J.P. Trosclair wrote:
Is there a way to put postfix in state so that it stops accepting mail
so that I can clear the queue of all undelivered mail?
Rundown of what and why:
We are a small company, we have two mail servers (mail1, mail2). Mail1
is our primary server, mail2 pretty much just sits there to be used for
special tasks like the one I'm planning or as a replacement if mail1
takes a total meltdown.
I'm planning to bring mail1 down this weekend to create backup images of
the entire disk. Before I create the images I want to flush the mail
queue and temporarily move the user's mailboxes to a storage location so
they are not included in the imaging process. I also want to have the
mail queue on mail1 clean before I bring it completely down.
My plan to do this is to reconfigure mail2 to accept mail for our domain
and queue it to be forwarded to mail1 once it comes back online (I think
this should be transparent with minimal impact for mail being
undeliverable if I change the routing in our network for our MX host to
go to mail2, comments or suggestions on this are appreciated). At some
point mail1 will be online still accepting mail and mail2 will be online
receiving and accepting mail for the same domain as well as attempting
to forward it to mail1 and queuing it if mail1 doesn't answer. I want to
force mail1 not to accept the mail and flush any remaining mail to the
user's mailboxes for the reasons I mentioned in the paragraph above.
J.P.
This is the configuration I'm planning on using to catch the mail while
mail1 is down. I would like to test it but I'm not sure of a good way to
do it without messing with our live mail services. If someone has a
suggestion please pass it on. Also if someone could take a look and
point out anything they think I might be missing I'd appreciate it too.
Again, the point of this config is to catch mail for [EMAIL PROTECTED]
and queue it until mail1.mydomain.com comes back online. The primary MX
host will be routed directly to this postfix server running this
configuration while our main server is down for maintenance:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 1h
maximal_queue_lifetime = 10d
minimal_backoff_time = 30m
mydestination = mail2.judelawfirm.com
mydomain = judelawfirm.com
myhostname = mail2.judelawfirm.com
mynetworks = 127.0.0.0/8
myorigin = mail2.judelawfirm.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 5m
readme_directory = /usr/share/doc/postfix-2.5.4/README_FILES
relay_domains = mail1.judelawfirm.com judelawfirm.com
relay_recipient_maps = hash:/etc/postfix/relay_recipients
sample_directory = /usr/share/doc/postfix-2.5.4/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks reject_unauth_destination
reject_unlisted_recipient reject_non_fqdn_recipient
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_non_fqdn_sender
reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
