 587 and relays it out to the world.

The other is an unrelated smtp server that listens for inbound email on port 25. They use unrelated domains and hostnames, but are both on the same IP address.

If I try and send mail via the smarthost to the inbound smtp server the postfix rejects the attempt with "mail for <the destination domain> loops back to myself". That's not an unreasonable thing for it to think, but is there any way to tell postfix that it's just a smarthost, not an MX listening on port 25, and it shouldn't worry it's little head about mail loops?

Cheers,
  Steve
Reply | Threaded
Open this post in threaded view
|

Re: mail for ... loops back to myself

Wietse Venema
Steve Atkins:
> I suspect the answer to this is going to be "Well, don't do that then." but I may as well ask...
>
> I have a VM that's running two services. One of them is a vanilla postfix smarthost - it accepts mail on port 587 and relays it out to the world.
>
> The other is an unrelated smtp server that listens for inbound email on port 25. They use unrelated domains and hostnames, but are both on the same IP address.

You can't do that with Postfix. Specifically, the inet_interfaces
settings must be non-overlapping.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: mail for ... loops back to myself

Steve Atkins

> On Jul 11, 2018, at 6:12 PM, Wietse Venema <[hidden email]> wrote:
>
> Steve Atkins:
>> I suspect the answer to this is going to be "Well, don't do that then." but I may as well ask...
>>
>> I have a VM that's running two services. One of them is a vanilla postfix smarthost - it accepts mail on port 587 and relays it out to the world.
>>
>> The other is an unrelated smtp server that listens for inbound email on port 25. They use unrelated domains and hostnames, but are both on the same IP address.
>
> You can't do that with Postfix. Specifically, the inet_interfaces
> settings must be non-overlapping.

Thanks. That was my guess, but I thought I'd check.

Cheers,
  Steve

Reply | Threaded
Open this post in threaded view
|

Re: mail for ... loops back to myself

Viktor Dukhovni
In reply to this post by Wietse Venema
On Wed, Jul 11, 2018 at 09:12:40PM -0400, Wietse Venema wrote:

> Steve Atkins:
> > I suspect the answer to this is going to be "Well, don't do
> > that then." but I may as well ask...
> >
> > I have a VM that's running two services. One of them is a vanilla
> > postfix smarthost - it accepts mail on port 587 and relays it out
> > to the world.
> >
> > The other is an unrelated smtp server that listens for inbound
> > email on port 25. They use unrelated domains and hostnames, but are
> > both on the same IP address.
>
> You can't do that with Postfix. Specifically, the inet_interfaces
> settings must be non-overlapping.

Yes, but that can actually be accomplished in this case.

To make this work:

  1.  Configure a different value for "myhostname" in the submission
      instance, for example:

      submission: myhostname = smtp.example.com
      inbound-mx: myhostname = mx01.example.com

  2.  Assign the system's non-loopback interfaces to the port 25 MX host:

      # All the non-loopback IPv4/IPv6 addresses on which the instance is listening
      inet_interfaces = 192.0.2.1

      # Plus any NAT addresses externally mapped to the above
      proxy_interfaces =

      consequently this instance will have a non-wildcard TCP binding,
      and will not serve the loopback address.  That should be fine.


  3.  Assign just the loopback address to the submission service

      inet_interfaces = loopback-only

      which means that all "inet" services in master.cf will *default*
      to listen only on the loopback address, but you can "steal"
      some ports from the public IPs, provided they're not used by
      the inbound MX service.

      master.cf:
        192.0.2.1.:587 inet n    -       n       -       -       smtpd
          -o smtpd_sasl_auth_enable=yes
          -o smtpd_tls_security_level=encrypt
          -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
          -o smtpd_client_restrictions=
          -o smtpd_helo_restrictions=
          -o smtpd_sender_restrictions=
          -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
          -o smtpd_recipient_restrictions=
          -o smtpd_data_restrictions=
          -o smtpd_end_of_data_restrictions=

  4.  Optional safety net.  Configure the inbound MX to also listen on additional
      loopback port:

      master.cf:
        127.0.0.1:26 inet n      -       n       -       -       smtpd

      then configure the *MSA* to relay email to known local domains to this
      service, avoiding loop detection by using a non-default port:

      main.cf:
        indexed = ${default_database_type}:${config_directory}/
        transport_maps = ${indexed}transport

      transport:
        # Route my own domains to the inbound MX for delivery
        example.com relay:[127.0.0.1]:26

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: mail for ... loops back to myself

Matus UHLAR - fantomas
In reply to this post by Steve Atkins
On 11.07.18 17:51, Steve Atkins wrote:

>I have a VM that's running two services. One of them is a vanilla postfix smarthost - it accepts mail on port 587 and relays it out to the world.
>
>The other is an unrelated smtp server that listens for inbound email on port 25. They use unrelated domains and hostnames, but are both on the same IP address.
>
>If I try and send mail via the smarthost to the inbound smtp server the
> postfix rejects the attempt with "mail for <the destination domain> loops
> back to myself".  That's not an unreasonable thing for it to think, but is
> there any way to tell postfix that it's just a smarthost, not an MX
> listening on port 25, and it shouldn't worry it's little head about mail
> loops?

you need to tell the server, where to send mail for the domain.
Apparently, to the port 25 of the same server.

Why do you run two different smtp servers on the same host?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.
Reply | Threaded
Open this post in threaded view
|

Re: mail for ... loops back to myself

Viktor Dukhovni
On Thu, Jul 12, 2018 at 02:27:06PM +0200, Matus UHLAR - fantomas wrote:

> Why do you run two different smtp servers on the same host?

Multi-instance configurations can be simpler to design, each instance
does one thing well.  Whether my work-around for IP-address sharing
is sufficiently simple is the OP's call.

--
        Viktor.