Technitium DNS server zone high-availability

on
0

Oracle Cloud VPS: Postfix Incoming Backup MX

on

If you run your own mail server it is a good idea to have a MX backup in place. When your mail server goes down or you need to upgrade it, the MX backup will step in and store all mail until the mail server is back up.

Postfix is a mail server that started life at IBM research as an alternative to the widely-used Sendmail program. 


1. Install postfix and others useful packages (optional).

sudo apt-get install postfix nano rsyslog logrotate cron

2. Edit /etc/postfix/main.cf to setup your relay domains.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination #or use reject_unauth_destination
myhostname = mx3.domain1.com

maximal_queue_lifetime = 5d

# relay domains setup
relay_recipient_maps =
relay_domains = domain1.com
relay_transport = smtp:mx1.domain1.com:25

3. If you want to setup backup relay for multiple domain, setup as below.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination #or use reject_unauth_destination
myhostname = mx3.domain1.com

# relay domains setup
relay_recipient_maps =
relay_domains = hash:/etc/postfix/relaydomains
transport_maps = hash:/etc/postfix/transportmaps

3.1 Create both /etc/postfix/relaydomains and /etc/postfix/transportmaps for the relay domains and transport entry.

#/etc/postfix/relaydomains
domain1.com OK
domain2.com OK
domain3.com OK
#/etc/postfix/transportmaps
domain1.com smtp:mail.domain1.com:25
domain2.com smtp:mail.domain2.com:587
domain3.com smtp:[192.168.10.20]:25

3.2 Run postmap to create the hash files.

sudo postmap /etc/postfix/relaydomains
sudo postmap /etc/postfix/transportmaps

4. Restart postfix service with the new changes.

sudo systemctl restart postfix 

5. Configure iptables and Oracle Cloud's VCN ingress rules to allow smtp port 25 access.

-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

6. Setup your domain MX record to use your backup MX as secondary.

7. Double check your backup MX is not an open relay too.

 

8. To test your backup MX, disable your primary email server and monitor incoming email to your backup MX.

9. You might want to bypass SPF checking on your primary MX for the backup MX to prevent some SPF checking issue.

May 23 17:25:34 pmg postfix/smtpd[5463]: NOQUEUE: reject: RCPT from unknown[158.101.136.218]: 554 5.7.1 <user1@domain1.com>: Recipient address rejected: Rejected by SPF: 158.101.136.218 is not a designated mailserver for groupupdates%40facebookmail.com (context mfrom, on pmg.domain1.com); from=<groupupdates@facebookmail.com> to=<user1@domain1.com> proto=ESMTP helo=<mx3.domain1.com>




Comments

Post a Comment