Hello, List!
OK, I´m trying to migrate from a (really very, very) old mailserver to a
new one, and besides the fact that the old one has options that do not
even exist anymore, at all, the new setup ist a bit different from the
current one.
so if anyone could look over this, and tell me if anything is horribly
wrong, i´d really appreciate it. Because, of cause, this is a live
system, with no backup worth mentioning and it´s just about 550 user,
and this is my first try at something of that scale =) (also, the old
server is something i ...inherited, so to speak, of cause without a docu..)
ok, the plan goes like:
two servers, one called cleany from here on, the other maily.
cleany is the one who gets the mails from the internet, cleans them via
greylists, checks if the recipient adress exists, etc and then sends
them to maily.
at maily, postfix only takes mails that come from cleany and delivers
them to the mailboxes. maily is the target for any action coming from
the clients, be it reading via IMAP or sending mail.
Any mails that are written, postfix checks if the recipient is another
of its clients, and if not, then it sends the mail to cleany.
cleany then checks, if everything is ok with this mail and throws it
into the internet.
I poked through some of the howtos and docus, and it seemed a good idea
to use multiple instances of postfix on cleany, while maily seems
peaceful enough to keep it normal. to this is what i came up with,
please tell me if something is wrong or if i left out something that´s
supposed to be there =)
also, there were some options i´m really unsure about, those are
commented out, together with the question.
I) on cleany:
1) the default-instance of postfix is supposed to only deliver locally
generated mail to itself:
myhostname = cleany
mydestination = localhost.localdomain, localhost, cleany, cleany.mydomain.org
relayhost =
mynetworks = 127.0.0.1
mynetworks_style = host
recipient_delimiter = +
inet_interfaces = loopback-only
default_transport = error: Local delivery only!
multi_instance_wrapper = ${command_directory}/postmulti -p --
multi_instance_enable = yes
multi_instance_directories = /etc/postfix-out, /etc/postfix-in
2) postfix-out should accept only mails from maily, check if they are ok
and send them off into the internet:
mydomain = mydomain.org
myorigin = $mydomain
mydestination =
mydestination = nothing, because the mydestination parameter specifies
# what domains this machine will deliver locally, instead of forwarding
# to another machine, and it should deliver everything into the internet
mynetworks = 127.0.0.0/8 maily.mydomain.org (or it´s ip? whats better?)
relay_domains = all
# (because it should relay/send to anywhere in the internet?
relayhost =
#empty, because it´s the sender already..
proxy_interfaces = gatewayIP
# is this needed for sending or receiving or both?
myhostname = cleany.mydomain.org
inet_interfaces = cleanysIP, 127.0.0.1 (or all? *confused*)
content_filter = smtp:cleanyIP:10024 or smtp:127.0.0.1:1024 ?
# does it matter?
# mime_header_checks, header_checks and body_checks will
# be copied from the old server, same as smtpd_tls_key_file,
# ..cert_file und ..CAfile. Do the have to be in all instances on
# all servers?
message_size_limit = 20480000
strict_rfc821_envelopes = no
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks
reject_unverified_recipient,
permit
3) postfix-in should receive mails from the internet, clean it and send
the valid mails to maily:
mydomain = mydomain.org
myorigin = $mydomain
mydestination =
# empty, because it should relay everything to maily?
mynetworks = 127.0.0.0/8
relay_domains = $mydomain
relayhost = maily.mydomain.org (or it´s IP? same diff?)
proxy_interfaces = gatewayIP (again: needed?)
myhostname = cleany.mydomain.org
inet_interfaces = cleanysIP, 127.0.0.1
# or should i leave it at "all"?
virtual_alias_maps = <mysql-query that delivers the account/user-name>
# should be ok, if everything received and cleaned gets relayed to maily?
virtual_alias_domains = <delivers only one domain, and the one adress
using it is also listed in virtual_alias_maps, so it can be left out?>
content_filter = smtp:cleanysIP:10024 or smtp:127.0.0.1:10024 ?
# again: is there a difference?
# again copy body_checks, header_checks and mime_header_checks
# from the old server, same question for the tls-key/cert/CA
message_size_limit = 20480000
strict_rfc821_envelopes = no
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.njabl.org
reject_rbl_client inputs.relays.osirusoft.com
reject_rbl_client dialups.relays.osirusoft.com
reject_rbl_client spews.relays.osirusoft.com
reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:10023
reject_unverified_recipient,
permit_mx_backup
reject_unauth_destination
permit
II) maily should accept only from cleany and the clients, check if
mails it handles are in the mysql-db and if they aren´t, send them to
cleany:
mydomain = mydomain.org
myorigin = $mydomain
mydestination = $mydomain, $myhostname, localhost localhost.$mydomain
# maybe some alias-thingy for the other domain mentioned above?
mynetworks = 192.168.10.0/24, 127.0.0.0/8
relay_domains = all ?
relayhost = cleany.mydomain.org (or it´s IP)
myhostname = maily.mydomain.org
inet_interfaces = mailysIP? 127.0.0.1? all?
virtual_alias_maps =
# not needed if cleany delivers them already changed to the
# account/user-name?
virtual_alias_domains =
# not needed?
masquerade_domains = $mydomain
unknown_local_recipient_reject_code = 550
mailbox_size_limit = 0
message_size_limit = 20480000
alias_maps = <copy the old contents?>
# unfortunately i have no clue if they are relevant or used, and is
# there a way to find out what´s stored in e.g. hash:/etc/aliases?
# then i might be able to find out...^^;
# same problem/question for canonical_maps, relocated_maps
# transport_maps and sender_canonical_maps.
# smtpd_tls_key_file, cert_file and CAfile copied here as well?
whew..if you read all the way to here: thank you already for that, any
hints and answers will be greatly appreciated.
best regards
silvana
