Re: Backup MX with MySQL backend
On Tue, Nov 29, 2022 at 03:44:02PM -0500, Jonathan Capra wrote: > > On Tue, 29 Nov 2022, raf wrote: > > > On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra > > wrote: > > > > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > > > > Not relevant, but the above line isn't needed (since Postfix 2.11). > > I commented this out. > > > > > mydestination = $myhostname, ca2ceus.wtfayla.net, localhost > > > > Does the value of $myhostname refer to the primary MX host by any chance? > > If so, the above line would cause the secondary MX host to deliver locally. > > But that's probably not it (if all occurrences of refer to the > > same hostname). The certificate there is for the host name > > ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname). > > Just looks like I forgot to s/ca2ceus.wtfayla.net//g for > one instant. Now that the cat is out of the bag, caduceus.wtfayla.net is > $myhostname, and ca2ceus.wtfayla.net is just a CNAME to the former. There goes that theory. Sorry, I'm out of ideas. > > > relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 > > > > The line above looks wrong. Comments only start at the > > start of a line (after spaces/tabs is ok). If this is > > the cause of the problem (i.e., postfix trying to relay > > to an incorrect hostname), there would probably be log > > messages to indicate that. But that's probably not it > > either. Postfix wouldn't deliver locally if it thought > > it was supposed to relay but failed. > > Turns out it's just a case of carriage returns somehow getting lost when > pasting into the email. It really looks like this: > > relayhost = > #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 > #mynetworks = 127.0.0.0/8, 174.138.48.1/20 > > > But that means that relayhost is empty. Should it be set to $mynetworks? No. It should be empty for an MX host. relayhost is mostly used for home systems that send all outgoing email via an ISP's SMTP server because they can't or don't want to allow arbitrary outgoing connections to port 25. > > > transport_maps = # hash:/etc/postfix/transport_maps, > > > mysql:/etc/postfix/mysql_relay_transports.cf > > > > The apparent comment above is also wrong. Move it to a line > > of its own. Perhaps that's relevant if transports are used > > to relay to the primary MX host. > > Same deal with the email formatting. It really looks like this: > > transport_maps = > # hash:/etc/postfix/transport_maps, > mysql:/etc/postfix/mysql_relay_transports.cf > > > > I hope that helps a bit. But it might not be enough to > > solve the problem. > > > > cheers, > > raf > > > >
Re: Backup MX with MySQL backend
On Tue, 29 Nov 2022, raf wrote: On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra wrote: smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache Not relevant, but the above line isn't needed (since Postfix 2.11). I commented this out. mydestination = $myhostname, ca2ceus.wtfayla.net, localhost Does the value of $myhostname refer to the primary MX host by any chance? If so, the above line would cause the secondary MX host to deliver locally. But that's probably not it (if all occurrences of refer to the same hostname). The certificate there is for the host name ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname). Just looks like I forgot to s/ca2ceus.wtfayla.net//g for one instant. Now that the cat is out of the bag, caduceus.wtfayla.net is $myhostname, and ca2ceus.wtfayla.net is just a CNAME to the former. relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 The line above looks wrong. Comments only start at the start of a line (after spaces/tabs is ok). If this is the cause of the problem (i.e., postfix trying to relay to an incorrect hostname), there would probably be log messages to indicate that. But that's probably not it either. Postfix wouldn't deliver locally if it thought it was supposed to relay but failed. Turns out it's just a case of carriage returns somehow getting lost when pasting into the email. It really looks like this: relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 #mynetworks = 127.0.0.0/8, 174.138.48.1/20 But that means that relayhost is empty. Should it be set to $mynetworks? transport_maps = # hash:/etc/postfix/transport_maps, mysql:/etc/postfix/mysql_relay_transports.cf The apparent comment above is also wrong. Move it to a line of its own. Perhaps that's relevant if transports are used to relay to the primary MX host. Same deal with the email formatting. It really looks like this: transport_maps = # hash:/etc/postfix/transport_maps, mysql:/etc/postfix/mysql_relay_transports.cf I hope that helps a bit. But it might not be enough to solve the problem. cheers, raf
Re: Backup MX with MySQL backend
On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra wrote: > I've been trying to set up a Backup MX with a MySQL backend. I have my > primary working well with MySQL and Postfixadmin frontend. But up till now, > I've always set up my backup MX with a standard Postfix setup using Berkley > DB files. > > I've tried to setup my new Backup MX with MySQL backend. I've found good > tutorials for setting up Backup MX in the traditional manner. And there are > plenty of tutorials for settup a PRIMARY MX with MySQL. But ones for both > are far and few between. > > I ran through this one first as a scaffold: > > https://www.linuxbabe.com/mail-server/how-to-set-up-a-backup-email-server-postfix-ubuntu > > > and then made modifications based on this: > > > https://sourceforge.net/p/postfixadmin/wiki/Relay_domains/ > > > But in the postfix MySQL database, even when the domain table has a given > domain set to backupmx = '1', it still delivers locally in the virtual mail > directory. > > So I'm wondering if someone might give my main.cf a lookover and see what > I've neglected: > > > # See /usr/share/postfix/main.cf.dist for a commented, more complete version > > > # Debian specific: Specifying a file name will cause the first > # line of that file to be used as the name. The Debian default > # is /etc/mailname. > #myorigin = /etc/mailname > > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > biff = no > > # appending .domain is the MUA's job. > append_dot_mydomain = no > > # Uncomment the next line to generate "delayed mail" warnings > #delay_warning_time = 4h > > readme_directory = no > > # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on > # fresh installs. > compatibility_level = 2 > > > > # TLS parameters > smtpd_tls_cert_file = /etc/letsencrypt/live//fullchain.pem > smtpd_tls_key_file = /etc/letsencrypt/live//privkey.pem > smtpd_use_tls=yes > smtpd_tls_auth_only = yes > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache Not relevant, but the above line isn't needed (since Postfix 2.11). > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for > # information on enabling SSL in the smtp client. > > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated > defer_unauth_destination > myhostname = > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = $myhostname, ca2ceus.wtfayla.net, localhost Does the value of $myhostname refer to the primary MX host by any chance? If so, the above line would cause the secondary MX host to deliver locally. But that's probably not it (if all occurrences of refer to the same hostname). The certificate there is for the host name ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname). > mynetworks = 127.0.0.1/32 localhost /29 server's subnet>/29 > relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 The line above looks wrong. Comments only start at the start of a line (after spaces/tabs is ok). If this is the cause of the problem (i.e., postfix trying to relay to an incorrect hostname), there would probably be log messages to indicate that. But that's probably not it either. Postfix wouldn't deliver locally if it thought it was supposed to relay but failed. > #mynetworks = 127.0.0.0/8, 174.138.48.1/20 > maximal_queue_lifetime = 10d > minimal_backoff_time = 4000s > mailbox_size_limit = 0 > recipient_delimiter = + > inet_interfaces = all > inet_protocols = ipv4 > # virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf > > virtual_mailbox_domains = > mysql:/etc/postfix/mysql_virtual_domain_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf > > # virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf > > virtual_alias_maps = > mysql:/etc/postfix/mysql_alias_maps.cf, > mysql:/etc/postfix/mysql_alias_domain_maps.cf, > mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf > > virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf > virtual_transport = lmtp:unix:private/dovecot-lmtp > smtp_tls_security_level = may > smtpd_tls_security_level = may > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 > smtp_tls_note_starttls_offer = yes > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_sasl_type
Backup MX with MySQL backend
I've been trying to set up a Backup MX with a MySQL backend. I have my primary working well with MySQL and Postfixadmin frontend. But up till now, I've always set up my backup MX with a standard Postfix setup using Berkley DB files. I've tried to setup my new Backup MX with MySQL backend. I've found good tutorials for setting up Backup MX in the traditional manner. And there are plenty of tutorials for settup a PRIMARY MX with MySQL. But ones for both are far and few between. I ran through this one first as a scaffold: https://www.linuxbabe.com/mail-server/how-to-set-up-a-backup-email-server-postfix-ubuntu and then made modifications based on this: https://sourceforge.net/p/postfixadmin/wiki/Relay_domains/ But in the postfix MySQL database, even when the domain table has a given domain set to backupmx = '1', it still delivers locally in the virtual mail directory. So I'm wondering if someone might give my main.cf a lookover and see what I've neglected: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/letsencrypt/live//fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live//privkey.pem smtpd_use_tls=yes smtpd_tls_auth_only = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, ca2ceus.wtfayla.net, localhost mynetworks = 127.0.0.1/32 localhost /29 /29 relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 #mynetworks = 127.0.0.0/8, 174.138.48.1/20 maximal_queue_lifetime = 10d minimal_backoff_time = 4000s mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 # virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf # virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql_alias_maps.cf, mysql:/etc/postfix/mysql_alias_domain_maps.cf, mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf virtual_transport = lmtp:unix:private/dovecot-lmtp smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination # relay_recipient_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf transport_maps = # hash:/etc/postfix/transport_maps, mysql:/etc/postfix/mysql_relay_transports.cf relay_domains = mysql:/etc/postfix/mysql_relay_domain_maps.cf, mysql:/etc/postfix/mysql_relay_alias_domain_maps.cf relay_recipient_maps = mysql:/etc/postfix/mysql_alias_maps.cf, mysql:/etc/postfix/mysql_alias_domain_maps.cf, mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf # Increase attachment size to 50 MB message_size_limit = 52428800