Have a good pub visit. Changing the "myhostname" line in postfix has zero effect. It still says "loops back to myself" :(
On Thursday, May 30th, 2024 at 4:07 PM, Wietse Venema via Postfix-users <postfix-users@postfix.org> wrote: > Mailman29 via Postfix-users: > > > The network diagram you have is correct. I'm afraid I don't > > understnad the "use loopback for internal communication". There's > > no internal communication. Should I just put 127.0.0.1 in my main.cf > > in place of "mail2"? > > > - External: communication from internet to haproxy. > > - Internal: communication between haproxy and front-end MTA. > > - Internal: communication between front-end MTA and back-end MTA. > > The internal communication endpoints are supposed to be hidden from > the public internet, so that mail from outside can only flow over > the intended path, not around it. > > It's time to go to the pub. Cheers. > > Wietse > > > Sent with Proton Mail secure email. > > > > On Thursday, May 30th, 2024 at 3:39 PM, Wietse Venema via Postfix-users > > postfix-users@postfix.org wrote: > > > > > Mailman29 via Postfix-users: > > > > > > > myhostname is set to "mail2" in main.cf, but the mx record points > > > > to mail.somedomain.com, (they share the same IP though) would it > > > > be doing an ip lookup first? I guess I need to "trick" it into > > > > thinking it's not the same if it's IP based. > > > > > > Postfix requires transport_maps to forward mail from a front-end > > > MTA to a backend MTA. Other approaches are not supported. > > > > > > Based on your earlier description I expect something like: > > > > > > public IP address, port 25: haproxy -> > > > > > > hidden port or address: frontend MTA with transport_maps -> > > > > > > hidden port or address: backend MTA > > > > > > If all this runs on a single host, and you use loopback (127.0.0.1) > > > for internal communication, then Postfix won't care whether servers > > > use the same MTA name. > > > > > > If you use a non-routable network such as 10.* or 192.168.* for > > > internal communication, then you will need distinct MTA names. > > > > > > However, for sanity sake, I'd always recommend that different MTA > > > instances identify themselves with different names. Otherwise youir > > > logging will be incomprehensible. > > > > > > Wietse > > > > > > > On Thursday, May 30th, 2024 at 2:34 PM, Wietse Venema via Postfix-users > > > > postfix-users@postfix.org wrote: > > > > > > > > > Mailman29 via Postfix-users: > > > > > > > > > > > Well the logs say this, which doesn't help. > > > > > > May 30 14:01:02 mail2 postfix/smtp[1390778]: C5DCBA0501: > > > > > > to=prvs=1880817b8e=myem...@somedomain.com, relay=none, delay=5.2, > > > > > > delays=0/0/5.2/0, dsn=5.4.6, status=bounced (mail for somedomain.com > > > > > > loops back to myself) > > > > > > > > > > On the contrary, it says that you have configured a mailer loop, > > > > > or that you have two different mail services that use the same MTA > > > > > name (in Postfix parlance, the MTA name is the myhostname setting). > > > > > > > > > > > The domain and the postfix server do share the same IP (haproxy > > > > > > server), but if Postfix would deliver the bounce message it would > > > > > > get passed through the proxy to the mail server backend. Is there > > > > > > a way to force this? > > > > > > > > > > 1) If the Postfix machine is a front-end for a backend server, then > > > > > Postfix must be configured as a mail gateway, and there should be > > > > > a transport_maps setting that routes mail for the domain to the > > > > > backend instead of sending it to the public internet address. See > > > > > https://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall > > > > > > > > > > 2) If your Postfix server is behind an inbound proxy server, then > > > > > you MUST specify the external address with main.cf:proxy_interfaces, > > > > > so that Postfix will know that it should not try to connect there. > > > > > https://www.postfix.org/postconf.5.html#proxy_interfaces > > > > > > > > > > 3) If you really have more than one mail server, then they must > > > > > have different MTA names (In Postfix parlance the MTA name is the > > > > > myhostname setting). > > > > > > > > > > Wietse > > > > > > > > > > > On Thursday, May 30th, 2024 at 1:46 PM, Wietse Venema via > > > > > > Postfix-users postfix-users@postfix.org wrote: > > > > > > > > > > > > > Mailman29: > > > > > > > > > > > > > > > Brilliant! I had a loop with haproxy that pointed it back at my > > > > > > > > mail server! > > > > > > > > > > > > > > > > Now, how do I get postfix to send failures etc to my server? It > > > > > > > > seems they just disappear into the ether! > > > > > > > > > > > > > > Look in your logs: > > > > > > > https://www.postfix.org/DEBUG_README.html#logging > > > > > > > > > > > > > > If you don't understand an error or warning message, report the > > > > > > > problem on the postfix-users mailing list. > > > > > > > > > > > > > > Wietse > > > > > > > > > > > > > > > Sent with Proton Mail secure email. > > > > > > > > > > > > > > > > On Thursday, May 30th, 2024 at 12:50 PM, Wietse Venema via > > > > > > > > Postfix-users postfix-users@postfix.org wrote: > > > > > > > > > > > > > > > > > Mailman29 via Postfix-users: > > > > > > > > > > > > > > > > > > > HI guys. > > > > > > > > > > I'm having an awful time getting postfix to work in one > > > > > > > > > > form only. > > > > > > > > > > Accept mail from one ip address only, regardless of the > > > > > > > > > > sender's > > > > > > > > > > domain name, and send it out to the recipients. Postfix has > > > > > > > > > > no > > > > > > > > > > accounts, and accepts no incoming mail. It's only for > > > > > > > > > > sending from > > > > > > > > > > my local server. > > > > > > > > > > > > > > > > > > > > Here's my main.cf, as you can see I have it set up to > > > > > > > > > > accept mail > > > > > > > > > > from my IP address only, but every time I try to send mail > > > > > > > > > > through > > > > > > > > > > it I get the error : (somedomain.com is placeholder for my > > > > > > > > > > FQDN) > > > > > > > > > > > > > > > > > > > > --> EHLO mail! > > > > > > > > > > <-- 250-relay.somedomain.com Hello mail [IPaddress], > > > > > > > > > > pleased to meet you > > > > > > > > > > > > > > > > > > THAT IS NOT Postfix. You can tweak settings and it will have > > > > > > > > > no effect, > > > > > > > > > because you are not taking to Postfix. > > > > > > > > > > > > > > > > > > I suggest that you look in the maillog file to fid out what > > > > > > > > > program is answering the connection.. > > > > > > > > > > > > > > > > > > Wietse > > > > > > > > > _______________________________________________ > > > > > > > > > Postfix-users mailing list -- postfix-users@postfix.org > > > > > > > > > To unsubscribe send an email to > > > > > > > > > postfix-users-le...@postfix.org > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Postfix-users mailing list -- postfix-users@postfix.org > > > > > > > To unsubscribe send an email to postfix-users-le...@postfix.org > > > > > > > _______________________________________________ > > > > > > > Postfix-users mailing list -- postfix-users@postfix.org > > > > > > > To unsubscribe send an email to postfix-users-le...@postfix.org > > > > > > > > > > _______________________________________________ > > > > > Postfix-users mailing list -- postfix-users@postfix.org > > > > > To unsubscribe send an email to postfix-users-le...@postfix.org > > > > > _______________________________________________ > > > > > Postfix-users mailing list -- postfix-users@postfix.org > > > > > To unsubscribe send an email to postfix-users-le...@postfix.org > > > > > > _______________________________________________ > > > Postfix-users mailing list -- postfix-users@postfix.org > > > To unsubscribe send an email to postfix-users-le...@postfix.org > > > _______________________________________________ > > > Postfix-users mailing list -- postfix-users@postfix.org > > > To unsubscribe send an email to postfix-users-le...@postfix.org > > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
