# (solved) Postfix Relay

## Crispy Beef

Hi All,

I currently have a Gentoo mail server (virtual setup) that is running just great, mail is delivered locally to virtual users but I have had a request if I can relay the mail for three domains to another - external - mail server.  The question is how to do this securely without becoming an open relay?

I've done some reading and from what I can tell I need to put the domains to relay mail for in the postfix relay_domains config parameter but I'm not sure where to put the target server IP/host and how it relates to those specific domains?  It looks like it has something to do with the relay_transport and/or relayhosts but I'm not sure as the postfix docs aren't as clear as they could be...at least for a relative mail server noob.

Could anybody let me know if I'm on the right track with this and how to finish off the setup.

Thanks.

----------

## vad3r

Hi,

i run a similar setup. Here are the relevant parts of my config:

/etc/postfix/main.cf

```
relay_domains = remotedomain.com

relay_recipient_maps = proxy:ldap:/etc/postfix/ldap/relay_recipients.cf

```

/etc/postfix/transport

```
remotedomain.com        smtp:[mailgw.remotedomain.com]
```

This should be sufficient for your request.

----------

## magic919

Maybe we could use a bit more info.

Are you planning to be the server shown in the MX record for, say, example.com?  If so, you can take mail (but I'd recommend some kind of checking for valid recipients) and then process and use a dedicated transport in Postfix to forward to their otherwise unknown mail servers.

----------

## Crispy Beef

Thanks for the response guys, here's some more details.

My mail server is being listed as the main MX for the three external domains.  The three domains are located on a MS Exchange server at a clients company on their network.  They requested that I be the main MX and relay mail onto them.  However I do not want to create backscatter if I can avoid it, so it would seem I'd need to tell postfix the domains that will relay to the client, the hostname of the Exchange server and have some kind of recipient map so unknown recipients will be dropped at my server and not bother the resources on the clients network and server.

Currently my machine is setup to deliver mail locally only to virtual mailboxes.  I use MySQL to store various information; user table, domains allowed, networks allowed, virtaul alias maps etc.

Ideally I'd like to add the info for external mail relaying into a new MySQL table but as I can do that at a later date once I understand the basics of relaying with postifx.

Hope that clears a few things up.

----------

## vad3r

Apart from the fact that i use LDAP as "database" you could use the config i passed earlier. Afaik you can store all the required information to MySQL. As magic919 wrote you should check the incoming mails for a valid recipient. I don't know how to export the user data from exchange but it should be possible.

----------

## Crispy Beef

Bit of an update, have just talked to the client and they say they don't care about backscatter and just need everything to their domains relayed even if the recipient doesn't exist, they say they are happy for their MS Exchange server to deal with the NDRs.

Not ideal but there we go; so all I need to do is tell postfix to shuffle all mail for those domains to their host.

----------

## Crispy Beef

 *vad3r wrote:*   

> Apart from the fact that i use LDAP as "database" you could use the config i passed earlier. Afaik you can store all the required information to MySQL. As magic919 wrote you should check the incoming mails for a valid recipient. I don't know how to export the user data from exchange but it should be possible.

 

Do I just put the external domains in the relay_domains parameter? What schema do you have for the recipient_maps database?

----------

## vad3r

All domains you add to the relay_domains parameter are forwarded because Postfix considers itself NOT to be the final destination for these mails. I thought you will forward all mails to the client no matter if the user exists or not. I can post you a ldap entry and the configuration if you want.

----------

## Crispy Beef

 *vad3r wrote:*   

> All domains you add to the relay_domains parameter are forwarded because Postfix considers itself NOT to be the final destination for these mails. I thought you will forward all mails to the client no matter if the user exists or not. I can post you a ldap entry and the configuration if you want.

 

Hi, yes that's correct, just wanted to be sure.  I've now set this up as suggested and am testing it out.  I've also partially convinced the client to let me implement a recipient map...I've found a nice Perl script that will grab recipients from their Exchange server, fingers crossed on that though!

----------

## vad3r

Please add "(SOLVED)" to the subject if all your questions are answered

----------

## Crispy Beef

Not quite there yet.  :Smile: 

I'm getting a bounced message saying:

```
mail for example.com loops back to myself
```

My mail server is listed as the primary mail exchanger for the domain so that's fine, when I created the transport file I then imported this to postfix with the postmap command as follows:

```
postmap /etc/postfix/transport
```

That didn't complain, to be sure I restarted postfix and still getting the bounced mail and error in the log files.

----------

## vad3r

If you have MX troube use brackets in the transport table. By using them you ensure that the mail will be sent to the server even if another server is the "official" MX for the domain. See my first post...

----------

## Crispy Beef

 *vad3r wrote:*   

> If you have MX troube use brackets in the transport table. By using them you ensure that the mail will be sent to the server even if another server is the "official" MX for the domain. See my first post...

 

Yup, I have this:

/etc/postfix/transport

```
example.com      smtp:[IP Address]:25
```

----------

## vad3r

This should work then. Just make sure that your client configured their exchange servers properly. They must accept the mail and act as final destination. Which server sends the bounce? Is it the exchange server or your box?

----------

## Crispy Beef

Ha!  Got it working, found that I hadn't uncommented the config line which points to the newly created transport_maps hash file.

Thanks for the help guys.

----------

## vad3r

It was a pleasure to help you   :Very Happy: 

----------

