Hello, We have been looking for ways of implementing some redundancy on our postfix gateways in our company. We have 4 Postfix Gateways. mail2.domain.ro 10 mail.domain.ro 20 mail1.domain.ro 30 mail3.domain.ro 40 On nslookup we have like this: domain.ro MX preference = 10, mail exchanger = mail2.domain.ro domain.ro MX preference = 20, mail exchanger = mail.domain.ro domain.ro MX preference = 30, mail exchanger = mail1.domain.ro domain.ro MX preference = 40, mail exchanger = mail3.domain.ro The postfix servers are only the gateways to the internet. In the company we use the Exchange from Microsoft. So, every gateways points to a HUB. mail2.domain.ro (10.10.9.10 ) points to the first hub ( hub 1 = 10.21.1.4 ) mail.domain.ro ( 10.10.9.99 ) points to the second hub ( hub 2 = 10.21.1.7 ) mail1.domain.ro ( 10.10.9.98 ) points to the 3rd hub ( hub 3 - at the moment is down ) mail.3.domain.ro - it will be emplented in other city. For the 2 postfix gateways we have configured the files like this: main.cf $ cat /etc/postfix/main.cf | egrep -v "(^#.*|^$)" > /home/yo/main.cf smtp_data_xfer_timeout = 600 smtpd_error_sleep_time = 2s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 smtpd_tls_CAfile = /etc/postfix/tls/CA.txt smtpd_tls_cert_file = /etc/postfix/tls/domain.ro.crt smtpd_tls_key_file = /etc/postfix/tls/domain.ro.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_CAfile = /etc/postfix/tls/CA.txt smtp_tls_cert_file = /etc/postfix/tls/domain.ro.crt smtp_tls_key_file = /etc/postfix/tls/domain.ro.key smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_use_tls = yes smtp_tls_security_level = may smtpd_tls_received_header = yes smtpd_tls_ask_ccert = yes smtpd_tls_loglevel = 3 tls_random_source = dev:/dev/urandom smtpd_tls_session_cache_timeout = 3600s smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, smtpd_helo_required = yes queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix mydomain = domain.ro inet_interfaces = all mydestination = unknown_local_recipient_reject_code = 550 mynetworks = 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16 relay_domains = domain.ro transport_maps = hash:/etc/postfix/transport relayhost = smtp_generic_maps = hash:/etc/postfix/generic alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases header_checks = regexp:/etc/postfix/header_checks debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES message_size_limit = 25600000 master.cf $ cat /etc/postfix/master.cf | egrep -v "(^#.*|^$)" > /home/yo/master.cf smtp inet n - n - - smtpd -o content_filter=spamassassin submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} transport $ cat /etc/postfix/transport | egrep -v "(^#.*|^$)" > /home/yo/transport domain.ro smtp:[10.21.1.4] .domain.ro smtp:[10.21.1.4] This is the actual configuration, so the postfix gateway points to a exchange HUB. Our goal is : if the first hub drops from the first gateway, if we can manage to connect to the second hub . We use the transport conf to connect to the hub, but how can we manage to points to a second hub if the first hub is dropped. I found this link: http://postfix.1071664.n5.nabble.com...s-td39675.html , but becouse its a production environment we can't test ... If we change in the master.cf with this: relay unix ... smtp -o smtp_fallback_relay=[fallback.example.com] and in the transport we still keep the current configuration it will work corectly? How can we do this ?
wel i have 1 mailgateway with 2 nics. nic 1 internal net nic 2 external net. nic 1 is on lan switch nic2 to is connected to a swich for internet use, in this switch are 2 internet modems. on my linux server if use advanded routing. explained here : http://www.debian-administration.org/article/377/Routing_for_multiple_uplinks config in your postfix master all ipadresses for smtp (port 25) i have 4 lines 127.0.0.1:25 internalip:25 external1 and 2. like 127.0.0.1:smtp unix - - n - - smtp -o syslog_name=postfix-smtp1 -o smtp_helo_name=FQDN -o smtp_bind_address=IP internalip:smtp unix - - n - - smtp -o syslog_name=postfix-smtp1 -o smtp_helo_name=FQDN -o smtp_bind_address=IP no need of transport maps, that is done by dns resolving the mx records. this is a vhost1 and i'v done the same voor vhost2. dns resolving internal to virtual host1 or 2, and both have 2 internet connections. and host1 and to are no 2 differende xen servers. pretty safe, wel ok for me. ;-) so to test, get xen server 6.2 its free. install it. now you can migrate the production server to the a virtual machine. google for it, xen has ok documentation has lots to find on the internet. now you can test ;-) and really ... postfix-2.3.3 ... old red-hat or centos.. as long you can do your upgrades...
Hello, Thank you for the response. I don't have 1 server with 2 nic cards. I have 4 different blade servers for each gateway. Everyone has same configuration. Our issue is : if a mail has entered the gateway and transport it to a Microsoft Exchange HUB ( this is what the company buyed , so this is what we use ) , if a hub is down , to deliver the mail to the other hub on other blade server. We can't put 4 hubs on different nic card on the same gateway, becouse if the gateway drops we will not have redundancy. Any ideeas?
