I have a local server at home that needs to send and receive email but my ISP blocks port 25 in and out. The local server is running Debian 8, has Virtualmin installed on top of it with postfix and it going to handle 4 domains. For the sake of this post, domain1.com, domain2.com, domain3.com and domain4.com.
So, I have a remote server I'm hoping to relay mail through on port 587. this server is also on my VPN and also running Debian 8 and postfix.
My local server is 10.0.0.24
My postfix server on my VPN is 10.1.0.10
My MX records are set correctly as when I use a specific configuration, my home server receives email relayed through the remote server. However, with my configuration choices, I can do either:
1) Send mail from my network to the outside world
2) Receive email to my LAN server from the outside world
But I can't do both at the same time.
On my remote server, here is the /etc/postfix/main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain
relayhost = [10.0.0.24]:587
relay_domains = domain1.com, domain2.com, domain3.info, domain4.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
And here is the /etc/postfix/main.cf running on my LAN server
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server5.domain1.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server5.domain1.local, localhost.domain1.local, , localhost
relayhost = [10.1.0.10]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
with the above configuration, I am able to receive email from the internet and have it relayed through my remote server, over my VPN and back to my home server and have it land in the respective user's mailbox, no matter the doamin.
However, trying to mail out from my home server out to the internet is met with a delivery failure:
<me@gmail.com>: host 10.1.0.10[10.1.0.10] said: 554 5.4.0 Error: too
many hops (in reply to end of DATA command)
The logs seem to show the email bouncing between home and remote servers several times before the failure message finally shows up.
However, I thought the relay_domains setting told postfix only to relay email for those domains and just deliver to internet anything else?
If I REMOVE relayhost = [10.0.0.24]:587 from my remote server, then I can now send emails to the outside world from my internal server and they get delivered and relayed properly, but any incoming emails stop at my remote server because there's no relay setup, and the users aren't setup on the remote server, so delivery is met with failure:
The error that the other server returned was:
550 5.1.1 <user@domain1.com>: Recipient address rejected: User unknown in local recipient table
So my problem is, how can I relay mail through a postfix server going in both directions, from my LAN to the outside world and also from the outside world to my LAN, taking into account that all transactions to my LAN server have to be through port 587 to get around an ISP port block?
Thanks for any help you can provide.
Best Answer
Just figured it out. Need to use Postfix transport maps in order to accomplish this. At least it's working for me!
So, on the Local server I believe I left main.cf alone:
On the remote server however, I used transport maps to accomplish this.
Create the transport table:
Populate it, in my case, it's:
Save and close.
Edit
/etc/postfix/main.cfand clean it up a bit by removing the relayhost and adding the transport_maps:Save the file. postmap the transport table:
Restart Postfix on both machines:
And should be good to go!