Postfix Email Forwarding details (1)

So far, our main focus has been onPostfixThe role played at the end of the delivery path. That's it.

That is, emails sent to the postfix server are mainly delivered to the local system. However, postfix also plays a role

Another role-a repeater located in a postal path.

Backup Switch

In DNS terminology, MX represents mail exchanger. An MX record represents the owner of a domain that receives external emails.

And the priority of the host. The same domain can have several MX records at the same time, with the highest priority Host Name

The master switch. Other hosts are called backup switches. The standby switch task is performed when the active switch is offline.

Receive external emails from this domain. When the priority is higher than that of other backup switches or primary switches

The received email must be sent to the master switch for processing.

To the final destination. Assume that you do not have to specify how to send messages to the master switch when using the backup switch, because

Postfix can identify from DNS how to transfer to the master switch. However, the premise is that you must let the postfix know

Which domain is used as a backup switch. What is the standby switch for your postfix system domains and those domains?

The name must be listed in the relay_domains parameter. When the sender's MTA finds that the master switch of the email receiving domain is out

Line, it will try to contact the switch with a higher priority until a backup switch can receive the mail address

. If your postfix system is a backup switch for a domain and the domain is listed in

In the relay_domains parameter, the postfix receives the email from the domain and queues it. At intervals

The postfix will scan its queue and check whether there is a higher priority email exchanger to restore the connection.

, Then hand over the previously received proxy mail.

If the mail cannot be handed over, the postfix will continue to try until the waiting time of the mail in the queue exceeds

The time limit specified by maximal_queue_lifetime. The default value of this parameter is five days.

If the waiting time in the queue exceeds the upper limit, the postfix will send a bounce notification to the sender. If you know

The downtime of the changer exceeds five days, which can be appropriately increased.

Forwarding list

Postfix: you can know your backup switch role from the relay_domains parameter and the DNS system, but how does it know

Which of the following are valid recipients of a channel-based domain? If the standby switch does not know in advance what is valid for the primary Switch

Email, which is bound to be forced to blindly accept all emails and will not be found until the master switch recovers the connection.

Unable to deliver and return to the original sender. Therefore, we strongly recommend that you set a list in the backup switch to record

It accepts Valid users of the domain and regularly updates the domain with the primary switch.

When the postfix server on the backup switch receives an email sent to the domain listed in relay_domains, it checks

Query the query table specified by the relay_recipient_maps parameter to determine whether the email should be accepted.

Directly reject the request. The relay_recipient_maps parameter is set as follows:

Relay_recipient_maps = hash:/etc/postfix/relay_recipients

The relay_recipients query table should record the email addresses of all valid recipients. Postfix only needs

Index key, so the corresponding value can be filled in at Will (but cannot be left blank)

For domains with frequent personnel changes, we recommend that you develop a synchronization program using rsync, ssh,

Crond and other tools automatically download the latest list from the master switch.

If the postfix of the backup switch does not filter the recipient address of the forwarding domain, what will happen? The answer is alternate exchange.

Will receive a lot of spam that cannot be delivered, and generate a lot of bounce notifications that cannot be sent out. Because fabricated

Recipients are one of the common means for spam senders. They do not know which users are involved in your email exchanges.

Is a commonly used name to fabricate the recipient address, trying to bypass. In addition, spam cannot provide

A valid return address.

If the backup switch and the master switch are in the same LAN, in addition to using rsync, scp, ssh, crond, and so on

In addition to tools, it is better to update the List synchronously. For example, store a user account in

In a database, such as mysql and ldap, The postfix can be queried in real time.

After you set relay_recipient_maps, you must also face a potential problem.

All valid email addresses of the domain name are included in the query table, because the postfix will reject any recipient address

Query table emails. If you do not know the valid email addresses of some domains, you can set an unlimited number for these domains.

Alias address;

Quick Clear

For the networks that handle emails for many domains, it is often difficult for their customers to send emails immediately.

The server does not always have to be connected. When the customer is offline, the ISP can only temporarily store the received emails in the queue.

When the customer's server recovers the connection, use the smtp etrn command to clear all

Email;

When the primary switch of a domain restores the connection and completes the email receiving preparation, a large number of requests to be sent to the queue have been hooiled in our queue.

Emails from this domain will consume a lot of time for the postfix to check the domain names of each queue file one by one.

. Therefore, postfix provides a function called fast flush, which can be used in the queue

Find all emails sent to a specific domain. The quick clearing function is managed by the flush daemon control.

For each email receiving domain represented by the postfix, flush prepares a list of emails for the domain in the queue.

. In this way, after the ETRN command is issued, postfix can quickly find all the emails to be delivered to the domain.

.

By default, flush only manages the domains listed in relay_domains. If there are other domains that need to be quickly cleared

Empty service, you can put their domain names in the fast_flush_domains parameter, like this:

Fast_flush_domains = $ relay_domains, example.com

In this example, example.com is a domain not listed in relay_domains.

You can use the postqueue-s command to notify postfix that a specific domain is ready to receive the previous

Accumulated Emails:

Postqueue-s example.com

Transfer table

When you want to change the default mail flow, you can use the transport map to fulfill your wish. That is

If you want postfix to process emails for a specific domain in the way you specify, regardless of whether the dns mx record is

You can write the domain and transfer method in the first or second transmission table, and then specify the transport_maps parameter.

The number points to this transfer table.

This section discusses the basic usage of the transport_maps parameter. The subsequent chapters will discuss the application of this parameter in other aspects.

. The transport_maps parameter can point to one or more transmission tables, for example:

Transport_maps = hash:/etc/postfix/transport

The index key of the transfer table can be a complete email address, domain name, or subnet domain name. When receiving address or network domain name

When the index key matches the index key of a record in the transfer table, the mail is shipped using the transport method specified by the corresponding value of the record.

.

Transfer table content

Example.com smtp: [192.168.23.56]: 20025

Oreilly.com relay: [gateway.oreilly.com]

Oreillynet.com smtp

Ora.com maildrop

Kdent@ora.com error: no mail accepted for kdent

The format of the values corresponding to the table varies with the transmission method, but generally conforms to the format of transport: nexthop

. Nexthop of some transmission methods can be expressed as host: port, indicating the next stop host name and

Communication Port. The following describes three elements that can constitute the corresponding value:

Transport

The name of the transfer method. This name must be one of the transmission types defined by master. cf. If you add

The name and transmission type must be defined in master. cf.

Host

Email receiving host or domain. The host can only be used with the inet transmission type (smtp or lmtp ). Postfix

Host: first query the mx record to determine the location of the email. If there is no mx record

To the IP address specified by the record. If you place the host name in a pair of square brackets, the postfix will directly send a message

The IP address specified by the record of the host. However, if you use an IP address directly, you must add square brackets, such

[192.168.23.56 〕

Port

The communication port of the email receiving host. Generally, only the inet Transmission Service specifies the communication port. Port

The format can be a decimal number or a service name defined in the/etc/services file.

The content of the transfer table listed in the preceding example. The possible combinations of transport: host: port are provided.

Below:

Example.com smtp: [192.168.23.56]: 20025

Accept all emails sent to example.com, and send them to

Host 192.168.23.56, and smtp MDA must be connected to port 20025 of the host, rather than the default

Smtp port25. Please note that we have used the IP address directly, so square brackets must be added.

Oreilly.com relay: [gateway.oreilly.com 〕

Accept all emails to be sent to oreilly.com, and then use relay MDA to forward

Gateway.oreilly.com host. Because no communication port is specified, relay uses the default port25. Because

The host name is placed in square brackets, so the email is directly sent to the ip address indicated by A record of gateway.oreilly.com.

Address, not the IP address specified by the mx record.

The relay MDA was introduced only after postfix2.0, which corrected the potential performance caused by the queue scheduling algorithm.

Bottleneck. When you want to send incoming mail to the internal system, you should directly use relay MDA to avoid such emails and

Competing resources for outbound mail.

Oreillynet.com smtp

Accept all emails destined for the oreillynet.com domain, and send them to smtp MDA for shipping.

. Because host: port is not specified, smtp is determined based on the dns mx or A record of the oreillynet.com domain.

Set the destination and use port 25 to contact the receiving server. In fact, this example is redundant because

The oreillynet.com column is in the relay_hosts or relay_domains parameter to achieve the same effect.

Ora.com maildrop

Accept all emails sent to the ora.com domain and send them to maildrop for processing. Operator of maildrop

Type must be clearly defined in master. cf. Because maildrop does not require inet socket, you do not need to specify

Host: port.

Kdent@ora.com error: No mail accepted for kdent

Error is a special transmission service. Its only function is to reject emails on the spot. Character After colon

The string is the error message returned to the sender.

The transfer table is not necessarily used to send emails to the outside world. It can also be used to send specific emails to the local system for convenience.

Special processing. For example, filter the email content and temporarily hold all emails in a domain.