Distroname and release: Debian Squeeze
Postfix as backup MXThis is quite simple, and with a very simple setup, and does not require that much, since we do not need to send out e-mails from clients from this server, or use ASMTP. I find that MySQL is not needed here, but could be used. I will use normal flat files, since the number of domains to run a backup for is most likely a rather small number.
This setup can be editet to run all times of different checks, antivirus etc.
Normally you would make sure that the setup is exactly the same on both the primary MTA, and the backup. It hardenens the systems, and should reduce spam, and unwanted traffic.
Create public DNS entriesRemember to create an MX record with an lower priority than the primary mail server, or else this will not work!
example.com. 43200 IN MX 10 mail.example.com. example.com. 43200 IN MX 20 backup.example.com.After this these two records are created with A records pointing to different IPs (different servers).
mail.example.com. 343 IN A 123.456.789.123 backup.example.com. 343 IN A 987.654.321.987
InstallationFirst install postfix if it is not installed
aptitude install postfix
Configure postfixNext we will configure postfix to accept e-mails from only trusted domains, and define where want to send the e-mails to.
Please note that I have set the queue lifetime to 30 days, in case a mailserver breaks down when a person is on vacation. Default for this is 5 days, which is some cases is just not enough.
Of course in a serious production environment these 5 days should be sufficient! :)
Now to main.cf file, which is very simple here.
Make sure that "relay_recipient_maps = " is not defined with parameters, it must be defined as "empty", since we will then automatically accept all e-mail addresses. If not we might have a huge amount of work to create all the users, which is a critical bad idea on a backup MX. Remember that the original mailserver, still "sorts" the emails at arrival.
Actually it is (empty) as default, but for a visual view it could be added.
Finding the PTR entry which we should use as hostname. We will use this output later on!
dig -x example.com #ptrentry.example.com
/etc/postfix/main.cf myhostname = ptrentry.example.com smtpd_banner = $myhostname ESMTP mynetworks = 127.0.0.0/24 maximal_queue_lifetime = 30d relay_recipient_maps = relay_domains = hash:/etc/postfix/relaydomains transport_maps = hash:/etc/postfix/transportmaps smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destinationTime to configure the relay domains.
This is the domains that we trust, and we want to act as backup for.
Add the domains you want in this file.
Actually it is possible to add them directly in postfix instead of this flat file and then seperate the domains with commas. But as you can see later on, it is still required to run postmap, so since we have to do this anyway, I find it easier just to create both of these files, and I personally have a better overview.
/etc/postfix/relaydomains example.com OK example1.com OK example2.com OKIn the transportmaps file we will define where we want our e-mails to go when the host is up again.
It is possible to add an internal host inside the network, or just another external host.
For internal hosts a smart trick is to use brackets ( [ ] ), to avoid DNS lookup.
Below have I specified example2.com to an internal host. Also another port can be used, if SMTP is blocked from the ISP. In this example I have used port 587.
First goes the domain, and next we define the original mailserver, where we want to have our mail delivered when the host is up again.
/etc/postfix/transportmaps example.com smtp:mail.example.com:25 example1.com smtp:mail.example1.com:587 example2.com smtp:[192.168.10.20]:25
Updating postfix's lookup tableEverytime a change have been made to either the transportmaps, or relaydomains files it is needed to run postmap to create/update the lookup tables for postfix!
postmap /etc/postfix/relaydomains postmap /etc/postfix/transportmaps /etc/init.d/postfix restartBelow is a little very simple and basic script I have created, that updates the tables, and restarts postfix after changes.
updateRelayDomains.sh #!/bin/sh echo "running postmap" postmap /etc/postfix/relaydomains postmap /etc/postfix/transportmaps echo "restarting postfix, to accept changes" /etc/init.d/postfix restart echo "done"