[Postfixbuch-users] Postfix lauscht nicht auf Postmulti-Instanz

Steffen Hartwig postfix at sthartwig.de
So Jun 12 23:09:54 CEST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo,

ich wünsche euch einen schönen Feiertag.

Ich dachte, ich nutze das lange Wochenende, an meinem Postfix mit
Postmulti zu arbeiten, folgendes habe ich vor:

Eine extra Domain, hier example.org, soll über eine extra IP
(192.168.10.10) mit SSL-Zertifikat ausgestattet werden. Nur lauscht der
Postfix nicht auf der extra IP :-(. Problem dabei ist, dass mein
Root-Server bei Hetzner steht und das alle IP's über eine Netzwerkkarte
gehen. Die Hauptinstanz horscht wunderbar auf der Haupt-IP 192.168.0.10.

Wenn ich in den Postmulti-Instanzen jeweils inet_interfaces =
192.168.0.10 bzw. inet_interfaces = 192.168.10.10 eintrage, lauscht
Postfix nur auf der ersten Instanz.

#postconf -n der Hauptinstanz, example.com, 192.168.0.10

alias_database = hash:/etc/aliases
alias_maps = hash:/var/lib/mailman/data/aliases, hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = 127.0.0.1 192.168.0.10
inet_protocols = all
mailbox_size_limit = 0
message_size_limit = 115343360
multi_instance_directories = /etc/postfix-dhg
multi_instance_enable = yes
multi_instance_wrapper = ${command_directory}/postmulti -p --
mydestination = example.com, localhost.example.com, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.1/32 [::ffff:127.0.0.1]/128 [::1]/128
myorigin = /etc/mailname
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhost
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_relayhost_auth
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain,reject_rbl_client ix.dnsbl.manitu.net,
check_client_access hash:/etc/postfix/access_client, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_access,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.org.crt
smtpd_tls_key_file = /etc/ssl/private/mail.example.org.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_transport = dovecot
virtual_uid_maps = static:5000



#postconf -n der Nebeninstanz, example.org, 192.168.10.10

alias_database = hash:/etc/aliases
alias_maps = hash:/var/lib/mailman/data/aliases, hash:/etc/aliases
append_dot_mydomain = no
authorized_submit_users =
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix-dhg
content_filter = amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix-dhg
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = 192.168.10.10
inet_protocols = all
mailbox_size_limit = 0
master_service_disable = inet
message_size_limit = 115343360
multi_instance_enable = yes
multi_instance_name = postfix-dhg
mydestination = example.org
myhostname = mail.useworld.net
mynetworks = 127.0.0.1/32 [::ffff:127.0.0.1]/128 [::1]/128
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix-dhg
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain,reject_rbl_client ix.dnsbl.manitu.net,
permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.org.crt
smtpd_tls_key_file = /etc/ssl/private/mail.example.org.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_transport = dovecot

# netstat -tulpen | grep master
tcp        0      0 192.168.0.10:465       0.0.0.0:*
LISTEN      0          3481064     19244/master
tcp        0      0 127.0.0.1:465           0.0.0.0:*
LISTEN      0          3481061     19244/master
tcp        0      0 192.168.0.10:25        0.0.0.0:*
LISTEN      0          3481042     19244/master
tcp        0      0 127.0.0.1:25            0.0.0.0:*
LISTEN      0          3481040     19244/master
tcp        0      0 127.0.0.1:10025         0.0.0.0:*
LISTEN      0          3481187     19244/master
tcp        0      0 192.168.0.10:587       0.0.0.0:*
LISTEN      0          3481052     19244/master
tcp        0      0 127.0.0.1:587           0.0.0.0:*
LISTEN      0          3481050     19244/master


Laut Postmulti läuft auch die Nebeninstanz:
# /etc/postfix# postmulti -l -a
- -               -               y         /etc/postfix
postfix-dhg     -               y         /etc/postfix-dhg

Dovecot läuft schon auf der extra IP:
# netstat -tulpen | grep dovecot
tcp        0      0 192.168.10.10:143       0.0.0.0:*
LISTEN      0          3343063     3981/dovecot
tcp        0      0 192.168.0.10:143       0.0.0.0:*
LISTEN      0          3341995     3782/dovecot
tcp        0      0 192.168.10.10:4190      0.0.0.0:*
LISTEN      0          3343065     3981/dovecot
tcp        0      0 192.168.0.10:4190      0.0.0.0:*
LISTEN      0          3341997     3782/dovecot
tcp        0      0 192.168.10.10:993       0.0.0.0:*
LISTEN      0          3343064     3981/dovecot
tcp        0      0 192.168.0.10:993       0.0.0.0:*
LISTEN      0          3341996     3782/dovecot


System ist ein Debian Squeeze, 64 bit, Hauptinstanz läuft als
Multi-Domain-System mit MySQL-Backend und Dovecot.

Könnt Ihr mir bitte einen Schubs in die richtige Richtung geben? Muss
ich ggfs. die Hauptinstanz in einer extra Nebeninstanz packen, so dass
die Hauptinstanz nur auf die beiden verweist? Wenn ich in der
Hauptinstanz master_service_disable=inet eintragen, dann horcht Postfix
auf keiner IP.

Vielen Dank im Voraus.

- -- 
Mit freundlichen Grüßen

Steffen Hartwig
Fachinformatiker Systemintegration
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk31KyAACgkQsPhQ8SIC9Fh88gCg0JqnF/6BpObBEZM8qSMT4AHk
HxQAoNjmQPNGXAdf6+CisJztz5GWYK5y
=XBi6
-----END PGP SIGNATURE-----

Mehr Informationen über die Mailingliste Postfixbuch-users