|
|
#
1
08-21-2014
Registered User
1,
0
Join Date: Aug 2014
Last Activity: 21 August 2014, 5:16 AM EDT
Posts: 1
Thanks Given: 0
Thanked 0 Times in 0 Posts
Postfix Gateway with Exchange Mail With MX back-up
Hello,
We have been looking for ways of implementing some redundancy on our postfix gateways in our company. We have 4 Postfix Gateways.
mail2.domain.ro 10
mail.domain.ro 20
mail1.domain.ro 30
mail3.domain.ro 40
On nslookup we have like this:
domain.ro MX preference = 10, mail exchanger = mail2.domain.ro
domain.ro MX preference = 20, mail exchanger = mail.domain.ro
domain.ro MX preference = 30, mail exchanger = mail1.domain.ro
domain.ro MX preference = 40, mail exchanger = mail3.domain.ro
The postfix servers are only the gateways to the internet. In the company we use the Exchange from Microsoft.
So, every gateways points to a HUB.
mail2.domain.ro (10.10.9.10 ) points to the first hub ( hub 1 = 10.21.1.4 )
mail.domain.ro ( 10.10.9.99 ) points to the second hub ( hub 2 = 10.21.1.7 )
mail1.domain.ro ( 10.10.9.98 ) points to the 3rd hub ( hub 3 - at the moment is down )
mail.3.domain.ro - it will be emplented in other city.
For the 2 postfix gateways we have configured the files like this:
main.cf
$ cat /etc/postfix/main.cf | egrep -v "(^#.*|^$)" > /home/yo/main.cf
smtp_data_xfer_timeout = 600
smtpd_error_sleep_time = 2s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_tls_CAfile = /etc/postfix/tls/CA.txt
smtpd_tls_cert_file = /etc/postfix/tls/domain.ro.crt
smtpd_tls_key_file = /etc/postfix/tls/domain.ro.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_CAfile = /etc/postfix/tls/CA.txt
smtp_tls_cert_file = /etc/postfix/tls/domain.ro.crt
smtp_tls_key_file = /etc/postfix/tls/domain.ro.key
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 3
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_timeout = 3600s
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
smtpd_helo_required = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mydomain = domain.ro
inet_interfaces = all
mydestination =
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16
relay_domains = domain.ro
transport_maps = hash:/etc/postfix/transport
relayhost =
smtp_generic_maps = hash:/etc/postfix/generic
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
header_checks = regexp:/etc/postfix/header_checks
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
message_size_limit = 25600000
master.cf
$ cat /etc/postfix/master.cf | egrep -v "(^#.*|^$)" > /home/yo/master.cf
smtp inet n - n - - smtpd -o content_filter=spamassassin
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
transport
$ cat /etc/postfix/transport | egrep -v "(^#.*|^$)" > /home/yo/transport
domain.ro smtp:[10.21.1.4]
.domain.ro smtp:[10.21.1.4]
This is the actual configuration, so the postfix gateway points to a exchange HUB.
Our goal is : if the first hub drops from the first gateway, if we can manage to connect to the second hub .
We use the transport conf to connect to the hub, but how can we manage to points to a second hub if the first hub is dropped.
If we change in the master.cf with this: relay unix ... smtp -o smtp_fallback_relay=[fallback.example.com] and in the transport we still keep the current configuration it will work corectly?
How can we do this ?
We have been looking for ways of implementing some redundancy on our postfix gateways in our company. We have 4 Postfix Gateways.
mail2.domain.ro 10
mail.domain.ro 20
mail1.domain.ro 30
mail3.domain.ro 40
On nslookup we have like this:
domain.ro MX preference = 10, mail exchanger = mail2.domain.ro
domain.ro MX preference = 20, mail exchanger = mail.domain.ro
domain.ro MX preference = 30, mail exchanger = mail1.domain.ro
domain.ro MX preference = 40, mail exchanger = mail3.domain.ro
The postfix servers are only the gateways to the internet. In the company we use the Exchange from Microsoft.
So, every gateways points to a HUB.
mail2.domain.ro (10.10.9.10 ) points to the first hub ( hub 1 = 10.21.1.4 )
mail.domain.ro ( 10.10.9.99 ) points to the second hub ( hub 2 = 10.21.1.7 )
mail1.domain.ro ( 10.10.9.98 ) points to the 3rd hub ( hub 3 - at the moment is down )
mail.3.domain.ro - it will be emplented in other city.
For the 2 postfix gateways we have configured the files like this:
main.cf
$ cat /etc/postfix/main.cf | egrep -v "(^#.*|^$)" > /home/yo/main.cf
smtp_data_xfer_timeout = 600
smtpd_error_sleep_time = 2s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_tls_CAfile = /etc/postfix/tls/CA.txt
smtpd_tls_cert_file = /etc/postfix/tls/domain.ro.crt
smtpd_tls_key_file = /etc/postfix/tls/domain.ro.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_CAfile = /etc/postfix/tls/CA.txt
smtp_tls_cert_file = /etc/postfix/tls/domain.ro.crt
smtp_tls_key_file = /etc/postfix/tls/domain.ro.key
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtp_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 3
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_timeout = 3600s
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
smtpd_helo_required = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mydomain = domain.ro
inet_interfaces = all
mydestination =
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16
relay_domains = domain.ro
transport_maps = hash:/etc/postfix/transport
relayhost =
smtp_generic_maps = hash:/etc/postfix/generic
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
header_checks = regexp:/etc/postfix/header_checks
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
message_size_limit = 25600000
master.cf
$ cat /etc/postfix/master.cf | egrep -v "(^#.*|^$)" > /home/yo/master.cf
smtp inet n - n - - smtpd -o content_filter=spamassassin
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
transport
$ cat /etc/postfix/transport | egrep -v "(^#.*|^$)" > /home/yo/transport
domain.ro smtp:[10.21.1.4]
.domain.ro smtp:[10.21.1.4]
This is the actual configuration, so the postfix gateway points to a exchange HUB.
Our goal is : if the first hub drops from the first gateway, if we can manage to connect to the second hub .
We use the transport conf to connect to the hub, but how can we manage to points to a second hub if the first hub is dropped.
If we change in the master.cf with this: relay unix ... smtp -o smtp_fallback_relay=[fallback.example.com] and in the transport we still keep the current configuration it will work corectly?
How can we do this ?