Well the primary MX went tits up today and because the boss is pinning me for the new job I have to do something about it. My mail server has been shut down for a while now but the config is still there, so I sat down to do some modifications.
After the first two problems were encountered and we'd been down for twenty minutes I said "stuff it" to myself and copied the main.cf file for later backups. I needed a quick and dirty solution to get the backup MX receiving emails for our domain, no spam, no filtering, we'll let the primary MX work it all out later.
root@dread /etc/postfix# grep -Ev '^#|^$' main.cf
relay_domains = 192.168.1.1 architects.example.com.au
smtpd_recipient_restrictions = check_relay_domains check_recipient_access hash:/etc/postfix/access, reject
transport_maps = hash:/etc/postfix/transport
myhostname = mx2.architects.example.org
root@dread /etc/postfix# grep -Ev '^#|^$' access
architects.example.com.au OK
root@dread /etc/postfix# grep -Ev '^#|^$' transport
architects.example.com.au smtp:[mail.example.org]
root@dread /etc/postfix# postfix start
postfix/postfix-script: starting the Postfix mail system
root@dread /etc/postfix#
It is that easy. This will receive all email for architects.example.com.au and relay it to mail.example.org as soon as it can, rejecting all else.
Edit: Changing file paths to avoid confusion over my symlinked folders.ß
Edit Two: UPDATE. If boss decides that you should be using multiple domains then we need to change relay domains to be:
Make sure to update your transport maps.
Ok this is an update to the original backup MX configuration you saw earlier. I've added a whole bunch of spam things in, including (though I hate to admit) Real time blacklist checks. I hate these things but they're easier than configuring spam assassin.
This configuration enforces a few RFC-based checks on the sending machine to ensure we're getting somewhere decent. Note that this configuration does not do sender verification as I believe this is the worst thing ever.
Clean, simply, voila.
REFERENCE
http://www.razeor.com/forum/index.php?topic=325.0
After the first two problems were encountered and we'd been down for twenty minutes I said "stuff it" to myself and copied the main.cf file for later backups. I needed a quick and dirty solution to get the backup MX receiving emails for our domain, no spam, no filtering, we'll let the primary MX work it all out later.
root@dread /etc/postfix# grep -Ev '^#|^$' main.cf
relay_domains = 192.168.1.1 architects.example.com.au
smtpd_recipient_restrictions = check_relay_domains check_recipient_access hash:/etc/postfix/access, reject
transport_maps = hash:/etc/postfix/transport
myhostname = mx2.architects.example.org
root@dread /etc/postfix# grep -Ev '^#|^$' access
architects.example.com.au OK
root@dread /etc/postfix# grep -Ev '^#|^$' transport
architects.example.com.au smtp:[mail.example.org]
root@dread /etc/postfix# postfix start
postfix/postfix-script: starting the Postfix mail system
root@dread /etc/postfix#
It is that easy. This will receive all email for architects.example.com.au and relay it to mail.example.org as soon as it can, rejecting all else.
Edit: Changing file paths to avoid confusion over my symlinked folders.ß
Edit Two: UPDATE. If boss decides that you should be using multiple domains then we need to change relay domains to be:
Code: (Main.cf)
relay_domains = hash:/etc/postfix/access
Make sure to update your transport maps.
Ok this is an update to the original backup MX configuration you saw earlier. I've added a whole bunch of spam things in, including (though I hate to admit) Real time blacklist checks. I hate these things but they're easier than configuring spam assassin.
Code:
relay_domains = hash:/etc/postfix/access<br />recipient_access = hash:/etc/postfix/access<br />smtpd_recipient_restrictions =<br /> reject_unauth_pipelining,<br /> reject_rhsbl_client blackhole.securitysage.com,<br /> reject_rhsbl_sender blackhole.securitysage.com,<br /> reject_rbl_client zen.spamhaus.org,<br /> reject_rbl_client bl.spamcop.net,<br /> check_relay_domains,<br /> check_recipient_access,<br /> reject<br />smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain<br />smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, reject_unauth_pipelining<br />smtpd_data_restrictions = reject_unauth_pipelining<br />myhostname = mx2.architects.example.org<br />transport_maps = hash:/etc/postfix/transport<br />mynetworks_style = subnet<br />
This configuration enforces a few RFC-based checks on the sending machine to ensure we're getting somewhere decent. Note that this configuration does not do sender verification as I believe this is the worst thing ever.
Clean, simply, voila.
REFERENCE
http://www.razeor.com/forum/index.php?topic=325.0
