Secondary MX using Yunohost

This document may evolve, since some parts of it are not crystal clear. I'm using my own DNS zone, so I can actually use an existing domain, but use it internally without collision with the actual domain.

There are 3 vm involved :

  • vm1 is running AlternC and hosts the domain hp.fr, with the DNS record alternc.hp.fr and has one registered email address: yay@hp.fr
  • vm2 is running YunoHost and has a DNS record mx2.hp.fr
  • vm3 is just running a postfix to send mail, and has DNS record oldalternc.hp.fr.

vm1 has IP : 192.168.1.70 vm2 has IP : 192.168.1.71 and vm3 IP 192.168.1.105

To achieve this, we have to tell yunohost's postfix to act as a relay for other domains. We will have to modify a bit the default yunohost configuration.

Add a relay_domains directive in postfix: relay_domains = ldap:/etc/postfix/ldap-relay-domains.cf Where ldap-relay-domains.cf is

server_host = localhost
server_port = 389
search_base = ou=domains,dc=yunohost,dc=org
query_filter = (&(objectClass=domainRelatedObject)(associatedDomain=%s))
result_attribute = associatedDomain

Then, create a ldif file to add the domain:

# cat new_domain.ldif
dn: ou=hp.fr,ou=domains,dc=yunohost,dc=org
objectClass: domainRelatedObject
objectClass: top
objectClass: organizationalUnit
associatedDomain: hp.fr
ou: hp.fr
# ldapadd -x -W -D "cn=admin,dc=yunohost,dc=org"  -f new_domain.ldif
adding new entry "ou=hp.fr,ou=domains,dc=yunohost,dc=org"

Notice that you can delete this entry using the following command:

# ldapdelete -v -W -D "cn=admin,dc=yunohost,dc=org"  'ou=hp.fr,ou=domains,dc=yunohost,dc=org'
deleting entry "ou=hp.fr,ou=domains,dc=yunohost,dc=org"

After restarting postfix, comes the validation phase:

I've stopped the postfix service from vm1 to force the fallback on vm2. Then I've sent an email from vm3 to yay@hp.fr

# date | mail -s 'test mx2' yay@hp.fr'
# tail /var/log/mail.log
Nov 25 01:48:32 alternc postfix/pickup[16353]: 674891723F7: uid=0 from=<root>
Nov 25 01:48:32 alternc postfix/cleanup[16414]: 674891723F7: message-id=<20141125004832.674891723F7@oldalternc.hp.fr>
Nov 25 01:48:32 alternc postfix/qmgr[11651]: 674891723F7: from=<root@oldalternc.hp.fr>, size=486, nrcpt=1 (queue active)
Nov 25 01:48:32 alternc postfix/smtp[16418]: connect to alternc.hp.fr[192.168.1.70]:25: Connection refused
Nov 25 01:48:32 alternc postfix/smtp[16418]: 674891723F7: to=<yay@hp.fr>, relay=mx2.hp.fr[192.168.1.71]:25, delay=0.37, delays=0.11/0/0.16/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A6A4C1A9E1F)
Nov 25 01:48:32 alternc postfix/qmgr[11651]: 674891723F7: removed

Notice that vm3 tried to connect to vm1 to deliver the mail, but because of the failure, it connected to vm2 (relay=mx2.hp.fr).

From vm2:

Nov 25 01:48:32 ynh postfix/smtpd[28506]: connect from unknown[192.168.1.105]
Nov 25 01:48:32 ynh postfix/smtpd[28506]: A6A4C1A9E1F: client=unknown[192.168.1.105]
Nov 25 01:48:32 ynh postfix/cleanup[28510]: A6A4C1A9E1F: message-id=<20141125004832.674891723F7@oldalternc.hp.fr>
Nov 25 01:48:32 ynh postfix/qmgr[28494]: A6A4C1A9E1F: from=<root@ynh.local>, size=616, nrcpt=1 (queue active)
Nov 25 01:48:32 ynh postfix/smtpd[28506]: disconnect from unknown[192.168.1.105]
Nov 25 01:48:33 ynh postfix/smtpd[28514]: connect from localhost[127.0.0.1]
Nov 25 01:48:33 ynh postfix/smtpd[28514]: 42CA71A9E22: client=localhost[127.0.0.1]
Nov 25 01:48:33 ynh postfix/cleanup[28510]: 42CA71A9E22: message-id=<20141125004832.674891723F7@oldalternc.hp.fr>
Nov 25 01:48:33 ynh postfix/qmgr[28494]: 42CA71A9E22: from=<root@ynh.local>, size=645, nrcpt=1 (queue active)
Nov 25 01:48:33 ynh postfix/smtpd[28514]: disconnect from localhost[127.0.0.1]
Nov 25 01:48:33 ynh postfix/smtp[28515]: connect to alternc.hp.fr[192.168.1.70]:25: Connection refused
Nov 25 01:48:33 ynh amavis[25926]: (25926-08) Passed CLEAN {RelayedOutbound}, LOCAL [192.168.1.105]:50587 <root@ynh.local> -> <yay@hp.fr>, Queue-ID: A6A4C1A9E1F, Message-ID: <20141125004832.674891723F7@oldalternc.hp.fr>, mail_id: kZ8w0g8R6f_4, Hits: 1.177, size: 296, queued_as: 42CA71A9E22, 633 ms
Nov 25 01:48:33 ynh postfix/smtp[28511]: A6A4C1A9E1F: to=<yay@hp.fr>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.74, delays=0.08/0.01/0.01/0.64, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 42CA71A9E22)
Nov 25 01:48:33 ynh postfix/qmgr[28494]: A6A4C1A9E1F: removed
Nov 25 01:48:33 ynh postfix/smtp[28515]: 42CA71A9E22: to=<yay@hp.fr>, relay=none, delay=0.13, delays=0.11/0.02/0/0, dsn=4.4.1, status=deferred (connect to alternc.hp.fr[192.168.1.70]:25: Connection refused)
^C
# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
42CA71A9E22      645 Tue Nov 25 01:48:33  root@ynh.local
               (connect to alternc.hp.fr[192.168.1.70]:25: Connection refused)
                                         yay@hp.fr

-- 1 Kbytes in 1 Request.

Because the connection was refused, the mail is deferred, and thus, is visible in the mailq. Now when I restart postfix on vm1, I can force the flush of the mailq on vm2 using postfix flush

vm2 # postfix flush
vm2 # mailq
Mail queue is empty
vm2 # tail /var/log/mail.log
Nov 25 01:56:48 ynh postfix/qmgr[28494]: 42CA71A9E22: from=<root@ynh.local>, size=645, nrcpt=1 (queue active)
Nov 25 01:56:48 ynh postfix/smtp[28531]: 42CA71A9E22: to=<yay@hp.fr>, relay=alternc.hp.fr[192.168.1.70]:25, delay=495, delays=495/0.04/0.25/0.27, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8E66618BE84)
Nov 25 01:56:48 ynh postfix/qmgr[28494]: 42CA71A9E22: removed

vm1 # grep 8E66618BE84 /var/log/mail.log
Nov 25 01:56:48 localhost postfix/smtpd[22530]: 8E66618BE84: client=unknown[192.168.1.71]
Nov 25 01:56:48 localhost postfix/cleanup[22537]: 8E66618BE84: message-id=<20141125004832.674891723F7@oldalternc.hp.fr>
Nov 25 01:56:48 localhost postfix/qmgr[22523]: 8E66618BE84: from=<root@ynh.local>, size=497, nrcpt=1 (queue active)
Nov 25 01:56:49 localhost postfix/pipe[22538]: 8E66618BE84: to=<yay@hp.fr>, relay=dovecot, delay=0.62, delays=0.22/0.03/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service)
Nov 25 01:56:49 localhost postfix/qmgr[22523]: 8E66618BE84: removed

And when I use mutt, I can actually see the mail in the inbox :)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.