After having a little outage due my my ADSL router deciding to take a couple of hours off, I decided I really really really did need to sort out a secondary MX. I have a little Ubuntu server in a rack offsite that I toyed with for a while but never seriously did anything with once I got distracted with other things.<\/p>\n
Now of course it is going to be my store-and-forward server for when my home mail server disappears off the big scary Internet. A Store-and-forward server is basically a mail server that relays mail for a certain list of known domains. It will also be prepared to hold mail in the queue for a few days until the primary is back to life.<\/p>\n
The best description and config help I found was here<\/a>. Well worth a look if you want to do this kind of thing yourself for free on old hardware for when that expensive Exchange mail server (or in my case cheap Mercury server) decides it doesn’t want to play any more.<\/p>\n Postfix is currently not being too helpful and I’m going to rip-and-replace it. It should be a simple config but I couldn’t help trying to refine it. Oops. It also doesn’t help that I seem to fallen foul of the “smtp fixup” provided by the over-eager Cisco ASA sitting in front of it.<\/p>\n Another good site for novice Postfix admins is here<\/a>. It lists a verbose config with lots of good little security-conscious snippets.<\/p>\n\n\n One way to achieve a store-and-forward server is to use Postfix aliases. An Alias file will allow your server to be the server listed as the MX in your domain zone file but then incoming mail is redirected to a server with a real mailbox. Here is an extract from my main.cf to show you how I did it:<\/p>\n\n\n\n# Do not relay anything \n#relay_domains = $mydestination\n#relay_recipient_maps = hash:\/etc\/postfix\/relay_recipients\n\n# Aliases is what we want to do\nalias_maps = hash:\/etc\/aliases\n\n# start virtual domains section, list all the domains we receive email for and the file containing the mappings\nvirtual_alias_domains = simkin.org, orangeteapot.co.uk\nvirtual_alias_maps = hash:\/etc\/postfix\/virtual\n\n# security fixes\ndisable_vrfy_command = yes\nsmtpd_helo_required = yes\nallow_percent_hack = no\nswap_bangpath = no\nsmtpd_sasl_authenticated_header = yes\nsmtpd_helo_restrictions = reject_unknown_helo_hostname\nsmtpd_client_restrictions = permit_mynetworks,\n reject_rbl_client zen.spamhaus.org,\n reject_invalid_hostname,\n warn_if_reject,\n reject_unknown_reverse_client_hostname,\n reject_non_fqdn_helo_hostname,\n reject_unauth_pipelining,\n reject_invalid_helo_hostname,\n permit\n\nsmtpd_recipient_restrictions = permit_mynetworks,\n check_client_access cidr:\/etc\/postfix\/client_checks,\n permit_sasl_authenticated,\n reject_unauth_destination,\n\nsmtpd_sender_restrictions = reject_unknown_sender_domain\nsmtpd_data_restrictions = reject_unauth_pipelining\n# end security fixes\n\nmynetworks = 127.0.0.0\/8 [::ffff:127.0.0.0]\/104 [::1]\/128\nmailbox_command = procmail -a \"$EXTENSION\"\nmailbox_size_limit = 0\nrecipient_delimiter = +<\/pre>\n\n\n\n