Postfix multi instance configuration

Discussion in 'Server Operation' started by bluelight, Jul 27, 2016.

  1. bluelight

    bluelight New Member

    Hi Guys,

    I have a VPS. It had one IP address and it worked well with the ISPConfig's Postfix setup. Then I thought I will buy another IP and will set websites to work with the new IP and the authenticated e-mail users with the old one.

    So, I configured Postfix in multi instance mode. Created a new instance and moved its settings to the default Postfix configuration, in /etc/postfix/. After this I moved the original one into the new instance's configuration, in /etc/postfix-out/.

    I had some problems with sasl authentication, but I have managed to solve most of them.

    Now everything works fine. Websites can send e-mails, and even webmail users can authenticate, receive and send mails, but remote users cannot authenticate with Postfix. It gives SASL LOGIN authentication failed: authentication failure message.

    It uses MySQL to get users login information, maybe this is the part, where it gets wrong.

    Here are the main.cf content of the postfix-out instance (I changed the IP address with X.X.X.X, and my domain name of course):

    smtpd_banner =$myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    append_dot_mydomain = no
    readme_directory =/usr/share/doc/postfix
    data_directory =/var/lib/postfix-out
    smtpd_tls_cert_file =/etc/postfix-out/smtpd.cert
    smtpd_tls_key_file =/etc/postfix-out/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = mydomain.com
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    mydestination = mydomain.com, localhost, localhost.localdomain
    relayhost =
    mynetworks =127.0.0.0/8, X.X.X.X
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit =0
    recipient_delimiter =+
    inet_interfaces = X.X.X.X,127.0.0.1
    inet_protocols = ipv4
    html_directory =/usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix-out/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix-out/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix-out/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix-out/mysql-virtual_mailboxes.cf
    virtual_mailbox_base =/var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix-out/mysql-virtual_recipient.cf
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix-out/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix-out/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix-out/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps =$local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix-out/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix-out/mysql-virtual_client.cf
    smtpd_client_message_rate_limit =100
    maildrop_destination_concurrency_limit =1
    maildrop_destination_recipient_limit =1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix-out/header_checks
    mime_header_checks = regexp:/etc/postfix-out/mime_header_checks
    nested_header_checks = regexp:/etc/postfix-out/nested_header_checks
    body_checks = regexp:/etc/postfix-out/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols =!SSLv2,!SSLv3
    smtpd_tls_protocols =!SSLv2,!SSLv3
    smtp_tls_protocols =!SSLv2,!SSLv3
    dovecot_destination_recipient_limit =1
    smtpd_sasl_type = cyrus
    smtpd_sasl_path = smtp.conf
    cyrus_sasl_config_path =/etc/postfix-out/sasl
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit =0
    inet_protocols = ipv4
    queue_directory =/var/spool/postfix-out
    multi_instance_name = postfix-out
    multi_instance_enable = yes
    multi_instance_wrapper =${command_directory}/postmulti -p --​

    What am I missing?
    Thanks for your help in advance!
     

Share This Page