Separate Submission Instance on Same IP as MX
in [Postfix]
|
Prev: routing all mails to customized processor, without individual mail directory
Next: Providing SMTP relay access to roaming laptop without creating anopen relay...
From: Wietse Venema on 1 Aug 2010 21:52 Mike Morris: [ Charset ISO-8859-1 unsupported, converting... ] > On 08/01/2010 09:29 AM, Wietse Venema wrote: > > Mike Morris: > >> Hi, > >> > >> I'm working on a mail server deployment that will only have one server > >> for MX and SASL submission purposes. Generally I like to have separate > >> Postfix instances to handle a specific task. In this case I'm running > >> in to problems when the submission instance uses the same IP address as > >> the MX instance. (Due to a limited IP address pool there is currently > >> only one routable IP address assigned to this server.) > >> > >> Using the submission instance to send a message to a recipient address > >> for which the server is also the MX host triggers Postfix' loop > >> detection. Mail for foreign addresses is relayed correctly. I realize > >> this can be done easily enough without using multiple instances. Is > >> there a way to work around this so that an MX instance and submission > >> instance can share single IP address? I've gotten used to the queue, > > > > If you use different MTAs, then use different myhostname AND > > different inet_interfaces settings. Otherwise it is just too easy > > to screw up and have a high-speed mail system meltdown/explosion/etc. > > > > Postfix is not just about "secure" for some vague definition of > > secure, it is about making a safe to use, so that it does not rip > > off your arms and legs when you make a trivial mistake. > > > > Wietse > > > Fair enough. I'll see what can be done about a second IP address. Or enable the commented-out submission service (port 587) in the default master.cf file. With this, use port 587 for submission, and port 25 for final delivery. Wietse
From: Wietse Venema on 6 Aug 2010 09:36
Mike Morris: > approach. Out of curiosity, what would your reasons be for suggesting > running postscreen with 2.7 rather than using a 2.8 snapshot? Wouldn't > similar instability concerns about the latter apply to the former? The difference is that stable release features not change except in case of emergency, so you can upgrade from one stable Postfix version to the next without having to reconfigure Postfix. And when features do have to change, there is a great deal of backwards compatibility. The snapshot releases introduce new features, and those can still change in incompatible ways. For example, postscreen is a prototype that I threw together in a few weeks so that I could present some new measurements at a conference. Once this program is finished sites will almost certainly need to update configuration files. Wietse |