Support Telephone: +61 2 9212 0811 | Support Email: support@itng.com.au  
Home | Contact | Search Knowledge Base    
 Information
About ITNG
Services
Experience
NextDSL Internet
NextHOST Website Design
NextWARE Software
News
Contact Us
 
 
 Support
Support
Customer Login

Support
Knowlege Base
 

Search our Knowledge Base for technical articles. This database may contain information sourced from other sites.

You can enter up to 100 characters in your search term. We continue to add articles in this database as we encounter issues in our support work.

If you are directed to this page to start a support session click on the logo below. You will be prompted to install a file. Please follow the directions provided by support.
 

Search Knowledge Base
 
Search Terms
Enter up to 10 search terms. Up to 99 pages that contain ANY of yor search terms will be returned - the pages will be listed in order with the best results listed first.
Clear

Postfix as bastion SMTP mail gateway 
Postfix as bastion SMTP mail gateway

How to configure Postfix on a machine so that it relays mail for example.com to a mail server on the internal network. A common problem with SMTP daemons today is they are not secure. Postfix was built with security in mind. So, it is very easy to install a box just to handle mail to and from the Internet, while you can use your own mail software on your internal server. It will also accept mail from the internal host and deliver it to the Internet. This How-To refers to the most recent version of postfix.

First thing to do is create a user named postfix. We will need to set the shell for this user to false so it can't login.

useradd -c "postfix user account" -s /bin/false postfix

This user account will be used by postfix for all actions, except binding to port 25, for that it needs root. One of the big security problems with sendmail is that everything runs as root, so any exploits give the attacker root access. Postfix is several small programs that work together....and they don't run as root.

Next, get postfix from www.postfix.org

Untar it
tar -xvzf postfixXXXXX.tar.gz

Next, cd into the postfix directory and type make

Then run make install.

A script will automatically be run after the install and it will prompt you for some input, the defaults should be good.

Something that I found when I installed postfix over an existing sendmail install, was the main.cf was pointing to /etc/aliases for the aliases file. It needs to be pointing to the /etc/postfix/aliases file. Double check to make sure yours is correct. Reality is, that it doesn't matter, I just prefer to have all the config files in the /etc/postfix directory. You might want to delete or rename the unused aliases file.

Now, let's edit some files so our postfix install just acts as a gateway and forwards mail to our internal mail server. Postfix can be used as an SMTP server right after install, if you had a POP3 server running you caould use it as your mail server. I run Exchange internally so this install needs to just relay mail.

Postfix files exist in /etc/postfix

Make the following changes to route mail to an internal host and NOT to the local machine. Don't include the comments in parentheses.

/etc/postfix/main.cf: mydestination = (so no mail is routed to the localhost) relay_domains = example.com (so mail is relayed to your domain) transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport: my.domain smtp:internalhost.example.com (forwards user@domain) .my.domain smtp:internalhost.example.com (forwards user@firewall)

/etc/postfix/master.cf: Comment out the local delivery agent (so no mail is delivered locally) That line is the similar to the one below # local unix - n n - - local

Execute the following command whenever you change the transport table. postmap /etc/postfix/transport Execute the following command after a configuration change. postfix reload

That is it, now test it out. I usually do the following to test things out.

tail -f /var/log/maillog - this command will open the log file and actively update it so you can see what is happening.

Use an external mail account to send mail. Watch for when the external server connects, you should see status=sent somewhere in the log. If not, it is time to troubleshoot.

I have a few things below that may help with other configs.

Ok, so now you want this box to also relay other domains. It is easy. Postfix supports virtual domains. Make the following changes.

/etc/postfix/main.cf: virtual_maps = hash:/etc/postfix/virtual

/etc/postfix/virtual example.com jlewis@example.com jlewis@jasonlewis.net root@example.com root@jasonlewis.net

In the virtual file, you can add as many email addresses as you like.

After making the above changes, run postfix reload.

 
Link http://www.packetnexus.com/node.php?id=59

 
File  
 

©2006 IT Next Generation Pty Ltd | Suite 103, 330 Wattle Street, Ultimo NSW 2007
T: +61 2 9212 0811 | F: +61 2 9212 0833 | E: support@itng.com.au | W: www.itng.com.au
Website Design and Solutions | Business Grade Internet Solutions
Microsoft Small Business Specialist | Cisco Partner | Trend Micro | Destra Business