Hi, Here is my situation on which I could use some advice. I have 2 ISPConfig servers working together: isp1: Web, DB isp2: Mail I used the tutorial: The Perfect Server - Ubuntu 20.04 with Apache, PHP,MariaDB, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.2 (Beta). But instead of the beta version i used the stable version. Everything works as it should but forgot to think about something that I'm not sure how to handle. I have different forms on different website on isp1 that sends email. Of course it doesn't send any, they have no configuration to send emails. How can I configure my isp1 server so that it uses my isp2 since its configured as email server? FYI, isp1 has a postfix server that is disabled since I used the tutorial to install both servers the same way but only using the services I needed. Thank in advance guys.
Preferably you would configure the sites to send using authenticated smtp; another option is to add isp1 to mynetworks on isp2 and set isp2 as relayhost for isp1.
The first option will not work. The second option is best. So from what I understand I need to do 2 things: Add ISP1 to mynetworks on ISP2 Configure ISP1 to use ISP2 as relay Is it possible to guide me through this process ? Thanks in advance guys.
Both options are possible and i would use option 1. For option 2: open /etc/postfix/main.cf on isp2, add the IP(s) form isp1 to mynetworks and restart postfix. Run postconf -e relayhost=ISP2 on isp1 (need the fqdn or the ip) and restart postfix
this doesn't necessarily mean that the postfix service on isp1 is disabled, only that it's configuration and user management is not being controlled by ispconfig, you may find that the postfix service is still running and quite capable of sending mail. i've noticed in the most recently published multi-server tutorial, they use the ispconfig auto-installer which installs postfix on every ispconfig server. personally, i would prefer that postfix is not installed at all anywhere except for on dedicated mailserver(s), and websites are forced to use authenticated smtp as @Jesse Norell suggests in post 2. this way you can block the webservers from making any outbound connections with a destination of port 25, so even if a website gets hacked and has it's own smtp sender installed, it still can't just mail out directly to wherever it likes.
you need some kind of mail-server on every server (at least to get system-mails). if you need a paranoid setting for postfix, just use inet_interfaces = loopback-only
