1

Topic: iredmail as Backup MX

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
==== Hello,

i use Iredmail (latest version) with iRedadmin 1.4.0 Pro (MySQL) and i try to setup an backupMX for several Domains.

I haveInsert the Domain´s into iredadmin and then markt them as Backupmx in the table.

But when i send an mail to one of the marked Domains i become "Undelivered Mail Returned to Sender"....

What must i do to bekome the relaying for these Domain works......

here an Output of the Postconf:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 52428800
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = XXXXXXXXXXXXX
myhostname = xxxxxxxxxxxxxx
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = mx.ispsol.de
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777,, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/ispsolnet_bundle.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/ispsolnet_bundle.pem
smtpd_tls_key_file = /etc/pki/tls/private/ispsol.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iredmail as Backup MX

Steps to make this iRedMail as backup mx of several domains:

1: Create new mail domains with iRedAdmin. Of course they must be the same as domain names on primary server. e.g. example.com.

2: Update MySQL table "vmail.domain" manually, mark these newly created domains as backup mx. For example:

$ mysql -uroot -p
mysql> USE vmail;
mysql> UPDATE domain SET backupmx=1 WHERE domain='example.com';

As you can see in Postfix main.cf, we have this parameter:

relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf

It will return 'example.com' as backup mx. You can verify it with below command:

# postmap -q 'example.com' mysql:/etc/postfix/mysql/relay_domains.cf
example.com           # <- This is what it returns

if you get the same output, then this backup mx should work as expected.

That's all.

3

Re: iredmail as Backup MX

Hello, i have made all this steps bevor...

Insert domain m**.de an Mark it as Backupmx..

postmap -q 'm**.de' mysql:/etc/postfix/mysql/relay_domains.cf
m**.de

When i send an email to an Testaccount directly from this Server i Become always:

This is the mail system at host mx.ispsol.de.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<mw@m**.de>: user unknown

Reporting-MTA: dns; mx.*****.de
X-Postfix-Queue-ID: 9AA1820C85D7
X-Postfix-Sender: rfc822; marco.wende@*****.net
Arrival-Date: Tue,  3 Jul 2012 09:39:52 +0200 (CEST)

Final-Recipient: rfc822; mw@m**.de
Original-Recipient: rfc822;mw@m**.de
Action: failed
Status: 5.1.1
Diagnostic-Code: x-unix; user unknown

Return-Path: <marco.wende@ispsol.net>
Received: from localhost (localhost [127.0.0.1])
    by mx.ispsol.de (Postfix) with ESMTP id 9AA1820C85D7
    for <mw@mke.de>; Tue,  3 Jul 2012 09:39:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=****.net; h=
    user-agent:message-id:subject:subject:to:from:from:date:date
    :content-transfer-encoding:content-type:content-type
    :mime-version; s=dkim; t=1341301192; x=1342165192; bh=VaVHexnamK
    UYRw3KwDJh9IEsowM/bfcVvdyofjGAZWk=; b=QMjFmqekO9P48jnDfKVNIW2hT4
    pSX3apNuhXvMLhto4UJEsw9Yj5WMNThEo+RAz4ihb3eQ1UIXaa2IQRHzYBEUEauy
    7duTFO5soGz8+BpP8hgpvHB3nsCJI2naf0j5Rl7n1jRGQI27pS8FLPL9LFEQn+kI
    czH65PzBrifUesOKQ=
X-Virus-Scanned: amavisd-new at mx.*****.de
Received: from mx.*****.de ([127.0.0.1])
    by localhost (mx.****.de [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id u4j+sYaCL732 for <mw@m**.de>;
    Tue,  3 Jul 2012 09:39:52 +0200 (CEST)
Received: from mx2.*****.net (localhost [127.0.0.1])
    by mx.****.de (Postfix) with ESMTPA id 2294020C85D5
    for <mw@mke.de>; Tue,  3 Jul 2012 09:39:50 +0200 (CEST)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 03 Jul 2012 09:39:50 +0200
From: Marco Wende <marco.wende@***.net>
To: <mw@m**.de>
Subject: Test
Message-ID: <4eb5691b1e5cce082b949994d4934b26@ispsol.net>
X-Sender: marco.wende@****.net
User-Agent: RoundCube WebMail

Testnachricht

4

Re: iredmail as Backup MX

Does this iRedMail server has lower priority in your DNS setting? Backup MX will contact primary server and push all emails to primary servers.

5 (edited by marco.wende 2012-07-04 15:21:23)

Re: iredmail as Backup MX

yes...

m++.de  mail exchanger = 10 mail.+++++.de.
m++.de  mail exchanger = 100 mx2.+++++.net.

I try it bevor with another domain and the result was that my customer looses severals mails whlie the iredmail-Server said, that the email-Adress are not exist.

6

Re: iredmail as Backup MX

So sorry about this trouble.

Could you please show me output of below commands? Replace domain 'xxx.de' and user 'user@xxx.de' by the real domain name and email address.

# cd /etc/postfix/mysql/
# for cf in $(ls *.cf); do echo $cf; postmap -q 'xxx.de' mysql:./$cf; done
# for cf in $(ls *.cf); do echo $cf; postmap -q 'user@xxx.de' mysql:./$cf; done

7

Re: iredmail as Backup MX

Here the output:

[root@m** mysql]# for cf in $(ls *.cf); do echo $cf; postmap -q 'm++.de' mysql:./$cf; done
catchall_maps.cf
domain_alias_catchall_maps.cf
domain_alias_maps.cf
recipient_bcc_maps_domain.cf
recipient_bcc_maps_user.cf
relay_domains.cf
m**.de
sender_bcc_maps_domain.cf
sender_bcc_maps_user.cf
sender_login_maps.cf
transport_maps_domain.cf
dovecot
transport_maps_user.cf
virtual_alias_maps.cf
virtual_mailbox_domains.cf
virtual_mailbox_maps.cf

[root@m** mysql]# for cf in $(ls *.cf); do echo $cf; postmap -q 'user@m**.de' mysql:./$cf; done
catchall_maps.cf
domain_alias_catchall_maps.cf
domain_alias_maps.cf
recipient_bcc_maps_domain.cf
recipient_bcc_maps_user.cf
relay_domains.cf
sender_bcc_maps_domain.cf
sender_bcc_maps_user.cf
sender_login_maps.cf
transport_maps_domain.cf
transport_maps_user.cf
virtual_alias_maps.cf
virtual_mailbox_domains.cf
virtual_mailbox_maps.cf

8

Re: iredmail as Backup MX

marco.wende wrote:

When i send an email to an Testaccount directly from this Server i Become always:

Sent to the backup mx domain on iRedMail server?

marco.wende wrote:

Reporting-MTA: dns; mx.*****.de
X-Postfix-Queue-ID: 9AA1820C85D7
X-Postfix-Sender: rfc822; marco.wende@*****.net

Postfix tried to connect to mx.****.de, is this DNS entry correct?
Does this iRedMail server (backup mx of domain m**.de) have correct DNS setting? e.g. lower priority to be backup MX.

9

Re: iredmail as Backup MX

You have below setting in Postfix:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, ...

Does it work if you add 'permit_mx_backup' in smtpd_recipient_restrictions like below:

smtpd_recipient_restrictions = ..., permit_mx_backup, reject_unlisted_recipient, ...