on
dns
technitium
ubuntu
- Get link
- X
- Other Apps
If you run your own mail server it is a good idea to have a MX backup in place. When your mail server goes down or you need to upgrade it, the MX backup will step in and store all mail until the mail server is back up.
Postfix is a mail server that started life at IBM research as an alternative to the widely-used Sendmail program.
1. Install postfix and others useful packages (optional).
sudo apt-get install postfix nano rsyslog logrotate cron2. Edit /etc/postfix/main.cf to setup your relay domains.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination #or use reject_unauth_destinationmyhostname = mx3.domain1.commaximal_queue_lifetime = 5d# relay domains setuprelay_recipient_maps =relay_domains = domain1.comrelay_transport = smtp:mx1.domain1.com:253. If you want to setup backup relay for multiple domain, setup as below.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination #or use reject_unauth_destinationmyhostname = mx3.domain1.com# relay domains setuprelay_recipient_maps =relay_domains = hash:/etc/postfix/relaydomainstransport_maps = hash:/etc/postfix/transportmaps3.1 Create both /etc/postfix/relaydomains and /etc/postfix/transportmaps for the relay domains and transport entry.
#/etc/postfix/relaydomainsdomain1.com OKdomain2.com OKdomain3.com OK#/etc/postfix/transportmapsdomain1.com smtp:mail.domain1.com:25domain2.com smtp:mail.domain2.com:587domain3.com smtp:[192.168.10.20]:253.2 Run postmap to create the hash files.
sudo postmap /etc/postfix/relaydomainssudo postmap /etc/postfix/transportmaps4. Restart postfix service with the new changes.
sudo systemctl restart postfix 5. Configure iptables and Oracle Cloud's VCN ingress rules to allow smtp port 25 access.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
6. Setup your domain MX record to use your backup MX as secondary.
7. Double check your backup MX is not an open relay too.
8. To test your backup MX, disable your primary email server and monitor incoming email to your backup MX.
9. You might want to bypass SPF checking on your primary MX for the backup MX to prevent some SPF checking issue.
May 23 17:25:34 pmg postfix/smtpd[5463]: NOQUEUE: reject: RCPT from unknown[158.101.136.218]: 554 5.7.1 <user1@domain1.com>: Recipient address rejected: Rejected by SPF: 158.101.136.218 is not a designated mailserver for groupupdates%40facebookmail.com (context mfrom, on pmg.domain1.com); from=<groupupdates@facebookmail.com> to=<user1@domain1.com> proto=ESMTP helo=<mx3.domain1.com>
Comments