OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Dual Mail Relays

From: Tony Nelson (tnelsonstarpoint.com)
Date: Wed Aug 02 2006 - 09:54:04 CDT

Quoting mouss <usebsdfree.fr>:

> Tony Nelson wrote:
>> I have two mail servers that primarily serve as relays to our
>> internal mail systems. The do the usual virus scanning, spam
>> detection etc.
>>
>> When an e-mail comes in for anyuserstarpoint.com it is re-written
>> to anyuserwin.starpoint.com via aliases and then delivered to our
>> internal systems and that works just fine.
>>
>> My account actually lives on the primary mail relay and does not
>> get delivered to our internal systems. Previously, I used a
>> .forward on the backup server to get the mail delivered to the
>> primary by specifying the actual server name in the forward.
>> Trying this method in Postfix generates a bounce, which puzzles me.
>>
>> Jul 31 16:45:05 [postfix/local] 46AA030297DD:
>> to=<tnelsonstarpoint.com>, orig_to=<tnelsonmail.starpoint.com>,
>> relay=local, delay=0, status=bounced (mail forwarding loop for
>> tnelsonstarpoint.com)
>>
>> Doing some research I found the relay_domains parameter and how to
>> setup a backup mail server. Following those instructions, I no
>> longer needed a .forward and all of my mail worked just fine,
>> however; it appears that the mail for the rest of the users was not
>> going through alias expansion and was all being forwarded to my
>> primary mail relay for final delivery. In my current config that
>> had the side effect of having it virus scanned, spam detected, etc
>> for a second time.
>>
>
> while it is nice to describe the background, you should at some point
> make clear what is the "current" situation and what is the problem with
> this situation. I'm not certain to see what is your exact problem.
>

All regular user e-mail is forwarded by the Postfix gateways to our
end user system via alias exapansion. Eg. userstarpoint.com is
expanded to userwin.starpoint.com and redelivered by Postfix.

The exception to this is lusers such as root, postmaster, etc. I
don't want to have to check mail for postmaster on both gateways, so I
would like the secondary gateway to forward the mail to the primary
gateway.

My mail servers are mail.starpoint.com (primary) and
njmail.starpoint.com (secondary).

I attempted by solving this by using .forward files on the secondary
server that I thought should have redirected mail to the primary by
server name. For example, on the secondary root was pointed to
rootmail.starpoint.com.

On the primary server, executing /usr/lib/sendmail -bv
rootmail.starpoint.com would get the mailed delivered correctly.

Executing the same command on the secondary server, the mail would be
delivered to the primary server and then bounced b/c of a mail routing
loop that I could not diagnose.

> if it's about aliasing users in relay_domains, then use
> virtual_alias_maps instead of alias_maps.
>
> if it's about the forwarding loop, then you'll need to provide more
> information.
>
>> I'm not sure which way is the best way to go, and I really have no
>> preference. I would just like to make it work.
> Unless I am misunderstanding you, relay_domains together with either
> virtual aliases or per recipient transports is a good way to go
> (sometimes possibly with canonical rewrite of addresses if the final
> server doesn't like them).

I tried out relay_domains but did not like the result on the secondary
server. With relay domains in place alias expansion did not occour
(because local was not involved) and all mail that was processed by
the secondary gateway was forwarded to the primary and then alias
expanion occured for final delivery which in my network architecture
is nothing but a waste of bandwidth over a VPN connection.

At the moment, I'm just checking email on both boxes. We are
currently using aliases because the previous sendmail based solution
did. Being new to postfix, I'm not quite sure what virtual aliases or
per recipient transports are, but I will do some research to determine
if they are a better solution in a Postfix based environment.

Thank you very much for your help.

--
Tony Nelson
Director of IT Operations
Starpoint Solutions LLC
115 Broadway, 2nd Fl
New York, NY 10006