Re: Relaying and forwarding between multiple servers
Hi Chris, On 24/05/2020 21:46, Christian Baer wrote: I want to move the full fledged server That server is known as the 'primary mail exchanger' (primary MX). to the machine in my basement You'll need a static IP address from your home ISP, and be able to set the reverse DNS to match the forward DNS hostname. Can your home ISP provide static IP addresses and reverse DNS hostname management? If not, don't proceed with this project. and want to use mx1, mx2 and mx3 as smart hosts that accept mail for my domains and forward it to the server in my basement. Mail smart hosts are sending hosts on a LAN that are smart enough to know which hosts on the LAN to relay outbound mail for. I think you mean you want your remote rented servers to all be backup MX machines, as mx2 & mx3 are now. Simple:- configure mx1 as another backup and have your home machine as mx0 (i.e;- the primary MX server). They also should relay mail sent from this server. Perfect would be a setup where they'll be used round robin. DNS is your friend: configure relay.mail.your.domain with the IP address of all 3 remote mail servers. Use this DNS hostname as your outbound relay. Set your authoritative DNS daemon (NSD, BIND, etc.) to serve records in round-robin fashion. Done! But if you have a static IP address & rDNS at home, you don't need to relay via your remote servers. Your primary MX can send to the world. Cheers, Craig.
Relaying and forwarding between multiple servers
Hi, at the moment I have 4 servers. 3 of them are rented VPSes and 1 is in my basement. On the rented ones I run opensmtpd. 1 of them (mx1) is a full fledged setuo with opensmtpd, rspamd and dovecot. The other ones (mx2 and mx3) act as backup MXes. I want to move the full fledged server to the machine in my basement and want to use mx1, mx2 and mx3 as smart hosts that accept mail for my domains and forward it to the server in my basement. They also should relay mail sent from this server. Perfect would be a setup where they'll be used round robin. At the moment my config looks like this On mx1: ext_if=vtnet0 pki mail.dblx.io cert "/usr/local/etc/ssl/mail.dblx.io/fullchain.pem" pki mail.dblx.io key "/usr/local/etc/ssl/mail.dblx.io/privkey.pem" pki mx1.dblx.io cert "/usr/local/etc/ssl/mx1.dblx.io/fullchain.pem" pki mx1.dblx.io key "/usr/local/etc/ssl/mx1.dblx.io/privkey.pem" smtp ciphers "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA" srs key "" # srs key backup "" filter "rdns" phase connect match !rdns junk filter "fcrdns" phase connect match !fcrdns junk filter "rspamd" proc-exec "/usr/local/libexec/opensmtpd/opensmtpd-filter-rspamd" table aliases file:/usr/local/mail/aliases table domains file:/usr/local/mail/domains table passwd passwd:/usr/local/mail/passwd table virtuals file:/usr/local/mail/virtuals # Inbound listen on $ext_if port 25 tls pki "mx1.dblx.io" hostname mx1.dblx.io filter { "rdns", "fcrdns", "rspamd" } action "RECV" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual #action "RECV" lmtp "10.0.0.20:24" rcpt-to virtual match from any for domain action "RECV" # Outbound listen on $ext_if port 465 smtps pki "mail.dblx.io" auth hostname mx1.dblx.io filter "rspamd" listen on $ext_if port 587 tls-require pki "mail.dblx.io" auth hostname mx1.dblx.io filter "rspamd" action "SEND" relay srs match from any auth for any action "SEND" On mx2: ext_if=vtnet0 pki mx2.dblx.io cert "/usr/local/etc/ssl/mx2.dblx.io/fullchain.pem" pki mx2.dblx.io key "/usr/local/etc/ssl/mx2.dblx.io/privkey.pem" smtp ciphers "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SS Lv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-S HA" srs key "" # srs key backup "" table domains file:/usr/local/mail/domains filter "rdns" phase connect match !rdns junk filter "fcrdns" phase connect match !fcrdns junk listen on $ext_if port 25 tls pki "mx2.dblx.io" hostname mx2.dblx.io filter { "rdns", "fcrdns" } action "forward" relay backup ttl 4d match from any for domain action "forward" The config for mx3 is the same as for mx2. What are the nessessary bits to get my plan working? Must I run DKIM signing at the sending host at home or at the mx that is used for sending? Best regards Chris -- Christian Baer E-Mail: ch...@debilux.org Mobil: +49 160 969 769 37 Naheweinstr. 44, D-55450 Langenlonsheim