multiple relay servers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

multiple relay servers

Zsombor B

Hi All,


Customer asked us to relay their mails to a specific smtp server.

Actually they provided 6 possible destination servers.


When add them to sender_dependent_relayhost_maps postmap complains  
that there are duplicate entries:

@foo.bar [mail1.whatever]:123
@foo.bar [mail2.whatever]:123
@foo.bar [mail3.whatever]:123
etc.


How can I solve this?


Thanks,
Zsombor

attachment0 (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Christos Chatzaras

> Hi All,
>
>
> Customer asked us to relay their mails to a specific smtp server.
>
> Actually they provided 6 possible destination servers.
>
>
> When add them to sender_dependent_relayhost_maps postmap complains that there are duplicate entries:
>
> @foo.bar [mail1.whatever]:123
> @foo.bar [mail2.whatever]:123
> @foo.bar [mail3.whatever]:123
> etc.
>
>
> How can I solve this?

Create mail.whatever with A or CNAME records that point to each server.

Then you use:

@foo.bar [mail.whatever]:123
Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Zsombor B

I can' force the customer changing their DNS.

Any postfix solution?

BTW it looks like postfix delivers mails to all the relay servers so  
the postmap warning is a bit misleading as if it won't work.

But this brings up another question: if any of the relay servers can't  
accept mail will postfix try any other relay server in the list at the  
next attempt?


Zsombor

>> How can I solve this?
>
> Create mail.whatever with A or CNAME records that point to each server.
>
> Then you use:
>
> @foo.bar [mail.whatever]:123



attachment0 (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

ilyak
I think you can install the DNS server locally (on the same machine where postfix runs) and configure postfix to use it


On Wed, Oct 21, 2020 at 1:42 PM Zsombor B <[hidden email]> wrote:

I can' force the customer changing their DNS.

Any postfix solution?

BTW it looks like postfix delivers mails to all the relay servers so 
the postmap warning is a bit misleading as if it won't work.

But this brings up another question: if any of the relay servers can't 
accept mail will postfix try any other relay server in the list at the 
next attempt?


Zsombor

>> How can I solve this?
>
> Create mail.whatever with A or CNAME records that point to each server.
>
> Then you use:
>
> @foo.bar [mail.whatever]:123


Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Wietse Venema
In reply to this post by Zsombor B
Zsombor B:

>
> Hi All,
>
>
> Customer asked us to relay their mails to a specific smtp server.
>
> Actually they provided 6 possible destination servers.
>
>
> When add them to sender_dependent_relayhost_maps postmap complains  
> that there are duplicate entries:
>
> @foo.bar [mail1.whatever]:123
> @foo.bar [mail2.whatever]:123
> @foo.bar [mail3.whatever]:123

There can be only one table entry with the name @foo.bar. The
postmap command ignores the rest with a warning.

> How can I solve this?

Postfix 3.5 supports multiple relayhosts:

transport_maps example:
    example.com relay:[mail1.example]:123, [mail2.example]:123, ...

sender_dependent_relayhost_maps example:
    @foo.bar [mail1.example]:123, [mail2.example]:123, ..

This is a fixed order (as if you had multiple records in /etc/hosts).

If these folks want to receive mail in six places, why can't they
set up DNS records like everyone else does?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Zsombor B
Hi Wietse,


> Postfix 3.5 supports multiple relayhosts:

Currently we are on 3.2

> If these folks want to receive mail in six places, why can't they
> set up DNS records like everyone else does?

I'm already over this discussion, that's why I have asked the question. :(
Big company, rigid people, dumb rules.


Thanks,
Zsombor



Idézet (Wietse Venema <[hidden email]>):

> Zsombor B:
>>
>> Hi All,
>>
>>
>> Customer asked us to relay their mails to a specific smtp server.
>>
>> Actually they provided 6 possible destination servers.
>>
>>
>> When add them to sender_dependent_relayhost_maps postmap complains
>> that there are duplicate entries:
>>
>> @foo.bar [mail1.whatever]:123
>> @foo.bar [mail2.whatever]:123
>> @foo.bar [mail3.whatever]:123
>
> There can be only one table entry with the name @foo.bar. The
> postmap command ignores the rest with a warning.
>
>> How can I solve this?
>
> Postfix 3.5 supports multiple relayhosts:
>
> transport_maps example:
>     example.com relay:[mail1.example]:123, [mail2.example]:123, ...
>
> sender_dependent_relayhost_maps example:
>     @foo.bar [mail1.example]:123, [mail2.example]:123, ..
>
> This is a fixed order (as if you had multiple records in /etc/hosts).
>
> If these folks want to receive mail in six places, why can't they
> set up DNS records like everyone else does?
>
> Wietse


attachment0 (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Wietse Venema
Zsombor B:

> Hi Wietse,
>
>
> > Postfix 3.5 supports multiple relayhosts:
>
> Currently we are on 3.2
>
> > If these folks want to receive mail in six places, why can't they
> > set up DNS records like everyone else does?
>
> I'm already over this discussion, that's why I have asked the question. :(
> Big company, rigid people, dumb rules.

In that case, make up a fake hostname with multiple address records
in /etc/hosts, and configure Postfix "smtp_host_lookup = dns,
native". This asumes that you have "multi on" in /etc/host.conf
on LINUX systems.

Postfix will randomize the order or addresses for the "same" name
(assuming the default "smtp_randomize_addresses = yes" is in effect).

        Wietse

smtp_host_lookup (default: dns)
       What mechanisms the Postfix SMTP client uses to look  up  a  host's  IP
       address.  This parameter is ignored when DNS lookups are disabled (see:
       disable_dns_lookups and smtp_dns_support_level).  THE  "DNS"  MECHANISm
       IS ALWAYS TRIED BEFORE "NATIVE" IF BOTH ARE LISTED.

       Specify one of the following:

       dns    Hosts can be found in the DNS (preferred).

       native Use the native naming service only (nsswitch.conf, or equivalent
              mechanism).

       dns, native
              Use the native service for hosts not found in the DNS.

       This feature is available in Postfix 2.1 and later.

Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Fred Morris
In reply to this post by ilyak
If DNSSEC isn't required for the domain(s) in question (or at least
postfix in this specific case) you might look at RPZ as a way of rewriting
just a single record in the zone: https://www.dnsrpz.info/

On Wed, 21 Oct 2020, IL Ka wrote:

>
> I think you can install the DNS server locally (on the same machine where
> postfix runs) and configure postfix to use it
>
>
> On Wed, Oct 21, 2020 at 1:42 PM Zsombor B:
>
>>
>> I can' force the customer changing their DNS.
>>
>> Any postfix solution?
>> [...]
Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Demi M. Obenour
On 10/21/20 11:16 AM, Fred Morris wrote:
> If DNSSEC isn't required for the domain(s) in question (or at least postfix in this specific case) you might look at RPZ as a way of rewriting just a single record in the zone: https://www.dnsrpz.info/

You can also use a local validating recursive resolver (such as
Unbound) and inject a fake record yourself.  Postfix doesn't validate
DNSSEC on its own.  That said, I am not sure how to get Unbound to
lie about the AD bit.

Demi

OpenPGP_0xB288B55FFF9C22C1.asc (3K) Download Attachment
OpenPGP_signature (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: multiple relay servers

Wietse Venema
On 10/21/20 11:16 AM, Fred Morris wrote:
> If DNSSEC isn't required for the domain(s) in question (or at least
> postfix in this specific case) you might look at RPZ as a way of
> rewriting just a single record in the zone: https://www.dnsrpz.info/

Demi M. Obenour:
> You can also use a local validating recursive resolver (such as
> Unbound) and inject a fake record yourself.  Postfix doesn't validate
> DNSSEC on its own.  That said, I am not sure how to get Unbound to
> lie about the AD bit.

Postfix "requests" DNSSEC validation only when the TLS security
level involves DANE support, so lack of DNSSEC validation for a
SPECIFIC name x not necessarily a problem.

However, Postfix 3.6 and later will try to determine if DNSSEC
is available (by default, querying the root zone NS record) and
will log a warning if the response is not DNSSEC validated.
http://www.postfix.org/postconf.5.html#dnssec_probe

So as long as unbound etc. are  transparent for most of DNS,
some selective rewriting should be OK.

        Wietse