On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra
wrote:
> I've been trying to set up a Backup MX with a MySQL backend. I have my
> primary working well with MySQL and Postfixadmin frontend. But up till now,
> I've always set up my backup MX with a standard Postfix setup using Berkley
> DB files.
>
> I've tried to setup my new Backup MX with MySQL backend. I've found good
> tutorials for setting up Backup MX in the traditional manner. And there are
> plenty of tutorials for settup a PRIMARY MX with MySQL. But ones for both
> are far and few between.
>
> I ran through this one first as a scaffold:
>
> https://www.linuxbabe.com/mail-server/how-to-set-up-a-backup-email-server-postfix-ubuntu
>
>
> and then made modifications based on this:
>
>
> https://sourceforge.net/p/postfixadmin/wiki/Relay_domains/
>
>
> But in the postfix MySQL database, even when the domain table has a given
> domain set to backupmx = '1', it still delivers locally in the virtual mail
> directory.
>
> So I'm wondering if someone might give my main.cf a lookover and see what
> I've neglected:
>
>
> # See /usr/share/postfix/main.cf.dist for a commented, more complete version
>
>
> # Debian specific: Specifying a file name will cause the first
> # line of that file to be used as the name. The Debian default
> # is /etc/mailname.
> #myorigin = /etc/mailname
>
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> biff = no
>
> # appending .domain is the MUA's job.
> append_dot_mydomain = no
>
> # Uncomment the next line to generate "delayed mail" warnings
> #delay_warning_time = 4h
>
> readme_directory = no
>
> # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
> # fresh installs.
> compatibility_level = 2
>
>
>
> # TLS parameters
> smtpd_tls_cert_file = /etc/letsencrypt/live//fullchain.pem
> smtpd_tls_key_file = /etc/letsencrypt/live//privkey.pem
> smtpd_use_tls=yes
> smtpd_tls_auth_only = yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
Not relevant, but the above line isn't needed (since Postfix 2.11).
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>
> # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
> # information on enabling SSL in the smtp client.
>
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
> defer_unauth_destination
> myhostname =
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination = $myhostname, ca2ceus.wtfayla.net, localhost
Does the value of $myhostname refer to the primary MX host by any chance?
If so, the above line would cause the secondary MX host to deliver locally.
But that's probably not it (if all occurrences of refer to the
same hostname). The certificate there is for the host name
ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname).
> mynetworks = 127.0.0.1/32 localhost /29 server's subnet>/29
> relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
The line above looks wrong. Comments only start at the
start of a line (after spaces/tabs is ok). If this is
the cause of the problem (i.e., postfix trying to relay
to an incorrect hostname), there would probably be log
messages to indicate that. But that's probably not it
either. Postfix wouldn't deliver locally if it thought
it was supposed to relay but failed.
> #mynetworks = 127.0.0.0/8, 174.138.48.1/20
> maximal_queue_lifetime = 10d
> minimal_backoff_time = 4000s
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = all
> inet_protocols = ipv4
> # virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
>
> virtual_mailbox_domains =
> mysql:/etc/postfix/mysql_virtual_domain_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf
>
> # virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf
>
> virtual_alias_maps =
> mysql:/etc/postfix/mysql_alias_maps.cf,
> mysql:/etc/postfix/mysql_alias_domain_maps.cf,
> mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf
>
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> smtp_tls_security_level = may
> smtpd_tls_security_level = may
> smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1
> smtp_tls_note_starttls_offer = yes
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
> smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
>
> # relay_recipient_maps =