How can I configure postfix as a receive only intranet mail server??
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
How can I configure postfix as a receive only intranet mail server??
As the title suggests I have a strange request as I'm building kind of a Frankenstein development box. The ultimate goal is to have my other servers email specially formated daily/periodic reports to my dev box and have a custom script parse the emails in order to dynamically generate wiki pages on media wiki.
I'm sure you imagine the usefulness of such a project.
However, I'm fairly new to configuring postfix and despite a lot of googling and forum trolling I can't seem to find anyone that's attempted to build a receive only server (however I did find plenty of send only's).
Let me clarify, I do need to be able to send mail out, but only from root@mysever.mydomain.com and only to my existing mail server (zimbra FOSS on Ubuntu) to be delivered to my internal email address for reports and such.
here are the details:
HP proliant ML330 server
Ubuntu 8.04 LTS Server
Local network is 192.168.0.0/16
hostname dev.mydomain.com
*edit* uname 2.6.24-19-server
I need to have other servers email from their respective root accounts (root@server.mydomain.com) to "wiki@dev.mydomain.com" and stored in /home/wiki/Maildir/
I will then parse the individual messages stored there with a shell script and I will ask about the mediawiki piece of it in another thread.
I ran sudo apt-get install postfix and choose the option for internet and smart host
and I edited the /etc/postfix/main.cf to use Maildir/ over mbox.
Issue 1) Just to make sure the system is up and running, I tried to telnet to port 25 and ehlo / mail to. It will accept from root@dev.mydomain.com but not accept rcpt to wiki@dev.mydomain.com showing an error "Unable to relay for wiki@dev.mydomain.com"
Issue 2) Now how do I get it to receive only from specificuser@*.mydomain.com and send only from root@dev.mydomain.com? I do not need or want this server to be fully qualified, and I want it to deny any sender OTHER than a list I specify.
Issue 3) At this time the /home/anyuser/Maildir/ isn't present. Do I have to run something special to get these to populate?
Advice?
-TM
Last edited by t3chn0m0nk3y; 09-05-2008 at 08:39 AM.
Issue 1) Show postconf -n and relevant log lines that shows the failure.
Issue 2) Postfix will accept mail for only listed recipients from the relevant recipient classes. You can use a check_recipient_access list to reject all but the single address you want. Same with senders, but using check_sender_access.
Issue 3) The simplest way is to send a mail message to that user - postfix will create the maildir. You can use commands such as maildirmake to create the maildir's as well.
Sep 8 07:44:38 vpdev postfix/smtp[3982]: fatal: open database /etc/postfix/generic.db: No such file or directory
Sep 8 07:44:39 vpdev postfix/master[1100]: warning: process /usr/lib/postfix/smtp pid 3982 exit status 1
Sep 8 07:44:39 vpdev postfix/master[1100]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
(repeated)
Iĺl see if I can google the check_send/recip_access lists and report back.
not sure how to use maildirmake, i've heard of it before, but when I try to run from command line it gives an error. apt-get doesn't recognize it either? Please give a little more info - still a newb with mail services.
1) wiki@dev.mydomain.com is not accepted as a recipient because you don't have a local wiki user defined (eg. /etc/passwd, or the postfix alias database /etc/aliases). /etc/passwd and /etc/aliases are for LOCAL users (eg. those with unix/linux user accounts). So you either need to create the user wiki on the dev.mydomain.com system, or use a virtual mailbox.
2) Don't use google as your first source for these postfix questions; use the very good postfix documentation first, and google for additional help:
main.cf:
smtpd_sender_restrictions =
check_sender_access pcre:/etc/postfix/sender_checks
permit
/etc/postfix/sender_checks:
/^root@dev\.mydomain\.com$/ OK
/^specificuser@.*\.mydomain\.com$/ OK
/./ REJECT This mail server does not accept mail from you
This accepts mail sent from root@dev.mydomain.com and specificuser at any subdomain under mydomain.com. You can replace the ".*" subdomain with specific subdomains, duplicating the line and setting the specific subdomain. You should know that envelope sender is trivial to spoof, so this is not a strong form of access control.
Consider that there may be other local accounts that you may want to receive email from.
I don't understand your statement about not wanting a fully qualified domain name, yet your examples are all fully qualified!
3) Just send a test email to the user to create the user's Maildir.
Actually i did create a user 'wiki' and set a password and verify that all the account details were in place before attempting to mail to it. So I'm not sure what to say in response, maybe you can revisit the unable to receive mail issue knowing this? Is there any further info I can supply?
I also did scroll through the postfix docs heavily, but honestly some of it was rather cryptic. Upon which I moved to google. But I will definately work off your supplied code to see if I can get things moving in the right direction - THANKS!
To answer your question about using a FQDN: our local domain is actually something.mydomain.com and is internally managed by a windows 2003 PDC. However our internal servers are NOT visible to the external domain which is more accurately mydomain.com. We have a set number of ext. IP addresses and they are assigned through a hardware firewall to forward those ports to the appropriate servers (such as our actual mail server and a sun global desktop server). Why it was set up like this I have no idea, i'm a new hire and everything was...well, cluster-f***d when I got here. So I DO NOT want the dev box to be visible outside of our intranet, but visible to everything in side of our 192.168.0.0/16 network, which is controlled by our windows PDC/DNS server.
-TM
Last edited by t3chn0m0nk3y; 09-09-2008 at 08:55 AM.
Well, seems some things are working now, others are not.
Running the postmap /etc/postfix/generic seemed to allow one of the messages from root@ to push through and be delivered.
I also did another EHLO test:
telnet localhost 25
trying 127.0.0.1...
Escape charater is '^]'.
220 dev.mydomain.com ESMTP Postfix (Ubuntu)
EHLO
501 syntax: EHLO hostname
MAIL FROM: me@dev.mydomain.com
250 2.1.0 Ok
RCPT TO: me@mydomain.com
250 2.1.5 Ok
DATA
354 End data with <CF><LF>.<CF><LF>
test message
.
250 2.0.0 Ok: queued as 3E42B13C10B
looked good. but it never got delivered. what else can I check?
This shows the mail was queued for delivery, but does not show anything after that. Always show the relevent postfix logs for the mail queue ID (in this case 3E42B13C10B):
/var/log/mail.info.0:Sep 11 08:15:37 vpdev postfix/smtp[20483]: 3E42B13C10B: to=<me@mydomain.com>, relay=none, delay=44, delays=44/0.04/0.02/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=mydomain.com type=A: Host found but no data record of requested type)
shows that your DNS server to the recipient domain "mydomain.com" is not returning correct results. Either a proper MX or A record must be returned. But why is postfix trying to find where to send mail? Because it does not consider itself final destination for the recipient. Let's see why:
In your last postconf -n output, mydestination was:
This would not let postfix believe that me@mydomain.com is a local email address. You would have to add mydomain.com to mydestination if you wanted mail delivered locally. Or, you have to change the recipient address to me@dev.mydomain.com.
I understand, however for the sake of clarifiation, if me@mydomain.com is an actual address on our actual mail server (mail.mydomain.com) which is publicly accessible, is where I want the outgoing mail from wiki@dev.int.mydomain.com to go, how would it find it if I change destinations to allow me@mydomain.com to be local??
These are weird results. Shouldnt the MX record point to the external address of the mail server?
We have a windows DNS server configured to allow internal access, but you dig mail.mydomain.com it forces external resolution to the real world. Since all internal mail clients are configured to connect to "mail.mydomain.com" it always does external name caching.
I think there are a number of confusions here; the terminology you are using is somewhat loose, and may be causing some of the confusion. Concepts that need to be clear:
1) Internal (LAN) vs. External (WAN) DNS.
2) MX and A records.
3) How postfix knows the domains for which it is the final (or relay) destination.
1) It appears that layer8hosting.com is the authoritative DNS server for your domain:
Code:
$ dig vpsupply.com
; <<>> DiG 9.5.0-P2 <<>> vpsupply.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49761
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;vpsupply.com. IN A
;; ANSWER SECTION:
vpsupply.com. 2829 IN A 74.43.252.133
;; AUTHORITY SECTION:
vpsupply.com. 2829 IN NS dns1.layer8hosting.com.
vpsupply.com. 2829 IN NS dns2.layer8hosting.com.
You also need to run an internal (LAN-based) DNS server that provides DNS resolution for your postfix server which appears to be on NAT'd LAN addresses. So you are creating a split-DNS system, where you provide LAN answers to LAN clients, and the other server provides WAN answers to querying clients on the WAN.
2) MX and A records on the WAN-facing DNS server must be WAN IP addresses. And they are:
Code:
$ host vpsupply.com
vpsupply.com has address 74.43.252.133
vpsupply.com mail is handled by 10 mail.vpsupply.com.
But for the LAN, you use LAN IP addresses. Hence the split-view DNS indicated in (1). The MX record points to your mail server's IP address; the public IP on the WAN DNS side, and the private IP on the LAN side. Same for A records.
3) Postfix knows it is final destination if the mail domains are listed in mydestination (for the local address class). So, you must configure mydestination correctly. We'll ignore the virtual alias domains, and virtual mailbox domains for now, as well as virtual aliases.
Hopefully this clarifies some things a bit. You've already exposed your real domain (vpsupply.com), and since it is public there is no worry about using it. In further discussions here, just use it and exact server names to help keep things straight.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
