After having a little outage due my my ADSL router deciding to take a couple of hours off, I decided I really really really did need to sort out a secondary MX. I have a little Ubuntu server in a rack offsite that I toyed with for a while but never seriously did anything with once I got distracted with other things.
Now of course it is going to be my store-and-forward server for when my home mail server disappears off the big scary Internet. A Store-and-forward server is basically a mail server that relays mail for a certain list of known domains. It will also be prepared to hold mail in the queue for a few days until the primary is back to life.
The best description and config help I found was here. Well worth a look if you want to do this kind of thing yourself for free on old hardware for when that expensive Exchange mail server (or in my case cheap Mercury server) decides it doesn’t want to play any more.
Postfix is currently not being too helpful and I’m going to rip-and-replace it. It should be a simple config but I couldn’t help trying to refine it. Oops. It also doesn’t help that I seem to fallen foul of the “smtp fixup” provided by the over-eager Cisco ASA sitting in front of it.
Another good site for novice Postfix admins is here. It lists a verbose config with lots of good little security-conscious snippets.
One way to achieve a store-and-forward server is to use Postfix aliases. An Alias file will allow your server to be the server listed as the MX in your domain zone file but then incoming mail is redirected to a server with a real mailbox. Here is an extract from my main.cf to show you how I did it:
# Do not relay anything
#relay_domains = $mydestination
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# Aliases is what we want to do
alias_maps = hash:/etc/aliases
# start virtual domains section, list all the domains we receive email for and the file containing the mappings
virtual_alias_domains = simkin.org, orangeteapot.co.uk
virtual_alias_maps = hash:/etc/postfix/virtual
# security fixes
disable_vrfy_command = yes
smtpd_helo_required = yes
allow_percent_hack = no
swap_bangpath = no
smtpd_sasl_authenticated_header = yes
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_client_restrictions = permit_mynetworks,
reject_rbl_client zen.spamhaus.org,
reject_invalid_hostname,
warn_if_reject,
reject_unknown_reverse_client_hostname,
reject_non_fqdn_helo_hostname,
reject_unauth_pipelining,
reject_invalid_helo_hostname,
permit
smtpd_recipient_restrictions = permit_mynetworks,
check_client_access cidr:/etc/postfix/client_checks,
permit_sasl_authenticated,
reject_unauth_destination,
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_data_restrictions = reject_unauth_pipelining
# end security fixes
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
For the “Client Checks” section, see this post.
Then build your alias table to pass incoming mail to a particular email address to go to wherever you want.
nobody@simkin.org myrealmailbox@gmail.com
Save the file to /etc/postfix/virtual and run
postmap virtual /etc/init.d/postfix reload
