Ok, I got it installed and running, but any mail from the server
to be relayed gets this error.
--> DATA <-- 530 5.7.0 Authentication required --> QUIT
So far I've chosen Internet Site as my Debian configuration when the package installed. I added my main domain name, though this postfix box will pass mail for several other domains as well. I edited /etc/postfix/main.cf Under mynetworks I added my firewalled mail server's IP address of 4.4.4.4 (the real one though, not that) mynetworks = 127.0.0.0/8 4.4.4.4 [::ffff:127.0.0.0]/104 [::1]/128 Then I restarted with systemctl restart postfix Finally, I added it as my smarthost, but the error above occurs. I thought that adding my server's IP to the mynetworks line would authenticate, but I think I misunderstood. Can someone point me to where I messed up? Thanks!
On 3/27/2024 12:08 PM, Noel Jones via
Postfix-users wrote:
On 3/27/2024 11:51 AM, Noel Jones via Postfix-users wrote:
On 3/27/2024 11:25 AM, Samuel Goodies via Postfix-users wrote:
Hi guys. I'm inheriting a job that has an email server hosting several domains, and I'm wanting to move them behind our firewall and route mail from the main mail server to an offsite postfix server that will in turn send them out to wherever they need to go, kind of like my own homemade smarthost. Because of security we need to keep it all in house, so a paid smarthost isn't an option. This postfix server will only take mail from the server and send it out, and return bounce/errors to the main host. It won't accept any incoming mail.
Edit: I'll number these questions because wow they got out of hand the more I stressed about completely breaking our email servers....Here goes...Bear with me please...
1. From what I've read there's not a "smarthost" option in the setup config. Would I just choose "Internet Site"? Or does it matter at all if I'm just going to monkey with the conf anyway?
Postfix doesn't need any special configuration to be a smarthost. http://www.postfix.org/STANDARD_CONFIGURATION_README.html
2. And regarding the conf, any tips to make this run smoothly with minimal maintenance?
Start with the minimal changes necessary, run it for a while and see if it does what you expect. If you make 20 changes at once it's hard to spot your error.
Once you get postfix working like you want it, it should require little maintenance.
3. And is there a way to keep logging to a minimum so it doesn't fill up the server?
Don't enable debug logging.
Normal postfix logs contain what is necessary to see where make came from and where it went without a bunch of unnecessary stuff.
That said, logs can get pretty big on a busy server. Postfix uses your system supplied syslog facility, which has settings to rotate and compress the logs periodically to keep them from getting too big. This is not controlled by postfix, and is something you will need to set up separately using your system-provided tools.
4. Can I force it to use a different outbound port than 25 so I can host it on the same machine that hosts our proxy server that sends traffic to our main server?
Port 25 is on the receiving end. Your server will accept mail on port 25 (or 465, or 587), and send it to port 25 at the destination.
To clarify, if this smarthost is the MX for your domains and proxys mail to your real mail server, you can configure postfix to accept mail on whatever port you want. Typically port 587 "submission" and port 465 "smtps" are used for this. This may depend on what settings are available on your internal mail server for using postfix as the smarthost.
5. Our domains only send from 2 IPs, say 4.4.4.4 and 5.5.5.5, but have 22 different domains they'll send from. Is there a way to just filter relaying by IP address or would another form of security be better?
Restricting postfix to accepting mail from only those IPs is sufficient. If your server can do TLS, you can require it by setting:
# main.cf
smtp_tls_security_level = encrypt
see http://www.postfix.org/TLS_README.html#client_tls
And of course I got that backwards... for receiving mail, use
smtpd_tls_security_level = encrypt and the docs are found at
http://www.postfix.org/TLS_README.html#server_tls
-- Noel Jones
I apologize for all the questions. I'm not a real email guy. I'm just a guy that fell into this job because everyone else was even worse equipped to handle it than me. A step by step would surely be appreciated.
Start with
http://www.postfix.org/documentation.html
Many of the how-to sites you find on the internet are wrong in small or large ways.
-- Noel Jones
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
