A Postfix store and foreward configuration is needed when setting up a secondary MTA. If your primary MTA is down, then all mails will be sent to the secondary "store and forward" postfix server. As the name implies, all emails will be recieved and stored locally until your primary MTA comes back online.
The main reasons we want a store and forward server is:
Email for a domain is through the MX record. Let's take cisco.com for example. If I do "dig mx cisco.com" I get the following answer:
;; ANSWER SECTION: cisco.com. 86400 IN MX 30 aer-mx-01.cisco.com. cisco.com. 86400 IN MX 10 alln-mx-01.cisco.com.
This means cisco has three public MTA , these may or may not be store and forward, but all that we need to know is that according to the numbers on the 5th column, alln-mx-01.cisco.com is the first MTA to be tried, and if that is not accessible then try aer-mx-01.cisco.com.
So as an email admin, you have to create MX records for your domain in a similar manner.
In these example, I will be using the scenario where mail.jnvilo.com is my primary MTA and mail-store.jnvilo.com is the new postfix store and forward server that we are building. Thus we should have the DNS MX records as:
;; ANSWER SECTION: jnvilo.com. 86400 IN MX 10 mail.jnvilo.com. jnvilo.com. 86400 IN MX 20 mail-store.jnvilo,com.
Also, mail.jnvilo.com handles emails for maltacentral.com and rpmbrew.com .
I am going to be installing on a Centos 7.0 server. Install intructions are out of the scope but to ensure that you can repeat my steps, i did the following
* yum -y update #Always update the server
User your favourite editor [In my case vi] to edit /etc/selinux/config and disable SELINUX for now. You can enable it again once you know everything is working and setup your selinux rules to fix any denials.
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
and change the line:
Ensure you have in your hosts file , the IP of the server.
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.100.1 mail-store.jnvilo.com mail-store
And also ensure that hostname is set properly.
[root@mail-store ~]$ hostname mail-store.jnvilo.com
Centos7 ships with firewalld which may have incoming port 25 closed. Make sure this is open.
yum -y install postfix systemctl enable postfix systemctl restart postfix
Open /etc/postfix/main.cf in your favorite editor [vi or emacs or nano or pico] and modify the following lines as follows:
relay_domains = jnvilo.com, cyberciti.com, $mydestination relay_recipient_maps = hash:/etc/postfix/relay_recipients
email@example.com OK firstname.lastname@example.org OK email@example.com OK
save and close the file and make sure your DB is updated
Edit /etc/postfix/main.cf and add the following lines:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org # helo required smtpd_helo_required = yes # disable vrfy command disable_vrfy_command = yes smtpd_data_restrictions = reject_unauth_pipelining, permit
Make sure to reload postfix to ensure changes are read.
service postfix reload