LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-01-2011, 05:37 AM   #1
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Rep: Reputation: 50
how to map local addresses to FQDN addresses with postfix


I'm hoping there's a postfix wiz out there who might spare a moment to help me sort a problem. I've got an Amazon EC2 instance with postfix set up to use Amazon SES for mail delivery (which is a total pain). The particular problem I'm having is that samhain (a security tool) cannot send its email notifications. Some important things about this configuration:
1) I don't want any mail at all being delivered to a mailbox on this machine. All mail destined for mydomain should be sent to Google Apps.
2) I DO want mail sent to 'root' or 'root@localhost' to be emailed to a real FQDN address, e.g., admin@mydomain.com
3) I don't want this machine accepting any remote mail connections via SMTP or otherwise.
4) Any email sent out to the internet from this machine must be sent via Amazon SES because Amazon puts all their EC2 IP addresses on a 'policy block list' -- in other words they don't really permit outgoing mail to be sent directly from these EC2 instances.

How can I make sure that mail sent from this server to root@localhost is sent to admin@mydomain.com?
Right now, with my current config (see below), sending mail to root@localhost gets an error. I use sendmail thusly:
Code:
$ sendmail -t
To: root@localhost
Subject: test email
Here is a test mail 
.
The mail log shows this error:
Code:
Aug  1 09:24:36 ip-10-100-237-252 postfix/error[32027]: 00EE97214B: to=<root@localhost.mydomain.com>, orig_to=<root@localhost>, relay=none, delay=20, delays=20/0.01/0/0.01, dsn=5.0.0, status=bounced (local delivery is disabled)
Interestingly, just sending mail to 'root' using sendmail results in mail being successfully delivered to root@mydomain.com:
Code:
$ sendmail -t
To: root
Subject: just 'root' my brutha
Testing mail from the server here.  This just send to 'root'.
.
HOWEVER, samhain somehow fails when I set 'root' as the target email address. From the samhain log:
Code:
ERROR  :  [2011-08-01T08:49:56+0000] msg=<Timeout on SMTP session init>, subroutine=<sh_mail_start_conn>, service=<mail>, host=<ip-WWW-XXX-YYY-ZZZ.ec2.internal>
F2C9747FC601DD241C1A6C1E4EB204F66551F01EADAE619F
ERROR  :  [2011-08-01T08:49:56+0000] msg=<Service failure>, service=<mail>, obj=<root>
2D4295AB3335E918BDD097884A103A04A37620285A5924B1
I'm hoping that I can solve this problem by altering my postfix configuration. Any emails sent to either "root", "root@localhost", or "root@mydomain.com" should all get sent out on the internet from this server to root@mydomain.com. I've been consulting the postfix docs and find them confusing. Here is some detail on my setup:
Code:
$ sudo postconf -n
config_directory = /etc/postfix
default_transport = aws-email
inet_interfaces = loopback-only
local_transport = error:local delivery is disabled
mydomain = mydomain.com
mynetworks_style = host
myorigin = $mydomain
relayhost = $mydomain
smtp_generic_maps = hash:/etc/postfix/generic
smtpd_banner = $myhostname ESMTP $mail_name
Note that I added aws-email to master.cf as described in the Amazon Docs.

Any help would be extremely welcome.
 
Old 08-01-2011, 07:44 AM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644
I'm not a wiz but I'll have a go, I have no experience with aws but here's a few suggestions (you may want to start with the default /etc/postfix/main.cf):-

To redirect mail for root:
Code:
perl -pi -e 's/.*root:.*/root:    user\@domain.tld/' /etc/aliases
newaliases
To prevent the host accepting mail from other hosts:
Code:
postconf -e "inet_interfaces = localhost"
service postfix restart
Forward all outbound email via a relay:
Code:
postconf -e "relayhost = [somehost.somedomain.tld]"
service postfix restart
To forward mail for a specific destination domain to a specific server:
Code:
postconf -e "transport_maps = hash:/etc/postfix/transport"
cat <'EOF' > /etc/postfix/transport
mydomain.tld           :[googleapps.server.google.com]
EOF
postmap /etc/postfix/transport
service postfix restart
I usually just restart postfix because some commands don't kick in with only a reload but I can never remember which ones

cheers
 
1 members found this post helpful.
Old 08-01-2011, 02:46 PM   #3
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Original Poster
Rep: Reputation: 50
Thanks for your post.

That first one sounds very promising for redirecting root. Could you explain to me what it does? Looks to me like you are putting some text in /etc/aliases but I'm not sure exactly what's going on there.

As for the second one, you can see from my original post that I have inet_interfaces set to "loopback-only". I wonder if this might be causing the problem with samhain trying to deliver mail to "root". The samhain error mentions SMTP so I can't help but wonder if samhain is trying to access some host via SMTP rather than using sendmail. I'm not sure of the difference between "localhost" and "loopback-only".

Your third item I think doesn't work all that well with the Amazon SES configuration as mail needs to be sent via Amazon SES which AFAIK is not an SMTP gateway. I have set this up and it's working properly for the most part and is set as the default delivery transport.
 
Old 08-01-2011, 04:49 PM   #4
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Original Poster
Rep: Reputation: 50
OK so I tried adding some aliases to the file /etc/aliases. This has not helped. Adding root and postmaster aliases and mapping them to admin@mydomain.com doesn't really help -- this is working fine without the aliases table thanks to my smtp_generic_maps. Adding 'root@localhost' to the aliases file is rejected when I enter the newaliases command. Apparently the presence of "@localhost" causes a complaint. For example, here's my /etc/aliases file:
Code:
# See man 5 aliases for format
postmaster:     postmaster@mydomain.com
root:           root@mydomain.com
root@localhost: root@mydomain.com
When I run sudo newaliases then there's a complaint:
Code:
postalias: warning: /etc/aliases, line 7: name must be local
This is confusing as there are only 4 lines in my aliases file. There is no line 7. Removing the root@localhost entry eliminates the error, but I still have my problem getting mail delivered to root@localhost (see my original post).

This is probably due to a combination of settings that I have, in particular:
Code:
inet_interfaces = loopback-only
local_transport = error:local delivery is disabled
For some reason, root@localhost gets turned into root@localhost.myplan.com and then is rejected with the message "status=bounced (local delivery is disabled)". This is even more confusing because user "root" (which is OBVIOUSLY a local address) gets properly turned into root@mydomain.com and sent on its merry way and delivered successfully.

I find myself wondering if I need to set local_recipient_maps or have some different value for local_transport.
 
Old 08-01-2011, 07:45 PM   #5
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Original Poster
Rep: Reputation: 50
RE suggestion #1: Tried this, does not solve the problem. Emails to "root" are delivered. Emails to "root@localhost" fail with "local delivery disabled" message. Interesting mail log appears to attempt delivery to root@localhost.mydomain.com

RE Suggestion #2: I believe setting inet_interfaces to loopback-only is the same thing as setting it to localhost, but am not sure. The docs are vague on this point.

RE Suggestion #3: As you can see from my original post, relayhost is set to mydomain.com.

RE Suggestion #4: I've been thinking hard about this and wondering if we could use the aws-email transport that I've defined in master.cf somehow. My thoughts are pretty muddled on this given the zillions of postfix configuration options, but I'm thinking the following:
a) emailing "root" results in successful delivery. Somehow postfix appends @mydomain.com to it and sends it on its merry way.
b) emailing "root@localhost" fails. Somehow postfix appends @mydomain.com to it and then FAILS it because "local delivery is disabled." Weird to me that root doesn't fail as local delivery and root@localhost does. WTF?
c) aliases does not permit remapping of anything with hostname or full domain.
d) I tried adding root@localhost.mydomain.com to /etc/postfix/generic with no luck
e) the mere presence of 'localhost' seems to trigger local delivery regardless of whether other FQDN aspects seem involved.
f) As part of my config effort for a null client, i commented out the 'local' transport in master.cf.


I hope someone might be able to chime in on this. I'm running out of trial and error options here...
 
Old 08-04-2011, 04:18 PM   #6
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Original Poster
Rep: Reputation: 50
Ok so I visited the #postfix IRC chat on freenode and got a nudge in the right direction. The Postfix documentation on rewriting Proved very helpful.

To prevent delivery of any email at all to localhost, it was necessary to disable local transport. That is not enough, though. To tell postfix that this machine is not the destination for any mailboxes at all you must change main.cf so that mydestination has an empty value:
Code:
# in /etc/postfix/main.cf
# no quotes, nothing
mydestination =
This prevents postfix from trying to deliver anything using local transport because it tells postfix that there are NO DOMAINS local or otherwise that should use local transport.

The other issue was that root@localhost was becoming root@localhost.mydomain.com which could cause problems. Postfix offers a couple of values that let you rewrite domains. In particular, masquerade_domains and masquerade_classes. The former allows you to set rules to rewrite certain subdomains into other ones -- it's helpful for canonicalising domains, the cost being that you may prevent delivery to specific machines within the domain. The latter is required if you are to apply this rewriting not just to from addresses but also on to addresses. My settings:
Code:
masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
masquerade_domains = $mydomain
This appears to have solved the problems I was having.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Binding 2 NICs (MAC addresses) to 2 IP Addresses in same Subnet RedHat EL4.0 skhira Linux - Networking 13 02-24-2008 09:16 PM
Binding 2 NICs (MAC addresses) to 2 IP Addresses in same Subnet RedHat EL4.0 skhira Linux - Networking 1 02-09-2008 08:17 AM
mechanics of mapping process memory addresses to physical addresses on amd64 Tischbein Linux - Kernel 2 02-01-2007 09:09 PM
How map the IP Addresses anupverma Linux - Networking 0 07-08-2004 09:11 AM


All times are GMT -5. The time now is 02:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration