[Postfixbuch-users] Postfix lauscht nicht auf Postmulti-Instanz
Steffen Hartwig
postfix at sthartwig.de
Mo Jun 20 12:11:50 CEST 2011
Hallo,
da meine Tests mit Postmulti immer noch erfolglos sind, kennt daher
jemand eine Variante, wie ich Postfix auf unterschiedliche IP's und
daher unterschiedliche SMTP-SSL-Zertifikate betreiben kann.
Multidomain-Zertifikat geht leider nicht, da diese der Budget nicht hergibt.
Vielen Dank für eure Anregungen.
Grüße
Steffen
Am 12.06.2011 23:09, schrieb Steffen Hartwig:
> Hallo,
>
> ich wünsche euch einen schönen Feiertag.
>
> Ich dachte, ich nutze das lange Wochenende, an meinem Postfix mit
> Postmulti zu arbeiten, folgendes habe ich vor:
>
> Eine extra Domain, hier example.org, soll über eine extra IP
> (192.168.10.10) mit SSL-Zertifikat ausgestattet werden. Nur lauscht der
> Postfix nicht auf der extra IP :-(. Problem dabei ist, dass mein
> Root-Server bei Hetzner steht und das alle IP's über eine Netzwerkkarte
> gehen. Die Hauptinstanz horscht wunderbar auf der Haupt-IP 192.168.0.10.
>
> Wenn ich in den Postmulti-Instanzen jeweils inet_interfaces =
> 192.168.0.10 bzw. inet_interfaces = 192.168.10.10 eintrage, lauscht
> Postfix nur auf der ersten Instanz.
>
> #postconf -n der Hauptinstanz, example.com, 192.168.0.10
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/var/lib/mailman/data/aliases, hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> body_checks = pcre:/etc/postfix/body_checks
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> content_filter = amavis:[127.0.0.1]:10024
> disable_vrfy_command = yes
> header_checks = pcre:/etc/postfix/header_checks
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = 127.0.0.1 192.168.0.10
> inet_protocols = all
> mailbox_size_limit = 0
> message_size_limit = 115343360
> multi_instance_directories = /etc/postfix-dhg
> multi_instance_enable = yes
> multi_instance_wrapper = ${command_directory}/postmulti -p --
> mydestination = example.com, localhost.example.com, localhost
> myhostname = mail.example.com
> mynetworks = 127.0.0.1/32 [::ffff:127.0.0.1]/128 [::1]/128
> myorigin = /etc/mailname
> owner_request_special = no
> proxy_read_maps = $local_recipient_maps $mydestination
> $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
> $virtual_mailbox_domains $relay_recipient_maps $relay_domains
> $canonical_maps $sender_canonical_maps $recipient_canonical_maps
> $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
> readme_directory = /usr/share/doc/postfix
> receive_override_options = no_address_mappings
> recipient_delimiter = +
> relayhost =
> sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhost
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/smtp_relayhost_auth
> smtp_sasl_security_options = noanonymous
> smtp_sender_dependent_authentication = yes
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_client_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_invalid_hostname, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain,reject_rbl_client ix.dnsbl.manitu.net,
> check_client_access hash:/etc/postfix/access_client, permit
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> check_sender_access hash:/etc/postfix/sender_access,permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /etc/ssl/certs/mail.example.org.crt
> smtpd_tls_key_file = /etc/ssl/private/mail.example.org.key
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
> virtual_alias_domains =
> virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
> proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
> mysql:/etc/postfix/mysql-virtual_email2email.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
> virtual_mailbox_maps =
> proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,
> hash:/var/lib/mailman/data/virtual-mailman
> virtual_transport = dovecot
> virtual_uid_maps = static:5000
>
>
>
> #postconf -n der Nebeninstanz, example.org, 192.168.10.10
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/var/lib/mailman/data/aliases, hash:/etc/aliases
> append_dot_mydomain = no
> authorized_submit_users =
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix-dhg
> content_filter = amavis:[127.0.0.1]:10024
> data_directory = /var/lib/postfix-dhg
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = 192.168.10.10
> inet_protocols = all
> mailbox_size_limit = 0
> master_service_disable = inet
> message_size_limit = 115343360
> multi_instance_enable = yes
> multi_instance_name = postfix-dhg
> mydestination = example.org
> myhostname = mail.useworld.net
> mynetworks = 127.0.0.1/32 [::ffff:127.0.0.1]/128 [::1]/128
> owner_request_special = no
> proxy_read_maps = $local_recipient_maps $mydestination
> $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
> $virtual_mailbox_domains $relay_recipient_maps $relay_domains
> $canonical_maps $sender_canonical_maps $recipient_canonical_maps
> $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
> queue_directory = /var/spool/postfix-dhg
> readme_directory = /usr/share/doc/postfix
> receive_override_options = no_address_mappings
> recipient_delimiter = +
> relayhost =
> smtp_sasl_auth_enable = yes
> smtp_sasl_security_options = noanonymous
> smtp_sender_dependent_authentication = yes
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_client_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_invalid_hostname, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain,reject_rbl_client ix.dnsbl.manitu.net,
> permit
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /etc/ssl/certs/mail.example.org.crt
> smtpd_tls_key_file = /etc/ssl/private/mail.example.org.key
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains =
> virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
> proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
> mysql:/etc/postfix/mysql-virtual_email2email.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_maps =
> proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,
> hash:/var/lib/mailman/data/virtual-mailman
> virtual_transport = dovecot
>
> # netstat -tulpen | grep master
> tcp 0 0 192.168.0.10:465 0.0.0.0:*
> LISTEN 0 3481064 19244/master
> tcp 0 0 127.0.0.1:465 0.0.0.0:*
> LISTEN 0 3481061 19244/master
> tcp 0 0 192.168.0.10:25 0.0.0.0:*
> LISTEN 0 3481042 19244/master
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN 0 3481040 19244/master
> tcp 0 0 127.0.0.1:10025 0.0.0.0:*
> LISTEN 0 3481187 19244/master
> tcp 0 0 192.168.0.10:587 0.0.0.0:*
> LISTEN 0 3481052 19244/master
> tcp 0 0 127.0.0.1:587 0.0.0.0:*
> LISTEN 0 3481050 19244/master
>
>
> Laut Postmulti läuft auch die Nebeninstanz:
> # /etc/postfix# postmulti -l -a
> - - y /etc/postfix
> postfix-dhg - y /etc/postfix-dhg
>
> Dovecot läuft schon auf der extra IP:
> # netstat -tulpen | grep dovecot
> tcp 0 0 192.168.10.10:143 0.0.0.0:*
> LISTEN 0 3343063 3981/dovecot
> tcp 0 0 192.168.0.10:143 0.0.0.0:*
> LISTEN 0 3341995 3782/dovecot
> tcp 0 0 192.168.10.10:4190 0.0.0.0:*
> LISTEN 0 3343065 3981/dovecot
> tcp 0 0 192.168.0.10:4190 0.0.0.0:*
> LISTEN 0 3341997 3782/dovecot
> tcp 0 0 192.168.10.10:993 0.0.0.0:*
> LISTEN 0 3343064 3981/dovecot
> tcp 0 0 192.168.0.10:993 0.0.0.0:*
> LISTEN 0 3341996 3782/dovecot
>
>
> System ist ein Debian Squeeze, 64 bit, Hauptinstanz läuft als
> Multi-Domain-System mit MySQL-Backend und Dovecot.
>
> Könnt Ihr mir bitte einen Schubs in die richtige Richtung geben? Muss
> ich ggfs. die Hauptinstanz in einer extra Nebeninstanz packen, so dass
> die Hauptinstanz nur auf die beiden verweist? Wenn ich in der
> Hauptinstanz master_service_disable=inet eintragen, dann horcht Postfix
> auf keiner IP.
>
> Vielen Dank im Voraus.
>
--
Mit freundlichen Grüßen
Steffen Hartwig
Fachinformatiker Systemintegration
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 262 bytes
Beschreibung: OpenPGP digital signature
URL : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20110620/9b2dc430/attachment.asc>
Mehr Informationen über die Mailingliste Postfixbuch-users