Re: Basic kind of question

Wed, 17 Jul 2019 13:35:59 -0700 

On 17 Jul 2019, at 16:11, Rick Zeman wrote:


Sadly, it's not that easy (made no difference, and yes I reloaded
postfix).   It's still trying to deliver to itself.  Only thing I've
managed to do messing with this today is to get it to stop bouncing and now 
the tests are in the queue because they can't be delivered locally:
0130766         266 Wed Jul 17 17:18:30  r...@example.com
(connect to example.com[10.166.5.182]:25: Connection timed out) 
                                         example-test...@example.com



That implies that Postfix is trying delivery via SMTP (port 25) so 
*apparently* DNS says that the MX record for example.com resolves to 
10.166.5.182, which is not answering.



Log entries relevant to a message that fails could help in figuring out 
exactly why it is failing.





On Wed, Jul 17, 2019 at 3:19 PM Robert Theisen <rethei...@yahoo.com> 
wrote:





I would set mydomain to smtp2.example.com .  That should make the 
host do

a dns query to find the mx record of example.com .

Robert

On Wednesday, July 17, 2019, 2:24:46 PM EDT, Rick Zeman 
<rze...@gmail.com>

wrote:



I inherited a pair of postfix servers configured by someone else and 
I
think I've been a manager too long as I can't figure this one out 
because

I'm too rusty with postfix.
Scenario:

2 identical postfix servers that only accept mail from mynetworks 
(other
local servers in its /16) with various From domains that are NOT 
mydomain
which direct deliver to the recipients wherever they are in the 
world.
That all works fine.  What doesn't work fine is if the recipient is 
*@

example.com which IS mydomain to which delivery is not local, but the

same domain.  Then, postfix tries to deliver locally and bounces.  
Common

problem.
My expectation is that that when an email hits for *@example.com that
postfix would do an mx lookup for example.com and send to that MX
externally.
No twiddling with mydestination, transport maps, turning off local in
master.cf, or combinations thereof.  There's no relayhost since they
deliver directly.   Thoughts?  Thanks!

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin 
ddd

$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination =
mydomain = example.com
myhostname = smtp2.example.com
mynetworks = 127.0.0.0/8, 10.166.0.0/16
myorigin = example.com
newaliases_path = /usr/bin/newaliases.postfix
postscreen_upstream_proxy_protocol = haproxy
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_CAfile = /etc/pki/tls/certs/godaddy.certchain.crt
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/example.com.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/pki/tls/private/postfix.dh.param
smtpd_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
smtpd_tls_key_file = /etc/pki/tls/private/example.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may

smtpd_tls_session_cache_database = 
btree:/var/lib/postfix/smtpd_tls_cache

smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_high_cipherlist =
kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES
tls_medium_cipherlist =
kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       
trivial-rewrite

bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
#local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)






















					Reply via email to