Mailman29 via Postfix-users:
> I have changed the $myhostname string and it still says it loops
> back to myself. Port 25 must be forwarded for incoming mail. Postfix
> isn't supposed to be listening to any ports. In fact, I only have
> smtpd enabled, and not smtp. This is very confusing. :(
Wietse Venema:
> To inform the Postfix SMTP client that this Postfix instance does
> not receive mail from the network, specify:
>
> main.cf:
> inet_interfaces =
Mailman29 via Postfix-users:
> I thought that may be right, but if I comment out the "inet_interfaces"
> it fails to take mail from the main server for outbound delivery.
We appear to be talking aobut different servers: one that: "isn't
supposed to be listening to any ports", yet ssomehow should be able
to receive mail. and one that should listen: "if I comment out the
"inet_interfaces" it fails to take mail from the main server for
outbound delivery".
Coming back to the diagram:
public IP address, port 25: haproxy ->
non-public port or address: frontend.example.com MTA with transport_maps ->
non-public port or address: backend.example.com MTA
I understand from your response that the backend MTA should send
mail to the internet through the frontend MTA. All that is possible
but it requires careful configuration:
1) The backend.example.com MTA receives inbound mail from the frontend,
delivers mail locally for example.com, localhost, backend.example.com,
frontend.example.com, and sends outbound mail through the frontend.
/etc/postfix/main.cf:
# This example assumes delivery with the local(8) delivery agent,
# with valid recipients specified in local_recipient_maps
# (default: $alias_maps unix:passwd.byname).
# Instead, one could deliver with virtual_transport, list the
# domains with virtual_mailbox_domains, and list valid recipients
# with virtual_mailbox_maps.
mydestination = example.com localhost
backend.example.com frontend.example.com
# Use a distinct MTA name to avoid name-based loop detection.
myhostname = backend.example.com
relayhost = [127.0.0.1]:frontend-outbound-port
inet_interfaces = 127.0.0.1
/etc/postfix/master.cf:
# Use a port other than 25 to disable IP address based loop detection.
127.0.0.1:backend-inbound-port .. .. .. .. .. .. .. smtpd
2) The frontend.example.com MTA forwards mail to the backend for
example.com, localhost, *.example.com:
/etc/postfix-frontend/main.cf:
# Use a distinct MTA name to avoid name-based loop detection.
myhostname = frontend.example.com
# Forward example.com, *.example.com, localhost.
relay_domains = example.com localhost
# This assumes you have a list of valid recipients.
relay_recipient_maps = ...list with valid recipients...
transport_maps = hash:/etc/postfix-frontend/transport
mydestination =
proy_interfaces = the haproxy public IP address
inet_interfaces = 127.0.0.1
/etc/postfix-frontend/transport:
# Forward example.com, *.example.com, localhost to the backend.
# Execute "postmap hash:/etc/postfix-frontend/transport after
# editing the file.
example.com relay:[127.0.0.1]:backend-inbound-port
.example.com relay:[127.0.0.1]:backend-inbound-port
localhost relay:[127.0.0.1]:backend-inbound-port
/etc/postfix-frontend/master.cf:
# The port that receives inbound mail through haproxy.
127.0.0.1:frontend-inbound-port .. .. .. .. .. .. .. smtpd
-o syslog_name=postfix/frontend-inbound
-o smtpd_upstream_proxy_protocol=haproxy
# The port that receives outbound mail from the backend MTA.
# Use a port other than 25 to disable IP address based loop detection.
127.0.0.1:frontend-outbound-port .. .. .. .. .. .. .. smtpd
-o syslog_name=postfix/frontend-outbound
-o smtpd_upstream_proxy_protocol=
There's probably a setting that I'm overlooking but this
should cover most of it.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
