Hello everyone,
I am unexpectedly moving house in a couple days, and my on-prem
mail-server is going to have to be down while I move. I don't want to
miss any emails while this is occurring. I have a mail relay running in
a VPS that forwards all sent/received envelopes to/from my on-prem mail
server via a wireguard tunnel (workaround for residential ISP).
Both servers run OpenSMTPD. The on-prem server is not directly reachable
from the internet, and it sends and receives all mail through that
relay. I've attached the configs for both systems.
I figured the least invasive way is likely to hold inbound envelopes on
my relay indefinitely (or as close to that as possible) even if they
bounce. The way I picture doing this is by tweaking the queue to hold
envelopes for longer than 4 days with a much faster retry interval that
doesn't increase over time. I found the following config directives that
look relevant:
action ttl
queue ttl
mta max-deferred
bounce warn-interval (I'm assuming I want this to be as long as
possible, so folks don't get irrelevant bounce warnings)
My questions are:
Which of these should I use to get the job done?
Is there any way to make the retry interval static?
Is this even the best way to do this?
Thanks in advance,
--
Tyler Amick
PGP Fingerprint: 8EAC 2FB2 21A3 98DE 7A19 EE0E 63BF 906B 9FCB B6F1
PGP Public Key:
https://keys.openpgp.org/vks/v1/by-fingerprint/8EAC2FB221A398DE7A19EE0E63BF906B9FCBB6F1
# On-prem configuration
pki mail.i.amick.us cert "/etc/lego/certificates/_.i.amick.us.crt"
pki mail.i.amick.us key "/etc/lego/certificates/_.i.amick.us.key"
table aliases file:/etc/smtpd/aliases
table localdomains file:/etc/smtpd/domains
filter rspamd proc-exec "filter-rspamd"
listen on 0.0.0.0 tls pki mail.i.amick.us auth-optional filter rspamd
listen on 0.0.0.0 port submission tls-require pki mail.i.amick.us auth filter
rspamd
action "local" maildir alias <aliases>
action "relay" relay helo mail.i.amick.us host smtp://192.168.254.3
match from any for domain <localdomains> action "local"
match from any auth for any action "relay"
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
# Relay configuration
pki relay.amick.us cert "/etc/letsencrypt/live/relay.amick.us/fullchain.pem"
pki relay.amick.us key "/etc/letsencrypt/live/relay.amick.us/privkey.pem"
table localdomains file:/etc/smtpd/domains
table noforging { "@amick.us", "@tyleramick.us" }
listen on 0.0.0.0 tls pki relay.amick.us auth-optional
action "relay" relay helo relay.amick.us
action "localrelay" relay helo relay.amick.us host smtp://10.1.2.8
match from src 10.1.2.8 for any action "relay"
match from mail-from <noforging> for any reject
match from any for domain <localdomains> action "localrelay"
