Part 2 – Backup MX with MySQL (and ISPConfig) 1

Secondary MX servers are a source of accept-then-bounce spam when they don’t reject mail with “recipient unknown”, and when they don’t enforce the same anti-spam policy as the primary MX. Such servers may eventually become blacklisted. That´s the reason why I share the mysql-database between the primary and secondary MX in Backup MX with MySQL (and ISPConfig).

The next step is to configure postscreen and amavis identical on both servers.

For postscreen see the post use postscreen to figth spam, and make the changes on the backup MX, too.

Configure amavis on the secondary MX and make some changes to postfix:

/etc/postfix/main.cf:

content_filter = amavis:[127.0.0.1]:10024

/etc/postfix/master.cf:

amavis unix - - - - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

127.0.0.1:10027 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

After restarting Postfix mails send to the secondary MX are now scanned with the same settings as on the primary MX. We can now disable the mail-scan on the primary MX when they where received from the secondary MX.

Add the IP of the secondary (213.165.80.159) to the amavis-settings in postfix´s master.cf by overwriting mynetworks:

127.0.0.1:10025 inet n - - - - smtpd
[...]
    -o mynetworks=127.0.0.0/8,213.165.80.159
[...]

127.0.0.1:10027 inet n - - - - smtpd
[...]
    -o mynetworks=127.0.0.0/8,213.165.80.159
[...]

And add the IP to mynetworks in amavis, too:

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
         10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
         213.165.80.159 );

Leave a comment

Your email address will not be published. Required fields are marked *

One thought on “Part 2 – Backup MX with MySQL (and ISPConfig)