Posted: 7/21/2015 4:26:54 PM EDT
|
background: -- postfix (current) running on a ubuntu box (called "wopr"), which sits on private (RFC1918) address space in behind a router with a public IP. -- the MX for the domain resolves to the public IP. -- inbound email is port forwarded through the router to wopr, where postfix delivers locally to Maildirs. there is no additional inbound email fowarding, in other words, wopr is the last mail stop. -- outbound mail comes in two flavors: locally generated, and relayed from internal hosts (iphone etc). so wopr is a mail relay for hosts on the private address space. -- the complication starts here: all outbound email is piped through stunnel (ssl) for injection at my ISP's relay. this is required to send outbound email. there is no other way. main.cf contains
stunnel.conf contains
EVERYTHING ABOVE WORKS. mail is delivered locally OK, outbound email is sent on its way OK. the above configuration has been in operation for more than 6 years. problem statement: i want to migrate mail (delivery and relaying, everything) over to another box, call it "ziva". i configure postfix and dovecot and spamassasin and procmail and clamav and everything else needed on ziva. i test outbound email. it works. i test local delivery. it works. for purposes of testing things for a few weeks i would like now to have inbound email delivered to TWO places: wopr and ziva. so i set up an internal MX record for ziva, so that mail addressed to [email protected] will be delivered to ziva. i configure a simple procmail rule on my user account to deliver locally my inbound email (on wopr) AND ALSO forward ALL of my inbound mail to ziva. (note carefully the "c") such a construct looks like this:
it doesn't work. the reason it doesn't work is clear from the message back from postfix on wopr: the email is being forwarded out the stunnel on wopr to verizon. ok, well that's appropriate because that is what i told postfix to do in the first place! it doesn't matter that the MX for ziva.mydomain.here points to a local machine 3 feet away, on the same subnet. as far as postfix on wopr is concerned, all outbound email goes out the stunnel. so, how do i get postfix on wopr to relay to ziva locally, but relay (send) everything else out the stunnel? ar-jedi |
|
Why don't you set up wopr to smarthost all email to ziva rather than the verizon stunnel?
Anything sent internal to wopr would forward to ziva. If it's a local email account, ziva will deliver locally. If it's an internet bound email, ziva will forward to Verizon. public and internal emails coming in to wopr would do the rule to deliver and forward to ziva. |
|
Quoted:
Why don't you set up wopr to smarthost all email to ziva rather than the verizon stunnel? Anything sent internal to wopr would forward to ziva. If it's a local email account, ziva will deliver locally. If it's an internet bound email, ziva will forward to Verizon. public and internal emails coming in to wopr would do the rule to deliver and forward to ziva. i don't trust ziva yet; it's a new box. so i want email inbound from the net delivered to wopr, as normal, and a copy sent to ziva. over time, i will migrate the clients that are actually looking at the mail spool on wopr via imap (thunderbird, iphone, etc) to point to ziva. and then, once everything is working and proven, all i have to do is change the port 25 forward on the router from wopr to ziva. ar-jedi |
|
Quoted:
where is the DNS being handled? Is reverse DNS setup properly? ETA: I totally just thought of a way to do this in Exchange, but that doesn't really help you. it's not a dns problem; i have 3 axis control over the dns internally and externally. the MX record for ziva is valid/correct, but it's a don't-care because postfix only knows one way out of wopr -- through the stunnel. i may have just found a potential way to do this via google... ar-jedi |
|
Quoted:
i don't trust ziva yet; it's a new box. so i want email inbound from the net delivered to wopr, as normal, and a copy sent to ziva. over time, i will migrate the clients that are actually looking at the mail spool on wopr via imap (thunderbird, iphone, etc) to point to ziva. and then, once everything is working and proven, all i have to do is change the port 25 forward on the router from wopr to ziva. ar-jedi Quoted:
Quoted:
Why don't you set up wopr to smarthost all email to ziva rather than the verizon stunnel? Anything sent internal to wopr would forward to ziva. If it's a local email account, ziva will deliver locally. If it's an internet bound email, ziva will forward to Verizon. public and internal emails coming in to wopr would do the rule to deliver and forward to ziva. i don't trust ziva yet; it's a new box. so i want email inbound from the net delivered to wopr, as normal, and a copy sent to ziva. over time, i will migrate the clients that are actually looking at the mail spool on wopr via imap (thunderbird, iphone, etc) to point to ziva. and then, once everything is working and proven, all i have to do is change the port 25 forward on the router from wopr to ziva. ar-jedi Inbound from the net would still go to wopr and get delivered locally and by rule forwarded to ziva as well. It's only changing the outbound emails. wopr receives the message form the client and instead of forwarding directly to verzion, it gets forwarded to ziva first, then to verizon, which you have already tested as working. It just adds a hop for woprs outbound. |
|
Quoted:
Inbound from the net would still go to wopr and get delivered locally and by rule forwarded to ziva as well. It's only changing the outbound emails. wopr receives the message form the client and instead of forwarding directly to verzion, it gets forwarded to ziva first, then to verizon, which you have already tested as working. It just adds a hop for woprs outbound. Quoted:
Inbound from the net would still go to wopr and get delivered locally and by rule forwarded to ziva as well. It's only changing the outbound emails. wopr receives the message form the client and instead of forwarding directly to verzion, it gets forwarded to ziva first, then to verizon, which you have already tested as working. It just adds a hop for woprs outbound. understood. while you were typing i was hacking, and thus: 
http://linux.die.net/man/5/transport http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local
ETA don't forget root@wopr:/etc/postfix# postmap /etc/postfix/transport after modifying the transport table. 
Jul 21 17:01:21 ziva postfix/smtpd[9894]: connect from wopr[192.168.100.192] Jul 21 17:01:21 ziva postfix/smtpd[9894]: Anonymous TLS connection established from wopr[192.168.100.192]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 21 17:01:21 ziva postfix/smtpd[9894]: 77084C00F4: client=wopr[192.168.100.192] Jul 21 17:01:21 ziva postfix/cleanup[9899]: 77084C00F4: message-id=<[email protected]> Jul 21 17:01:21 ziva postfix/qmgr[602]: 77084C00F4: from=<[email protected]>, size=4790, nrcpt=1 (queue active) Jul 21 17:01:21 ziva postfix/smtpd[9894]: disconnect from wopr[192.168.100.192] Jul 21 17:01:21 ziva dovecot: lda(user): msgid=<[email protected]>: saved mail to INBOX Jul 21 17:01:21 ziva postfix/local[9900]: 77084C00F4: to=<[email protected]>, relay=local, delay=0.19, delays=0.02/0/0/0.17, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT") Jul 21 17:01:21 ziva postfix/qmgr[602]: 77084C00F4: removed |
|
Quoted:
understood. while you were typing i was hacking, and thus:
http://linux.die.net/man/5/transport http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local root@wopr:/etc/postfix# grep transport main.cftransport_maps = hash:/etc/postfix/transportroot@wopr:/etc/postfix# cat /etc/postfix/transport# internal delivery.toplevel.domain.here :wopr.toplevel.domain.here :ziva.toplevel.domain.here smtp:[192.168.100.190]:25# external delivery.* smtp:[127.0.0.1]:5465 ETA don't forget root@wopr:/etc/postfix# postmap /etc/postfix/transport after modifying the transport table.
Quoted:
Quoted:
Inbound from the net would still go to wopr and get delivered locally and by rule forwarded to ziva as well. It's only changing the outbound emails. wopr receives the message form the client and instead of forwarding directly to verzion, it gets forwarded to ziva first, then to verizon, which you have already tested as working. It just adds a hop for woprs outbound. understood. while you were typing i was hacking, and thus:
http://linux.die.net/man/5/transport http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local root@wopr:/etc/postfix# grep transport main.cftransport_maps = hash:/etc/postfix/transportroot@wopr:/etc/postfix# cat /etc/postfix/transport# internal delivery.toplevel.domain.here :wopr.toplevel.domain.here :ziva.toplevel.domain.here smtp:[192.168.100.190]:25# external delivery.* smtp:[127.0.0.1]:5465 ETA don't forget root@wopr:/etc/postfix# postmap /etc/postfix/transport after modifying the transport table.
Jul 21 17:01:21 ziva postfix/smtpd[9894]: connect from wopr[192.168.100.192] Jul 21 17:01:21 ziva postfix/smtpd[9894]: Anonymous TLS connection established from wopr[192.168.100.192]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Jul 21 17:01:21 ziva postfix/smtpd[9894]: 77084C00F4: client=wopr[192.168.100.192] Jul 21 17:01:21 ziva postfix/cleanup[9899]: 77084C00F4: message-id=<[email protected]> Jul 21 17:01:21 ziva postfix/qmgr[602]: 77084C00F4: from=<[email protected]>, size=4790, nrcpt=1 (queue active) Jul 21 17:01:21 ziva postfix/smtpd[9894]: disconnect from wopr[192.168.100.192] Jul 21 17:01:21 ziva dovecot: lda(user): msgid=<[email protected]>: saved mail to INBOX Jul 21 17:01:21 ziva postfix/local[9900]: 77084C00F4: to=<[email protected]>, relay=local, delay=0.19, delays=0.02/0/0/0.17, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT") Jul 21 17:01:21 ziva postfix/qmgr[602]: 77084C00F4: removed I had just looped in my linux guy, he was about to tell you to check that lol. |