Samuel Goodies via Postfix-users:
[ text/html is unsupported, treating like TEXT/PLAIN ]
> Hi guys. I'm inheriting a job that has an email server hosting
> several domains, and I'm wanting to move them behind our firewall
> and route mail from the main mail server to an offsite postfix
> server that will in turn send them out to wherever they need to
> go, kind of like my own homemade smarthost. Because of security we
> need to keep it all in house, so a paid smarthost isn't an option.
> This postfix server will only take mail from the server and send
> it out, and return bounce/errors to the main host. It won't accept
> any incoming mail.
>
> Edit: I'll number these questions because wow they got out of
> hand the more I stressed about completely breaking our email
> servers....Here goes...Bear with me please...
>
> 1. From what I've read there's not a 'smarthost' option in the
> setup config. Would I just choose 'Internet Site'? Or does it
> matter at all if I'm just going to monkey with the conf anyway?
>
You appear to be talking about some third-party configuration system
(Zimbra? Mail-in-a-Box?) If so, then postfix-users may not be the
right forum.
Anyway, the Postfix main.cf file has the "relayhost" parameter for
this purpose. Specify one of:
relayhost = [hostname]
relayhost = [hostname]:port
The [] are required to turn off DNS MX lookups. The port is needed
if you want to connect to a port other than the default (25, smtp).
You may also specify a list
relayhost = [hostname1], [hostname2]
(ports are also allowed here).
> 2. And regarding the conf, any tips to make this run smoothly
> with minimal maintenance?
> 3. And is there a way to keep logging to a minimum so it doesn't
> fill up the server?
No. Just rotate logs daily and you should be fine.
> 4. Can I force it to use a different outbound port than 25 so I
> can host it on the same machine that hosts our proxy server that
> sends traffic to our main server?
Covered under question 1.
> 5. Our domains only send from 2 IPs, say 4.4.4.4 and 5.5.5.5, but
> have 22 different domains they'll send from. Is there a way to
> just filter relaying by IP address or would another form of
> security be better?
Firewall rules could take care of this (allow connections to TCP port 25
only from specific network blocks).
> I apologize for all the questions. I'm not a real email guy. I'm
> just a guy that fell into this job because everyone else was even
> worse equipped to handle it than me. A step by step would surely
> be appreciated.
This may be more than you bargained for.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
