maddae...@gmail.com wrote:
I've been asked to build a mail server for the purpose of sending mail
from various machines within a LAN to anywhere on the Net. I'm
guessing that this would be considered a "relay" in a sense, since the
server will not be receiving mail from the outside, but please correct
me if I'm wrong.
I do something similar - having several linux servers in the internet.
All of them can only send mail - to the relayhost:
# <domain> varies with domain and host, of course
mydomain = <domain>
mynetworks = 127.0.0.0/8
myorigin = $mydomain
relayhost = <relayhost>
The relayhost receives mail from all domains and all ips/networks of
those clients:
# main part:
mydestination = $myhostname, localhost.$mydomain, localhost, <server1>,
<server2>, <relayhost>, <domain>, <domain2>, <domain3>
mydomain = <domain>
mynetworks = 127.0.0.0/8, <network>, <network2>, <network3>, <ip1>,<ip2>
myorigin = $mydomain
# some additional config:
append_dot_mydomain = no
biff = no
mailbox_size_limit = 1073741824
message_size_limit = 10240000
recipient_delimiter = .
relocated_maps = hash:/etc/postfix/relocated
# for tests etc:
#soft_bounce = no
#soft_bounce = yes
# security and access:
strict_rfc821_envelopes = yes
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = reject_invalid_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,
reject_unknown_recipient_domain, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_address
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
Works great :)
IF you can read and send mail from any mail client - the mails do not
get back to the single client servers!
They stay at the relay host and can be read there via imap/pop...
