Setting up multiple Postfix instances on the same server
I want to share with you one of the options for setting up and using Postfix, when we have several IPs from which we can deliver messages.
The task was about this. It is necessary to configure on one server with two interfaces, Postfix with different queues for different external IP. An example in the picture.
')
Please welcome under the cat, to whom this topic of interest.
Given:
Task:
Decision:
For convenience, we come up with hostnames for IP, I use the notation for the intended purpose:
For normal operation, you should take care of the DNS, we have one accepts mail and all postfixes will send mail, for them PTR and SPF records should be specified, this is how direct and reverse RRs for example.com will look like:
Before doing instances, you need to change the settings of the main postfix, how to configure postfix for MX to work was written a lot, so I ’ll focus on the main points, edit /etc/postfix/main.cf :
We leave only ipv4 and prescribe the necessary ip, processing letters
Forcibly send letters from one IP and register HELO to it
We deliver letters only from our internal network and our IP:
We accept mail for your domain:
The main Postfix is ready. Create our instances. We need 2 additional instances that will be configured only to send emails, the standard one will receive local email, and will also be MX for the example.com domain.
We configure instansa. The configuration files will be in / etc / postfix-mail-out2 and postfix-mail-out3, respectively. Open /etc/postfix-mail-out2/main.cf . We register HELO, external and internal IP:
Since additional instances will only deal with sending mail, it is necessary to prohibit local delivery and register where the relay is possible from:
To be able to transfer mail from one physical server to another on the inside of a local area network, you need to add another transport, let's call it lrelay. We do this in the master.cf of each instance. Add a line:
It will be possible to transfer from one server to another via transport_maps . Register in each instance:
For example, to send all mail-out1 emails to mail-out2. Add the line to / etc / postfix-mail-out1 / transport :
The second instance is configured in the same way, only the IP changes.
After setup it is necessary to activate instansa:
And restart postfix:
Restarting, starting and stopping individual instances can be done through postmulti:
Check who is running and who is not:
Now we have 3 separate queues that can be pre-configured at will.
I have dkim and domainkey daemons running outgoing letters for the main postfix and additional instances.
For each instance, you can configure any filters and connect everything you need, spamassin, gerylist, etc.
How and for what the following configuration can be used:
Some useful links for configuring Postfix \ a:
PS What is the work of the service without statistics. In this regard, I wrote an extension for Cacti which will collect statistics from each instance on the number of letters in queues via SNMP. I will write this in a separate post.
Ask questions, I will be glad to help.
The task was about this. It is necessary to configure on one server with two interfaces, Postfix with different queues for different external IP. An example in the picture.
')
Please welcome under the cat, to whom this topic of interest.
Given:
- Debian server
- eth0, eth0: 1, eth0: 2 - external interface with aliases
- xxx1, xxx2, xxx3
- eth1, eth1: 1, eth1: 2 - internal interface with aliases
- yyy1, yyy2, yyy3
- eth0, eth0: 1, eth0: 2 - external interface with aliases
- Postfix 2.9.x
- Domain - example.com
Task:
- Maping internal and external IP with individual queues and the ability to customize. All that comes to be sent to a specific internal interface must go through a predefined external interface.
- localhost (sendmail, mail ()) -> xxx1
- yyy1 -> xxx1
- yyy2 -> xxx2
- yyy3 -> xxx3
- Incoming mail (MX) example.com is received on one IP
- xxx1
- Mail delivery from domain users + sasl authorization
- xxx1 -> xxx1
Decision:
For convenience, we come up with hostnames for IP, I use the notation for the intended purpose:
- yyy1 - mx.example.com
- yyy2 - mail-out2.example.com
- yyy3 - mail-out3.example.com
- xxx1 - mx.local
- xxx2 - mail-out2.local
- xxx3 - mail-out3.local
For normal operation, you should take care of the DNS, we have one accepts mail and all postfixes will send mail, for them PTR and SPF records should be specified, this is how direct and reverse RRs for example.com will look like:
example.com. IN MX 0 mx.example.com. mx.example.com IN A xxx1 mail-out2.example.com. IN A xxx2 mail-out3.example.com. IN A xxx3 example.com. IN TXT "v = spf1 ip4: xxx2 ip4: xxx4 mx-all" 1.xxx.in-addr.arpa. IN PTR mx.example.com. 2.xxx.in-addr.arpa. IN PTR mail-out2.example.com. 3.xxx.in-addr.arpa. IN PTR mail-out3.example.com.
Before doing instances, you need to change the settings of the main postfix, how to configure postfix for MX to work was written a lot, so I ’ll focus on the main points, edit /etc/postfix/main.cf :
We leave only ipv4 and prescribe the necessary ip, processing letters
inet_interfaces = xxx1, yyy1, 127.0.0.1 inet_protocols = ipv4
Forcibly send letters from one IP and register HELO to it
smtp_bind_address = xxx1 smtp_helo_name = mx.example.com myhostname = mx.example.com
We deliver letters only from our internal network and our IP:
mynetworks = xxx1, xxx2, xxx3, yyy0 / 24
We accept mail for your domain:
mydestination = example.com, * .example.com, localhost
The main Postfix is ready. Create our instances. We need 2 additional instances that will be configured only to send emails, the standard one will receive local email, and will also be MX for the example.com domain.
# postmulti -e init # postmulti -I postfix-mail-out2 -G out-only -e create # postmulti -I postfix-mail-out3 -G out-only -e create
We configure instansa. The configuration files will be in / etc / postfix-mail-out2 and postfix-mail-out3, respectively. Open /etc/postfix-mail-out2/main.cf . We register HELO, external and internal IP:
myhostname = mail-out2.example.com smtp_bind_address = xxx2 smtp_helo_name = mail-out2.example.com inet_protocols = ipv4 inet_interfaces = xxx2, yyy2
Since additional instances will only deal with sending mail, it is necessary to prohibit local delivery and register where the relay is possible from:
mydestination = alias_maps = alias_database = local_recipient_maps = local_transport = error: 5.1.1 Mailbox unavailable mynetworks = / etc / postfix / mynetworks
To be able to transfer mail from one physical server to another on the inside of a local area network, you need to add another transport, let's call it lrelay. We do this in the master.cf of each instance. Add a line:
lrelay unix - - - - - smtp -o smtp_bind_address = yyy2
It will be possible to transfer from one server to another via transport_maps . Register in each instance:
transport_maps = hash: / etc / postfix-mail-out1 / transport
For example, to send all mail-out1 emails to mail-out2. Add the line to / etc / postfix-mail-out1 / transport :
* lrelay: yyy3
The second instance is configured in the same way, only the IP changes.
After setup it is necessary to activate instansa:
# postmulti -i postfix-mail-out2 -e enable # postmulti -i postfix-mail-out3 -e enable
And restart postfix:
# /etc/init.d/postfix restart
Restarting, starting and stopping individual instances can be done through postmulti:
# postmulti -i postfix-mail-out2 -p start / stop # postmulti -i postfix-mail-out3 -p start / stop
Check who is running and who is not:
# postfix status postfix / postfix-script: the Postfix mail system is running: PID: 762 postfix-mail-out2 / postfix-script: the Postfix mail system is running: PID: 114 postfix-mail-out3 / postfix-script: the postfix mail system is running: PID: 149
Now we have 3 separate queues that can be pre-configured at will.
I have dkim and domainkey daemons running outgoing letters for the main postfix and additional instances.
For each instance, you can configure any filters and connect everything you need, spamassin, gerylist, etc.
How and for what the following configuration can be used:
- bulk mailing, you can have on the same server a lot of IP from which the mailing is carried out with individual settings
- high performance
- Often, large postal services limit the reception of letters over IP; having a few can improve the delivery of more letters.
- virtual mail secure hosting
- for each domain, you can customize your copy
- complex processing of letters, at the server level
- for example, internal correspondence is processed without filters
- external correspondence is processed more strictly, spam, gray and sheets, for example
Some useful links for configuring Postfix \ a:
- OpenDKIM + Postfix = just
- DKIM + Postfix = just
- Antispam by postfix + spamassassin
- Protecting mail server users from spammers - a few steps to help you send spammers away
PS What is the work of the service without statistics. In this regard, I wrote an extension for Cacti which will collect statistics from each instance on the number of letters in queues via SNMP. I will write this in a separate post.
Ask questions, I will be glad to help.
Source: https://habr.com/ru/post/167269/
All Articles