Dnia 18.05.2021 o godz. 13:47:15 post...@ptld.com pisze: > >On 05-18-2021 12:36 pm, Jaroslaw Rafa wrote: > >If Postfix on server X is only for submission, then how does Postfix on > >server Y deliver mail to server X? > > It doesn't because as you said, server X is only for submission. > Nothing should ever be delivered to X. Server Y is the destination > and Y should deliver to maildir. [...] > And to the rest of your suggestions, the way im trying to set this > up is one server is just for accepting email smtp:25 and it should > be the only server accepting email via only smtp:25. I don't want it > to accept submissions, relays, etc. > > The 2nd server is for dealing with users. It will allow them to > check their email via dovecot/imap and it will allow them to send > emails from their client, hence the postfix submission.
The quoted paragraphs above "[...]" mark and below it are contradicting for me. Server Y is the destination and delivers to maildir. Nothing should be delivered to server X, but server X allows users to check the very same maildir(!) via Dovecot. So where is the maildir actually located? On server X or on server Y? If it is located on server Y, how Dovecot on server X accesses it? NFS or some other kind of shared storage? If it is located on server X, server Y must *somehow* deliver mail to it. Either Postfix on Y delivers to Dovecot on X via LMTP, or Postfix on Y sends to Postfix on X, which delivers locally. > the only reason postfix is even on that server is because dovecot > built in submission does not validate authenticated user against > From: address and will allow spoofing. This is why i need to have > postfix to accept submissions on that imap server. But it has no > business directly delivering mail to local maildir. So how is the mail to local maildir delivered? And, if there were no Postfix on server X and you used Dovecot submission, what would send the mail out to the Internet after being accepted by Dovecot submission service? Dovecot is not a MTA, it's submission service needs to pass mail to a real MTA to be sent out further. You state that you don't want server Y to do any relaying (so I understand it's strictly for incoming mail), so you must have Postfix on X for that purpose. > And i know you all keep politely telling me im crazy for not > understanding postfix wants to deliver to user's mailboxes. I get > that. Not knowing the inner workings of postfix, from a logical > point of view, submission isn't smtp:25, it has its own service > spawn, it works on its own port, so it didn't seem crazy to expect > it to be able to behave differently than smtp:25. I at first didn't > understand that it has to use the same setting values that smtp:25 > uses. I mean, logically that being the case, what is the point of > having a separate submission on port 587 when smtp:25 could just > "answer the call" if all of the settings are the same between the > two? No, not all settings are the same between the two. If all settings were the same, you couldn't distinguish between submission and incoming mail. For example, submission on port 587 uses mandatory encryption and authentication while incoming mail on port 25 uses opportunistic encryption and shouldn't use authentication at all. Both services usually have also completely different set of smtpd_*_restrictions. So these are not the same settings. But Postfix is a mixture of several different services, not a single service. Both submission an incoming mail are different instances of "smtpd" service, and the job of "smtpd" service is only to accept mail, nothing more. Once the message has been accepted (or rejected), the job of "smtpd" service is done, and the message goes to "cleanup" service, which puts it into Postfix queue. And there is one and only one instance of "cleanup" service. So at this stage any parameter differences between submission and incoming mail instances don't apply anymore. And this is exactly the point where the proper transport for the message is selected. If the transport configuration doesn't specify otherwise, messages that are addressed to local domains are passed on to "local" service to be delivered locally, and messages addressed to remote domains are passed on to "smtp" service to be relayed to proper MX for the destination domain. This can be of course changed, but the transport selection can be based only on the message characteristics (sender, recipient etc.) and not on the fact which service received the message (because that service is already over and message is in the queue). This is explained in much more detail here: http://www.postfix.org/OVERVIEW.html > If you have read this far, i have my answer now, postfix can't do > what i want how i think. The recommended solution by Victor is to > use multi-instance. Yes, you need two instances as in case of your two servers X and Y. Because you need different transport assignment for both instances, and from above description you can see, that selecting the transport is a job of "cleanup" service and not "smtpd" service. So you cannot assign different transports to different instances of "smtpd" service. > Yes, mail is being delivered to the same physical linux server. But > submission:587 isn't smtp:25. They are two different spawned > services on two different ports. Their understanding of the hardware > or linux environment shouldn't matter. They are separate services. But as I pointed out above, they are separate services only up to the point when mail has been accepted. Once it is accepted it goes to one, single Postfix queue, managed by a single "qmgr" service. If you need to have them separated at this stage, you need two instances of the whole Postfix, not only two instances of "smtpd" service. You basically need to copy your two-server setup on a single physical server. > Easy on two server setup, so far only suggestion to do this on > single server setup is by multi-instance setup. I hope you know understand why :) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
