On 3/27/2024 11:25 AM, Samuel Goodies via Postfix-users wrote:
Hi guys. I'm inheriting a job that has an email server hosting
several domains, and I'm wanting to move them behind our firewall
and route mail from the main mail server to an offsite postfix
server that will in turn send them out to wherever they need to go,
kind of like my own homemade smarthost. Because of security we need
to keep it all in house, so a paid smarthost isn't an option. This
postfix server will only take mail from the server and send it out,
and return bounce/errors to the main host. It won't accept any
incoming mail.
Edit: I'll number these questions because wow they got out of hand
the more I stressed about completely breaking our email
servers....Here goes...Bear with me please...
1. From what I've read there's not a "smarthost" option in the setup
config. Would I just choose "Internet Site"? Or does it matter at
all if I'm just going to monkey with the conf anyway?
Postfix doesn't need any special configuration to be a smarthost.
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
2. And regarding the conf, any tips to make this run smoothly with
minimal maintenance?
Start with the minimal changes necessary, run it for a while and see
if it does what you expect. If you make 20 changes at once it's hard
to spot your error.
Once you get postfix working like you want it, it should require
little maintenance.
3. And is there a way to keep logging to a minimum so it doesn't
fill up the server?
Don't enable debug logging.
Normal postfix logs contain what is necessary to see where make came
from and where it went without a bunch of unnecessary stuff.
That said, logs can get pretty big on a busy server. Postfix uses
your system supplied syslog facility, which has settings to rotate
and compress the logs periodically to keep them from getting too
big. This is not controlled by postfix, and is something you will
need to set up separately using your system-provided tools.
4. Can I force it to use a different outbound port than 25 so I can
host it on the same machine that hosts our proxy server that sends
traffic to our main server?
Port 25 is on the receiving end. Your server will accept mail on
port 25 (or 465, or 587), and send it to port 25 at the destination.
5. Our domains only send from 2 IPs, say 4.4.4.4 and 5.5.5.5, but
have 22 different domains they'll send from. Is there a way to just
filter relaying by IP address or would another form of security be
better?
Restricting postfix to accepting mail from only those IPs is
sufficient. If your server can do TLS, you can require it by setting:
# main.cf
smtp_tls_security_level = encrypt
see http://www.postfix.org/TLS_README.html#client_tls
I apologize for all the questions. I'm not a real email guy. I'm
just a guy that fell into this job because everyone else was even
worse equipped to handle it than me. A step by step would surely be
appreciated.
Start with
http://www.postfix.org/documentation.html
Many of the how-to sites you find on the internet are wrong in small
or large ways.
-- Noel Jones
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
