My postconf -n output (some semi-sensitive data anonymised):
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
canonical_maps = pcre:/etc/postfix/canonical
config_directory = /etc/postfix
delay_warning_time = 1d
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_header_rewrite_clients = permit_mynetworks permit_sasl_authenticated
local_recipient_maps = hash:/etc/postfix/local_recipients $alias_maps
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
masquerade_classes = envelope_sender envelope_recipient header_sender
header_recipient
masquerade_domains = myexampledomain.com myexample-domain.com
myexampledomain.co.uk
message_reject_characters = \0
milter_default_action = accept
milter_protocol = 2
mydestination = mailserver localhost.localdomain localhost
mailserver.myexampledomain.co.uk myexampledomain.com
myexample-domain.com myexampledomain.co.uk
mydomain = myexampledomain.co.uk
myhostname = mx0.myexampledomain.co.uk
myorigin = $mydomain
non_smtpd_milters = inet:localhost:12301
notify_classes = resource software bounce
permit_myexampledomain_client = permit_mynetworks check_client_access
cidr:/etc/postfix/client_access_myexampledomain_com check_client_access
cidr:/etc/postfix/client_access_myexampledomain_co_uk
permit_myexampledomain_pubwww = check_client_access
cidr:/etc/postfix/client_access_myexampledomain_com
proxy_interfaces = 100.100.100.100 200.200.200.200
queue_run_delay = 120s
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
remote_header_rewrite_domain = domain.invalid
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_restrictions = permit_myexampledomain_client
check_client_access hash:/etc/postfix/client_access_external
reject_unknown_reverse_client_hostname reject_rbl_client zen.spamhaus.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_discard_ehlo_keyword_address_maps =
cidr:/etc/postfix/disabled_esmtp_cmds
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname
smtpd_milters = inet:localhost:12301
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/blacklist_recipient permit_myexampledomain_client
reject_non_fqdn_recipient reject_unauth_destination
reject_unlisted_recipient check_policy_service inet:127.0.0.1:10023
check_recipient_access hash:/etc/postfix/verify_recipient
smtpd_restriction_classes = permit_myexampledomain_client
permit_myexampledomain_pubwww
smtpd_sender_restrictions = reject_non_fqdn_sender
reject_unknown_sender_domain check_sender_access
hash:/etc/postfix/sender_access
smtpd_tls_CAfile = /etc/ssl/ms-star-multidomain-2024-mail/ssl-bundle.pem
smtpd_tls_cert_file = /etc/ssl/ms-star-multidomain-2024-mail/2242150045.pem
smtpd_tls_key_file =
/etc/ssl/ms-star-multidomain-2024-mail/wildcard.myexample.multidomain.key.pem
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unverified_recipient_reject_code = 550
virtual_alias_domains = some_other_inactive_domains_here
virtual_alias_maps = hash:/etc/postfix/virtual
On 11/03/2025 11:18, Adam Weremczuk via Postfix-users wrote:
Hi all,
Our company is planning to migrate from on-prem Postfix(SMTP)/
Cyrus(IMAP) stack to https://fastmail.com
Everything has been set up on Fastmail side and messages have been
migrated to placeholder accounts with imapsync. What's essentially left
to do is a final impasync run on delta followed by DNS changes (MX,
DKIM, SPF etc.).
The on-prem Cyrus will be shut down but Postifx will need to start
forwarding all internal emails (from various LAN servers and services)
to Fastmail using the new MX records. It shouldn't need any additional
information about the Fastmail recipients.
A bit of general info:
Postfix version - 2.9.6
myexampledomain.co.uk - local LAN domain not used for emails
myexampledomain.com - public domain primarily used for emails
The closest thing I've found is "Postfix email firewall/gateway" under
https://www.postfix.org/STANDARD_CONFIGURATION_README.html#stand_alone
PLANNED CHANGES in /etc/postfix/main.cf
mydomain = myexampledomain.co.uk -> mydomain = myexampledomain.com
mydestination = mailserver localhost.localdomain... -> mydestination =
local_recipient_maps = hash:/etc/postfix/local_recipients $alias_maps ->
local_recipient_maps =
local_transport = local:$myhostname -> local_transport = error:local
mail delivery is disabled
"Comment out the local delivery agent" -> ???
mynetworks = 127.0.0.0/8 192.168.8.0/22 [::1]/128 [fe80::]/64 -> leave
relay_domains = $mydestination -> myexampledomain.com
parent_domain_matches_subdomains =
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps -> parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
smtpd_relay_restrictions = leave blank, since internal emails are not
going to generate any spam
relay_recipient_maps = leave blank
transport_maps = leave blank
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual -> replace references to myexampledomain.co.uk
with myexampledomain.com
Also - what to do with other bits such as STARTTLS and DKIM?
Even a little hint or direction would be much appreciated.
---
Adam
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
