Anyone who operates a Backup MX should, ensure that it´s configured identical to the actual terms of the accepted messages on the normal MX. Otherwise, the backup MX could for example accept an email for does_not_exists@domain.com that the actual MX will not accept.
Since I use ISPConfig, all relevant data for the mail server are stored in a MySQL database. In what way the database is kept on the backup server does not matter. I use a simple MySQL master-slave replication. The described setup works well with other systems, as long as the data is stored in a database. Only the appropriate files for the MySQL access may need to be adjusted. I take this from the mail server, and update only to the MySQL user and password. While this can also be solved differently (i.e. so), I find the solution through a database better, since so changes are available ad hoc.
To make it easier I will call the mail server Cicero and the Backup-MX (nomen est omen) Tiro.
The mail server (Cicero) does not accept any mail, but only for my own domains and the matching addresses. Tiro must therefore be able to access the same data in order to identify the recipient as lawful. Since the data are stored in a database, it can be realized easily. You have to adjust only individual sql files.
Cicero is by ISPConfig configured to the requests made by postfix by MySQL. Due to the replication of the database is also available on Tiro. What is missing on Tiro is an appropriate MySQL user who has the appropriate rights to the database.
CREATE USER 'backup-mx'@'localhost' IDENTIFIED BY 'TOPSECRET';
GRANT SELECT ON dbispconfig.* TO 'backup-mx'@'localhost';
Postfix should forward the e-mails only, so that the main.cf is short:
myhostname = tiro.schaal-24.de
mydomain = schaal-24.de
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname
smtpd_banner = $myhostname - MX Backup
biff = no
alias_maps =
relay_domains = mysql:/etc/postfix/mysql-virtual_domains.cf, $mydomain
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf, mysql:/etc/postfix/mysql-virtual_forwardings.cf,
mysql:/etc/postfix/mysql-virtual_email2email.cf
queue_run_delay = 200s
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
setgid_group = maildrop
queue_directory = /var/spool/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
relayhost =
mailbox_size_limit = 0
message_size_limit = 0
So that Postfix can access a MySQL database, we create a corresponding file (relay_domains und relay_recipient_maps), which contains the necessary information for the database access. I copied the files
/etc/postfix/mysql-virtual_domains.cf
/etc/postfix/mysql-virtual_mailboxes.cf
/etc/postfix/mysql-virtual_forwardings.cf
/etc/postfix/mysql-virtual_email2email.cf
from Cicero to tiro:/etc/postfix and adapted to the mysql user and password accordingly. (user = and password =).
Now you just need the proper entry in the DNS
schaal-24.de. 120 MX 10 mx.schaal-24.de.
schaal-24.de. 120 MX 20 cicero.schaal-24.de.
That’s it – if Cicero can not be reached, mails are sent to Tiro and then go from there to Cicero.
Hallo, vielen Dank für die Anleitung.
Ich vermute es fehlt noch der “relayhost = cicero.schaal-24.de” Eintrag? Oder wie weiß typo, wohin er die Mails weiterleiten soll?
While I think this is an excellent post, the content isn’t dated, nor are versions mentioned. This makes it impossible to tell how relevant this is. Is this ISPConfig 3?
You also don’t mention how postfix will access ISPConfig’s configuration database so it ‘knows’ which ISPConfig-controlled
This is for ispconfig3. For the access see the content in the mysql*-files