Re: Backup MX with MySQL backend
On Tue, Nov 29, 2022 at 03:44:02PM -0500, Jonathan Capra
wrote:
>
> On Tue, 29 Nov 2022, raf wrote:
>
> > On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra
> > wrote:
> >
> > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> >
> > Not relevant, but the above line isn't needed (since Postfix 2.11).
>
> I commented this out.
>
>
> > > mydestination = $myhostname, ca2ceus.wtfayla.net, localhost
> >
> > Does the value of $myhostname refer to the primary MX host by any chance?
> > If so, the above line would cause the secondary MX host to deliver locally.
> > But that's probably not it (if all occurrences of refer to the
> > same hostname). The certificate there is for the host name
> > ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname).
>
> Just looks like I forgot to s/ca2ceus.wtfayla.net//g for
> one instant. Now that the cat is out of the bag, caduceus.wtfayla.net is
> $myhostname, and ca2ceus.wtfayla.net is just a CNAME to the former.
There goes that theory. Sorry, I'm out of ideas.
> > > relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> >
> > The line above looks wrong. Comments only start at the
> > start of a line (after spaces/tabs is ok). If this is
> > the cause of the problem (i.e., postfix trying to relay
> > to an incorrect hostname), there would probably be log
> > messages to indicate that. But that's probably not it
> > either. Postfix wouldn't deliver locally if it thought
> > it was supposed to relay but failed.
>
> Turns out it's just a case of carriage returns somehow getting lost when
> pasting into the email. It really looks like this:
>
> relayhost =
> #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> #mynetworks = 127.0.0.0/8, 174.138.48.1/20
>
>
> But that means that relayhost is empty. Should it be set to $mynetworks?
No. It should be empty for an MX host. relayhost is mostly
used for home systems that send all outgoing email via
an ISP's SMTP server because they can't or don't want to
allow arbitrary outgoing connections to port 25.
> > > transport_maps = # hash:/etc/postfix/transport_maps,
> > > mysql:/etc/postfix/mysql_relay_transports.cf
> >
> > The apparent comment above is also wrong. Move it to a line
> > of its own. Perhaps that's relevant if transports are used
> > to relay to the primary MX host.
>
> Same deal with the email formatting. It really looks like this:
>
> transport_maps =
> # hash:/etc/postfix/transport_maps,
> mysql:/etc/postfix/mysql_relay_transports.cf
>
>
> > I hope that helps a bit. But it might not be enough to
> > solve the problem.
> >
> > cheers,
> > raf
> >
> >
Re: Backup MX with MySQL backend
On Tue, 29 Nov 2022, raf wrote:
On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra
wrote:
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
Not relevant, but the above line isn't needed (since Postfix 2.11).
I commented this out.
mydestination = $myhostname, ca2ceus.wtfayla.net, localhost
Does the value of $myhostname refer to the primary MX host by any chance?
If so, the above line would cause the secondary MX host to deliver locally.
But that's probably not it (if all occurrences of refer to the
same hostname). The certificate there is for the host name
ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname).
Just looks like I forgot to s/ca2ceus.wtfayla.net//g
for one instant. Now that the cat is out of the bag, caduceus.wtfayla.net
is $myhostname, and ca2ceus.wtfayla.net is just a CNAME to the former.
relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
The line above looks wrong. Comments only start at the
start of a line (after spaces/tabs is ok). If this is
the cause of the problem (i.e., postfix trying to relay
to an incorrect hostname), there would probably be log
messages to indicate that. But that's probably not it
either. Postfix wouldn't deliver locally if it thought
it was supposed to relay but failed.
Turns out it's just a case of carriage returns somehow getting lost when
pasting into the email. It really looks like this:
relayhost =
#mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
#mynetworks = 127.0.0.0/8, 174.138.48.1/20
But that means that relayhost is empty. Should it be set to $mynetworks?
transport_maps = # hash:/etc/postfix/transport_maps,
mysql:/etc/postfix/mysql_relay_transports.cf
The apparent comment above is also wrong. Move it to a line
of its own. Perhaps that's relevant if transports are used
to relay to the primary MX host.
Same deal with the email formatting. It really looks like this:
transport_maps =
# hash:/etc/postfix/transport_maps,
mysql:/etc/postfix/mysql_relay_transports.cf
I hope that helps a bit. But it might not be enough to
solve the problem.
cheers,
raf
Re: Backup MX with MySQL backend
On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra
wrote:
> I've been trying to set up a Backup MX with a MySQL backend. I have my
> primary working well with MySQL and Postfixadmin frontend. But up till now,
> I've always set up my backup MX with a standard Postfix setup using Berkley
> DB files.
>
> I've tried to setup my new Backup MX with MySQL backend. I've found good
> tutorials for setting up Backup MX in the traditional manner. And there are
> plenty of tutorials for settup a PRIMARY MX with MySQL. But ones for both
> are far and few between.
>
> I ran through this one first as a scaffold:
>
> https://www.linuxbabe.com/mail-server/how-to-set-up-a-backup-email-server-postfix-ubuntu
>
>
> and then made modifications based on this:
>
>
> https://sourceforge.net/p/postfixadmin/wiki/Relay_domains/
>
>
> But in the postfix MySQL database, even when the domain table has a given
> domain set to backupmx = '1', it still delivers locally in the virtual mail
> directory.
>
> So I'm wondering if someone might give my main.cf a lookover and see what
> I've neglected:
>
>
> # See /usr/share/postfix/main.cf.dist for a commented, more complete version
>
>
> # Debian specific: Specifying a file name will cause the first
> # line of that file to be used as the name. The Debian default
> # is /etc/mailname.
> #myorigin = /etc/mailname
>
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> biff = no
>
> # appending .domain is the MUA's job.
> append_dot_mydomain = no
>
> # Uncomment the next line to generate "delayed mail" warnings
> #delay_warning_time = 4h
>
> readme_directory = no
>
> # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
> # fresh installs.
> compatibility_level = 2
>
>
>
> # TLS parameters
> smtpd_tls_cert_file = /etc/letsencrypt/live//fullchain.pem
> smtpd_tls_key_file = /etc/letsencrypt/live//privkey.pem
> smtpd_use_tls=yes
> smtpd_tls_auth_only = yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
Not relevant, but the above line isn't needed (since Postfix 2.11).
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>
> # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
> # information on enabling SSL in the smtp client.
>
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
> defer_unauth_destination
> myhostname =
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination = $myhostname, ca2ceus.wtfayla.net, localhost
Does the value of $myhostname refer to the primary MX host by any chance?
If so, the above line would cause the secondary MX host to deliver locally.
But that's probably not it (if all occurrences of refer to the
same hostname). The certificate there is for the host name
ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname).
> mynetworks = 127.0.0.1/32 localhost /29 server's subnet>/29
> relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
The line above looks wrong. Comments only start at the
start of a line (after spaces/tabs is ok). If this is
the cause of the problem (i.e., postfix trying to relay
to an incorrect hostname), there would probably be log
messages to indicate that. But that's probably not it
either. Postfix wouldn't deliver locally if it thought
it was supposed to relay but failed.
> #mynetworks = 127.0.0.0/8, 174.138.48.1/20
> maximal_queue_lifetime = 10d
> minimal_backoff_time = 4000s
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = all
> inet_protocols = ipv4
> # virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
>
> virtual_mailbox_domains =
> mysql:/etc/postfix/mysql_virtual_domain_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf
>
> # virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf
>
> virtual_alias_maps =
> mysql:/etc/postfix/mysql_alias_maps.cf,
> mysql:/etc/postfix/mysql_alias_domain_maps.cf,
> mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf
>
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
> mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> smtp_tls_security_level = may
> smtpd_tls_security_level = may
> smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1
> smtp_tls_note_starttls_offer = yes
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
> smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
>
> # relay_recipient_maps =
