Mailman29 via Postfix-users: > I have changed the $myhostname string and it still says it loops > back to myself. Port 25 must be forwarded for incoming mail. Postfix > isn't supposed to be listening to any ports. In fact, I only have > smtpd enabled, and not smtp. This is very confusing. :(
Wietse Venema: > To inform the Postfix SMTP client that this Postfix instance does > not receive mail from the network, specify: > > main.cf: > inet_interfaces = Mailman29 via Postfix-users: > I thought that may be right, but if I comment out the "inet_interfaces" > it fails to take mail from the main server for outbound delivery. We appear to be talking aobut different servers: one that: "isn't supposed to be listening to any ports", yet ssomehow should be able to receive mail. and one that should listen: "if I comment out the "inet_interfaces" it fails to take mail from the main server for outbound delivery". Coming back to the diagram: public IP address, port 25: haproxy -> non-public port or address: frontend.example.com MTA with transport_maps -> non-public port or address: backend.example.com MTA I understand from your response that the backend MTA should send mail to the internet through the frontend MTA. All that is possible but it requires careful configuration: 1) The backend.example.com MTA receives inbound mail from the frontend, delivers mail locally for example.com, localhost, backend.example.com, frontend.example.com, and sends outbound mail through the frontend. /etc/postfix/main.cf: # This example assumes delivery with the local(8) delivery agent, # with valid recipients specified in local_recipient_maps # (default: $alias_maps unix:passwd.byname). # Instead, one could deliver with virtual_transport, list the # domains with virtual_mailbox_domains, and list valid recipients # with virtual_mailbox_maps. mydestination = example.com localhost backend.example.com frontend.example.com # Use a distinct MTA name to avoid name-based loop detection. myhostname = backend.example.com relayhost = [127.0.0.1]:frontend-outbound-port inet_interfaces = 127.0.0.1 /etc/postfix/master.cf: # Use a port other than 25 to disable IP address based loop detection. 127.0.0.1:backend-inbound-port .. .. .. .. .. .. .. smtpd 2) The frontend.example.com MTA forwards mail to the backend for example.com, localhost, *.example.com: /etc/postfix-frontend/main.cf: # Use a distinct MTA name to avoid name-based loop detection. myhostname = frontend.example.com # Forward example.com, *.example.com, localhost. relay_domains = example.com localhost # This assumes you have a list of valid recipients. relay_recipient_maps = ...list with valid recipients... transport_maps = hash:/etc/postfix-frontend/transport mydestination = proy_interfaces = the haproxy public IP address inet_interfaces = 127.0.0.1 /etc/postfix-frontend/transport: # Forward example.com, *.example.com, localhost to the backend. # Execute "postmap hash:/etc/postfix-frontend/transport after # editing the file. example.com relay:[127.0.0.1]:backend-inbound-port .example.com relay:[127.0.0.1]:backend-inbound-port localhost relay:[127.0.0.1]:backend-inbound-port /etc/postfix-frontend/master.cf: # The port that receives inbound mail through haproxy. 127.0.0.1:frontend-inbound-port .. .. .. .. .. .. .. smtpd -o syslog_name=postfix/frontend-inbound -o smtpd_upstream_proxy_protocol=haproxy # The port that receives outbound mail from the backend MTA. # Use a port other than 25 to disable IP address based loop detection. 127.0.0.1:frontend-outbound-port .. .. .. .. .. .. .. smtpd -o syslog_name=postfix/frontend-outbound -o smtpd_upstream_proxy_protocol= There's probably a setting that I'm overlooking but this should cover most of it. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org