So far, our main focus has been onPostfixThe role played at the end of the delivery path. That's it.
That is, emails sent to the postfix server are mainly delivered to the local system. However, postfix also plays a role
Another role-a repeater located in a postal path.
Backup Switch
In DNS terminology, MX represents mail exchanger. An MX record represents the owner of a domain that receives external emails.
And the priority of the host. The same domain can have several MX records at the same time, with the highest priority Host Name
The master switch. Other hosts are called backup switches. The standby switch task is performed when the active switch is offline.
Receive external emails from this domain. When the priority is higher than that of other backup switches or primary switches
The received email must be sent to the master switch for processing.
To the final destination. Assume that you do not have to specify how to send messages to the master switch when using the backup switch, because
Postfix can identify from DNS how to transfer to the master switch. However, the premise is that you must let the postfix know
Which domain is used as a backup switch. What is the standby switch for your postfix system domains and those domains?
The name must be listed in the relay_domains parameter. When the sender's MTA finds that the master switch of the email receiving domain is out
Line, it will try to contact the switch with a higher priority until a backup switch can receive the mail address
. If your postfix system is a backup switch for a domain and the domain is listed in
In the relay_domains parameter, the postfix receives the email from the domain and queues it. At intervals
The postfix will scan its queue and check whether there is a higher priority email exchanger to restore the connection.
, Then hand over the previously received proxy mail.
If the mail cannot be handed over, the postfix will continue to try until the waiting time of the mail in the queue exceeds
The time limit specified by maximal_queue_lifetime. The default value of this parameter is five days.
If the waiting time in the queue exceeds the upper limit, the postfix will send a bounce notification to the sender. If you know
The downtime of the changer exceeds five days, which can be appropriately increased.
Forwarding list
Postfix: you can know your backup switch role from the relay_domains parameter and the DNS system, but how does it know
Which of the following are valid recipients of a channel-based domain? If the standby switch does not know in advance what is valid for the primary Switch
Email, which is bound to be forced to blindly accept all emails and will not be found until the master switch recovers the connection.
Unable to deliver and return to the original sender. Therefore, we strongly recommend that you set a list in the backup switch to record
It accepts Valid users of the domain and regularly updates the domain with the primary switch.
When the postfix server on the backup switch receives an email sent to the domain listed in relay_domains, it checks
Query the query table specified by the relay_recipient_maps parameter to determine whether the email should be accepted.
Directly reject the request. The relay_recipient_maps parameter is set as follows:
Relay_recipient_maps = hash:/etc/postfix/relay_recipients
The relay_recipients query table should record the email addresses of all valid recipients. Postfix only needs
Index key, so the corresponding value can be filled in at Will (but cannot be left blank)
For domains with frequent personnel changes, we recommend that you develop a synchronization program using rsync, ssh,
Crond and other tools automatically download the latest list from the master switch.
If the postfix of the backup switch does not filter the recipient address of the forwarding domain, what will happen? The answer is alternate exchange.
Will receive a lot of spam that cannot be delivered, and generate a lot of bounce notifications that cannot be sent out. Because fabricated
Recipients are one of the common means for spam senders. They do not know which users are involved in your email exchanges.
Is a commonly used name to fabricate the recipient address, trying to bypass. In addition, spam cannot provide
A valid return address.
If the backup switch and the master switch are in the same LAN, in addition to using rsync, scp, ssh, crond, and so on
In addition to tools, it is better to update the List synchronously. For example, store a user account in
In a database, such as mysql and ldap, The postfix can be queried in real time.
After you set relay_recipient_maps, you must also face a potential problem.
All valid email addresses of the domain name are included in the query table, because the postfix will reject any recipient address
Query table emails. If you do not know the valid email addresses of some domains, you can set an unlimited number for these domains.
Alias address;
Quick Clear
For the networks that handle emails for many domains, it is often difficult for their customers to send emails immediately.
The server does not always have to be connected. When the customer is offline, the ISP can only temporarily store the received emails in the queue.
When the customer's server recovers the connection, use the smtp etrn command to clear all
Email;
When the primary switch of a domain restores the connection and completes the email receiving preparation, a large number of requests to be sent to the queue have been hooiled in our queue.
Emails from this domain will consume a lot of time for the postfix to check the domain names of each queue file one by one.
. Therefore, postfix provides a function called fast flush, which can be used in the queue
Find all emails sent to a specific domain. The quick clearing function is managed by the flush daemon control.
For each email receiving domain represented by the postfix, flush prepares a list of emails for the domain in the queue.
. In this way, after the ETRN command is issued, postfix can quickly find all the emails to be delivered to the domain.
.
By default, flush only manages the domains listed in relay_domains. If there are other domains that need to be quickly cleared
Empty service, you can put their domain names in the fast_flush_domains parameter, like this:
Fast_flush_domains = $ relay_domains, example.com
In this example, example.com is a domain not listed in relay_domains.
You can use the postqueue-s command to notify postfix that a specific domain is ready to receive the previous
Accumulated Emails:
Postqueue-s example.com
Transfer table
When you want to change the default mail flow, you can use the transport map to fulfill your wish. That is
If you want postfix to process emails for a specific domain in the way you specify, regardless of whether the dns mx record is
You can write the domain and transfer method in the first or second transmission table, and then specify the transport_maps parameter.
The number points to this transfer table.
This section discusses the basic usage of the transport_maps parameter. The subsequent chapters will discuss the application of this parameter in other aspects.
. The transport_maps parameter can point to one or more transmission tables, for example:
Transport_maps = hash:/etc/postfix/transport
The index key of the transfer table can be a complete email address, domain name, or subnet domain name. When receiving address or network domain name
When the index key matches the index key of a record in the transfer table, the mail is shipped using the transport method specified by the corresponding value of the record.
.
Transfer table content
Example.com smtp: [192.168.23.56]: 20025
Oreilly.com relay: [gateway.oreilly.com]
Oreillynet.com smtp
Ora.com maildrop
Kdent@ora.com error: no mail accepted for kdent
The format of the values corresponding to the table varies with the transmission method, but generally conforms to the format of transport: nexthop
. Nexthop of some transmission methods can be expressed as host: port, indicating the next stop host name and
Communication Port. The following describes three elements that can constitute the corresponding value:
Transport
The name of the transfer method. This name must be one of the transmission types defined by master. cf. If you add
The name and transmission type must be defined in master. cf.
Host
Email receiving host or domain. The host can only be used with the inet transmission type (smtp or lmtp ). Postfix
Host: first query the mx record to determine the location of the email. If there is no mx record
To the IP address specified by the record. If you place the host name in a pair of square brackets, the postfix will directly send a message
The IP address specified by the record of the host. However, if you use an IP address directly, you must add square brackets, such
[192.168.23.56 〕
Port
The communication port of the email receiving host. Generally, only the inet Transmission Service specifies the communication port. Port
The format can be a decimal number or a service name defined in the/etc/services file.
The content of the transfer table listed in the preceding example. The possible combinations of transport: host: port are provided.
Below:
Example.com smtp: [192.168.23.56]: 20025
Accept all emails sent to example.com, and send them to
Host 192.168.23.56, and smtp MDA must be connected to port 20025 of the host, rather than the default
Smtp port25. Please note that we have used the IP address directly, so square brackets must be added.
Oreilly.com relay: [gateway.oreilly.com 〕
Accept all emails to be sent to oreilly.com, and then use relay MDA to forward
Gateway.oreilly.com host. Because no communication port is specified, relay uses the default port25. Because
The host name is placed in square brackets, so the email is directly sent to the ip address indicated by A record of gateway.oreilly.com.
Address, not the IP address specified by the mx record.
The relay MDA was introduced only after postfix2.0, which corrected the potential performance caused by the queue scheduling algorithm.
Bottleneck. When you want to send incoming mail to the internal system, you should directly use relay MDA to avoid such emails and
Competing resources for outbound mail.
Oreillynet.com smtp
Accept all emails destined for the oreillynet.com domain, and send them to smtp MDA for shipping.
. Because host: port is not specified, smtp is determined based on the dns mx or A record of the oreillynet.com domain.
Set the destination and use port 25 to contact the receiving server. In fact, this example is redundant because
The oreillynet.com column is in the relay_hosts or relay_domains parameter to achieve the same effect.
Ora.com maildrop
Accept all emails sent to the ora.com domain and send them to maildrop for processing. Operator of maildrop
Type must be clearly defined in master. cf. Because maildrop does not require inet socket, you do not need to specify
Host: port.
Kdent@ora.com error: No mail accepted for kdent
Error is a special transmission service. Its only function is to reject emails on the spot. Character After colon
The string is the error message returned to the sender.
The transfer table is not necessarily used to send emails to the outside world. It can also be used to send specific emails to the local system for convenience.
Special processing. For example, filter the email content and temporarily hold all emails in a domain.