On 5/6/2011 2:48 PM, Christopher Adams wrote:
Hello all, I have tinkered with getting Postfix to relay mail from an external (to the Exchange subnet) server to an Exchange 2010 server. I have not done any real tests yet, as this mail is all our organization mail and I want to get it right. Also, this is a temporary setup to try to troubleshoot some issues between the external server and Exchange. I have included the current output from postconf -n below. FYI - the external mail server(s) are in the subnet 159.121.109.0/24, the Exchange server accepts mail at 159.121.122.30 and 159.121.122.44, and the Postfix server is 159.121.122.15/hpl.osl.state.or.us. I set up a transport_map with the two ips for the Exchange server like this. Not sure if that is correct, but then I have questions about much of this. I would appreciate helpful comments that could get me further along. Thanks. Transport: oslmail.osl.state.or.us relay:[159.121.122.30] oslexchange.osl.state.or.us.local relay:[159.121.122.44] postconf -n output: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 5 debug_peer_list = hpl.osl.state.or.us
No, don't enable debug logging. Normal postfix logging will show everything you need. Remove this entry.
default_privs = nobody html_directory = no inet_interfaces = $myhostname, localhost
Remove this entry to let postfix use all interfaces. The exception is if you have multiple interfaces and need to limit which interfaces postfix will listen on.
mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10000000 mydestination = $myhostname, localhost.$mydomain, localhost, hpl.$mydomain
Should be just = localhost, or empty.
mydomain = osl.state.or.us myhostname = hpl.osl.state.or.us mynetworks = 159.121.122.0/24, 127.0.0.0/8, 159.121.109.41, 159.121.109.42, 159.121.109.43, 159.121.109.44, 159.121.105.151
Mynetworks lists the trusted networks that are allowed to relay through postfix. From your description above, this should probably be just
= 127.0.0.1, external_server, exchange_server.
newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relay_domains = $mydestination, 159.121.122.30, 159.121.122.44, 159.121.109.41, 159.121.109.42, 150.121.109.43, 159.121.109.44, 159.121.105.151
Don't list IPs in relay_domains. Do list all the domains postfix is expected to accept and relay to exchange_server.
An internet-facing server would also need to populate relay_recipient_maps with a list of valid recipients for your domains, but that needs to be done at the network edge, not at an internal relay.
relayhost = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
check_relay_domains is deprecated and shouldn't be used. Why are you enabling SASL if this is just an internal relay? The default setting of = permit_mynetworks, reject_unauth_destination should work just fine for your described application.
smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550
Start with studying http://www.postfix.org/BASIC_CONFIGURATION_README.html and then move on to http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Noel Jones
