On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra <post...@fongaboo.com> wrote:
> I've been trying to set up a Backup MX with a MySQL backend. I have my > primary working well with MySQL and Postfixadmin frontend. But up till now, > I've always set up my backup MX with a standard Postfix setup using Berkley > DB files. > > I've tried to setup my new Backup MX with MySQL backend. I've found good > tutorials for setting up Backup MX in the traditional manner. And there are > plenty of tutorials for settup a PRIMARY MX with MySQL. But ones for both > are far and few between. > > I ran through this one first as a scaffold: > > https://www.linuxbabe.com/mail-server/how-to-set-up-a-backup-email-server-postfix-ubuntu > > > and then made modifications based on this: > > > https://sourceforge.net/p/postfixadmin/wiki/Relay_domains/ > > > But in the postfix MySQL database, even when the domain table has a given > domain set to backupmx = '1', it still delivers locally in the virtual mail > directory. > > So I'm wondering if someone might give my main.cf a lookover and see what > I've neglected: > > > # See /usr/share/postfix/main.cf.dist for a commented, more complete version > > > # Debian specific: Specifying a file name will cause the first > # line of that file to be used as the name. The Debian default > # is /etc/mailname. > #myorigin = /etc/mailname > > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > biff = no > > # appending .domain is the MUA's job. > append_dot_mydomain = no > > # Uncomment the next line to generate "delayed mail" warnings > #delay_warning_time = 4h > > readme_directory = no > > # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on > # fresh installs. > compatibility_level = 2 > > > > # TLS parameters > smtpd_tls_cert_file = /etc/letsencrypt/live/<hostname>/fullchain.pem > smtpd_tls_key_file = /etc/letsencrypt/live/<hostname>/privkey.pem > smtpd_use_tls=yes > smtpd_tls_auth_only = yes > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache Not relevant, but the above line isn't needed (since Postfix 2.11). > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for > # information on enabling SSL in the smtp client. > > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated > defer_unauth_destination > myhostname = <hostname> > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = $myhostname, ca2ceus.wtfayla.net, localhost Does the value of $myhostname refer to the primary MX host by any chance? If so, the above line would cause the secondary MX host to deliver locally. But that's probably not it (if all occurrences of <hostname> refer to the same hostname). The certificate there is for the host name ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname). > mynetworks = 127.0.0.1/32 localhost <primary server's subnet>/29 <secondary > server's subnet>/29 > relayhost = #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 The line above looks wrong. Comments only start at the start of a line (after spaces/tabs is ok). If this is the cause of the problem (i.e., postfix trying to relay to an incorrect hostname), there would probably be log messages to indicate that. But that's probably not it either. Postfix wouldn't deliver locally if it thought it was supposed to relay but failed. > #mynetworks = 127.0.0.0/8, 174.138.48.1/20 > maximal_queue_lifetime = 10d > minimal_backoff_time = 4000s > mailbox_size_limit = 0 > recipient_delimiter = + > inet_interfaces = all > inet_protocols = ipv4 > # virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf > > virtual_mailbox_domains = > mysql:/etc/postfix/mysql_virtual_domain_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf > > # virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf > > virtual_alias_maps = > mysql:/etc/postfix/mysql_alias_maps.cf, > mysql:/etc/postfix/mysql_alias_domain_maps.cf, > mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf > > virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, > mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf > virtual_transport = lmtp:unix:private/dovecot-lmtp > smtp_tls_security_level = may > smtpd_tls_security_level = may > smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 > smtp_tls_note_starttls_offer = yes > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth > smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous > broken_sasl_auth_clients = yes > smtpd_sasl_auth_enable = yes > smtpd_recipient_restrictions = > permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination > > # relay_recipient_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf > > transport_maps = # hash:/etc/postfix/transport_maps, > mysql:/etc/postfix/mysql_relay_transports.cf The apparent comment above is also wrong. Move it to a line of its own. Perhaps that's relevant if transports are used to relay to the primary MX host. > relay_domains = mysql:/etc/postfix/mysql_relay_domain_maps.cf, > mysql:/etc/postfix/mysql_relay_alias_domain_maps.cf > relay_recipient_maps = > mysql:/etc/postfix/mysql_alias_maps.cf, > mysql:/etc/postfix/mysql_alias_domain_maps.cf, > mysql:/etc/postfix/mysql_alias_domain_catchall_maps.cf > > # Increase attachment size to 50 MB > message_size_limit = 52428800 I hope that helps a bit. But it might not be enough to solve the problem. cheers, raf
