Configure Postfix as an Inbound and Outbound SMTP Mail Only Relay

Posted on by rgesteland Posted in Linux, Postfix No Comments ↓

How Postfix Relays Incoming and Outgoing SMTP Mail

For this article, we will show you how to configure a Postfix server as an SMTP mail relay for incoming and outgoing mail. You can use any third party email service provider as a smarthost. Companies like Comodo, Proofpoint, Mailgun are all great examples of such companies.

How Outbound SMTP Mail is Handled using Postfix as a Mail Relay
• Internal Mail servers sends outbound mail to Postfix server
• Postfix server hands off mail to external smarthost for delivery
• Smarthost delivers mail or rejects it
How Inbound SMTP Mail is Handled using Postfix as a Mail Relay
• Inbound SMTP mail is received by Postfix 
• Postfix checks the mail domain the email is addressed to 
• If the mail domain matches an internal mail domain then the mail is handed off to the internal mail server 
• If there is no match then Postfix will reject it and will not process it any further

The solution to set up Postfix as a mail relay only server for inbound and outbound SMTP mail is actually quite simple. When we tried to find documentation that clearly explains how to do this it was no easy task. There are so many configurable options for Postfix that it sometimes can be difficult to find the correct options for your particular scenario.

Linux Platforms Supported and the Flexibility When Using this Configuration

For the purposes of this article we installed Postfix on Ubuntu 20.04. However, the configuration should work on any Linux flavor including Debian, SUSE, CentOS, RHEL, Fedora, etc….

With this configuration you can support multiple internal mail domains. You can also use it to relay the mail to a different internal mail server depending on the mail domain. The below configuration supports any number of internal mail domains. You can also specify an SMTP Authenticated service such as a Google Mail server as your outgoing smarthost.

For simplicity sake and to make this article Linux flavor agnostic, we are not going to go into the details on how you install and setup Postfix itself. There are thousands of articles and videos that will help you do that. So, let’s jump right into how to modify a working Postfix server configuration to support this new environment. Use your favorite editor to edit and save your files.

Create the Transport, Relay Files and Modify the Main.cf file for Postfix

You only need to create or modify 3 files for this scenario to work. Please note that you should first backup your Postfix folder before making any changes. Also, our recommended changes are to be followed at your own risk. We are not responsible for changes adversely affecting your mail environment. If you modify files that already exist then please do so with caution. You might cause your current Postfix configuration to stop working. Finally, you need root or sudo rights to modify/create any of the files below.

We are assuming that Postfix is installed in the /etc/postfix folder.

Configure the /etc/postfix/transport File to Specify which Relay each Domain is Using
your-mail-domain.com   relay:[X.X.X.X]:port
*                      relay:[Y.Y.Y.Y]:port
Configure the /etc/postfix/relay File to Specify which Domains are being Relayed
your-mail-domain.com   OK
*                      OK
Run Postmap on the Transport and Relay Files to Prepare them to be used by Postfix
postmap /etc/postfix/transport
postmap /etc/postfix/relay
Edit the Main.cf File to Add Transport and Relay Settings to the Postfix Configuration
transport_maps = hash:/etc/postfix/transport
relay_domains = $mydestination, hash:/etc/postfix/relay
Remove All References to your Internal Mail Domains from mydestination in the Main.cf file

You must remove any references to your-mail-domain.com in the mydestination entry in the main.cf file. It is possible that your mydestination may just have localhost defined as shown below:

mydestination = localhost

If you don’t remove those references then the inbound relay will not work. Entries in mydestination tell Postfix that the your-mail-domain.com addressed mail is to be processed by Postfix. You just want Postfix to relay it and not reject it. You may also get an error that Postfix is not authorized to relay mail for your-mail-domain.com.

After you’ve made the above changes, makes sure to reload or restart your Postfix service. If it reloads/restarts successfully then test it out by to ensure it is working as expected.

Some Other Useful Sample Configurations for Postfix

Here are some other sample configurations that you may find useful. The below are slight modifications of what we described above. We are only going to show you the differences between the transport and relay files since the changes made to the main.cf will be the same.

Multiple mail domains relaying inbound mail to the same internal mail server
/etc/postfix/transport
your-1st-mail-domain.com    relay:[X.X.X.X]:port
your-2nd-mail-domain.com    relay:[X.X.X.X]:port
your-3rd-mail-domain.com    relay:[X.X.X.X]:port
*                           relay:[Y.Y.Y.Y]:port

/etc/postfix/relay
your-1st-mail-domain.com     OK
your-2nd-mail-domain.com     OK
your-1st-mail-domain.com     OK
*                            OK
Relay Inbound Mail for Multiple mail domains to Different Internal Mail Servers
/etc/postfix/transport
your-1st-mail-domain.com   relay:[W.W.W.W]:port
your-2nd-mail-domain.com   relay:[X.X.X.X]:port
your-3rd-mail-domain.com   relay:[Y.Y.Y.Y]:port
*                          relay:[Z.Z.Z.Z]:port

/etc/postfix/relay
your-1st-mail-domain.com    OK
your-2nd-mail-domain.com    OK
your-1st-mail-domain.com    OK
*                           OK
Support outbound mail relay through a secure SMTP Authenticated service such as Gmail

If you want to relay through a secure email provider such as Gmail using SMTP Authentication then keep on reading. Please note that we not going to explain how to configure your Gmail account and Postfix to use SMTP Authentication. If you want to authenticate securely connect Gmail to Postfix there are many resources available elsewhere to give you that information. Here’s how you can configure Postfix to use Gmail as an outbound relay:

/etc/postfix/transport
your-mail-domain.com    relay:[X.X.X.X]:port
*                       relay:[smtp.gmail.com]:587

/etc/postfix/relay
your-mail-domain.com     OK
*                        OK

Hopefully you find the above information useful and you are ready to configure Postfix to function as a mail relay only server for inbound and outbound SMTP mail. If you need assistance by experienced professionals to install, configure and deploy secure mail for your environment please do not hesitate to contact us.

Location パラメータを追加で設定するためのDesktop Policyフォームの編集

Posted on by rgesteland Posted in Uncategorized No Comments ↓

Designing a Desktop Policy form to set Location parameters

Posted on by rgesteland Posted in Lotus Designer, Lotus Domino server No Comments ↓

Desktop Policy settings document can be used for domino administrator to configure and enforce the user location document in Notes Client.

However as the default desktop policy settings document, it does not allow to pass down the all location document’s fields.

For example, “Recipient name type-ahead” field of location document cannot be configured in the default desktop policy settings document.

In that case,  There is sill the way to add the desired parameters into the default desktop policy settings document by editing server names.nsf with lotus designer.

Below is the information regarding desktop policy and location parameters.

You can use Desktop Policy settings documents to set field value in users' current Location documents.This can be done by adding a new field to the policy settings document using the Domino Designer. The new field must be named LocAllVariableName, where VariableName is the name of the field you are setting in the Location documents.

Original source: IBM – Using a Desktop Policy to set notes.ini and Location parameters.

Here is the step by step example for adding “Recipient name type-ahead”  into Desktop Policy settings document.

  1. Open server names.nsf from Lotus Designer.
  2. Open PolicyDesktop form from form list view.
  3. Click Mail tab, and then create “LocAllNameLookupPref” field in anywhere you want.デスクトップポリシー設定文書の変更例
  4. Save the form. and then close Lotus Designer.
  5. Open Domino Administrator, and then open Desktop Policy settings document. If you don’t have any Desktop Policy settings document, create it.
  6. If you click Mail tab, then you should be able to see the field which you created. Put value 0 or 1 or 2.
  7. Save Desktop Policy settings document.
  8. Test by the user who this Desktop Policy is assigned. This new value is set on the assigned users’ clients the next time they authenticate with their home server.
Tagged with: , ,
Top
MENU