在一台服务器上添加两个postfix实例(转载)

Introduction

Postfix has no inherent ability to distinguish inbound mail from outbound. However, with a few changes it can be made to do so.

One way is to add a second smtpd process in main.cf that accepts outbound mail on a second IP address. This is described in the "Filtering mail from outside users only" section of Postfix After-Queue Content Filter.

The method described in the after-queue document allows you have a few differences between handling of inbound and outbound mail, most notably filter inbound mail but not filter outbound. However, the method does not allow every Postfix setting to differ.

For simple requirements, turning off filtering of outbound mail may be all you need. However, Most environments require several different settings: filtering, header and body checks, spam checks and so on. Most settings are difficult or impossible to differentiate for inbound and outbound mail using the after-queue content filtering technique.

A more flexible approach is to create a complete second separate instance of Postfix. That instance accepts mail on a separate IP address, and has separate versions of main.cf, master.cf, maps and a separate spool directory. With a second instance,every Postfix setting can be unique for inbound and outbound mail. Most people also find that using two instances is easier to understand and easier to maintain.

Postfix is exceptionally well designed and resource friendly, so running a second instance doesn't consume a large amount of server resources. Two (or more) instances can easily co-exist on the same server.

This is a quick guide to creating a second instance of Postfix to handle outbound e-mail. We assume you already have a working installation of Postfix functioning on your mail server. Please do not attempt to follow these instructions until you have a single instance installed and working. Preserve your sanity: get a basic installation of Postfix working first before you add a second instance.

What's involved

Creating a second instance of Postfix from an existing one involves the following steps:

  1. Add an IP address to the server
  2. Copy the /etc/postfix directory and all files
  3. Create an additional spool directory
  4. Edit the config files
  5. Create startup and administration scripts

Step one: Add an IP address

The second instance of Postfix will be used for all outbound e-mail. Users will configure their e-mail clients to connect to that IP as their "SMTP server".

Follow the procedure appropriate to your server's version of Unix or Linux to add a second IP. The new IP can exist on the same network card as the first (eg. as device eth0:1 on Linux or hme0:1 on Solaris) or can be tied to a second NIC, whichever best suits your requirements.

If the new IP address is visible from the Internet, you may also want to add firewall settings so that only internal users can access it. The Postfix mynetworks setting should prevent outsiders abusing your outbound instance, but it's safer to prevent all outside access via firewalling.

The new IP address must resolve to a name. Either add a name for it in your DNS, or add an entry in the server's /etc/hosts file. Postfix will not work unless the IP address resolves to a name on the server Postfix is installed on.

As an alternative, the new instance can share the same IP but receive mail on a port other than port 25. We won't show that here, but it's an alternative to be aware of.

Step two: copy /etc/postfix

Copy your existing /etc/postfix directory to /etc/postfix-out:

cp -rp /etc/postfix /etc/postfix-out

The new directory should have all the files with the same ownership and permissions as the original.

To make the next step easier, edit file /etc/postfix-out/main.cf. Change the following setting or add it if it does not exist:

queue_directory = /var/spool/postfix-out

Save the changes to the file before proceeding to the next step.

Step three: create an additional spool directory

Each instance of Postfix must have it's own mail spool directory. To avoid file conflicts, the default directory /var/spool/postfix must not be shared among instances.

Create a directory named /var/spool/postfix-out and let Postfix create the appropriate subdirectories and permissions:

mkdir /var/spool/postfix-out
postfix -c /etc/postfix-out check

The result should be directory /var/spool/postfix-out containing something similar to the following:

drwxr-xr-x   14 root     root          336 Jan 30 10:20 .
drwxr-xr-x 15 root root 384 Jan 30 10:20 ..
drwx------ 2 postfix root 48 Jan 30 10:20 active
drwx------ 2 postfix root 48 Jan 30 10:20 bounce
drwx------ 2 postfix root 48 Jan 30 10:20 corrupt
drwx------ 2 postfix root 48 Jan 30 10:20 defer
drwx------ 2 postfix root 48 Jan 30 10:20 deferred
drwx------ 2 postfix root 48 Jan 30 10:20 flush
drwx------ 2 postfix root 48 Jan 30 10:20 incoming
drwx-wx--- 2 postfix postdrop 48 Jan 30 10:20 maildrop
drwxr-xr-x 2 root root 48 Jan 30 10:20 pid
drwx------ 2 postfix root 48 Jan 30 10:20 private
drwx--x--- 2 postfix postdrop 48 Jan 30 10:20 public
drwx------ 2 postfix root 48 Jan 30 10:20 saved

If directory /var/spool/postfix contains directories named etc, usr and lib, your first Postfix instance was probably installed chrooted: if those directories exist, manually copy them to /var/spool/postfix-out:

cp -rp /var/spool/postfix/etc  /var/spool/postfix-out
cp -rp /var/spool/postfix/usr /var/spool/postfix-out
cp -rp /var/spool/postfix/lib /var/spool/postfix-out

Step four: edit the config files

Edit the file /etc/postfix/main.cf and add the following near the bottom of the file:

alternate_config_directories = /etc/postfix-out

The above setting is required to inform the Postfix daemons about the second instance.

Next, edit the file /etc/postfix-out/main.cf and change the following setting:

inet_interfaces = second-IP-address-NAME

Note: in the above you must specify the DNS name of the second IP address, not the IP address. If the IP address does not have a DNS name, add an entry for it to /etc/hosts so it can be resolved locally on the server.

You should also remove settings such as reject_maps_rbl and content filtering that only need to be applied to inbound e-mail, and change syslog_facility so logging of outbound mail sent to a different file than inbound.

You might also want to change the setting myhostname so the second instance uses a name difference than the first (eg. "mx1-out"). This is required if the two instances will exchange mail with each other, otherwise Postfix will complain mail "loops back to myself".

Lastly, you can force mail being sent from the outbound instance to send using the same IP address as the inbound instance. This is useful when the mail server is behind a firewall and you want only one IP address to communicate with the Internet. To send mail on a different IP, add the setting smtp_bind_address to main.cf similar to the following:

smtp_bind_address = 192.168.1.1 

(Of course, replace the IP address above with your own server's inbound SMTP IP address)

Step five: Create startup and administration scripts

Startup script

The second instance can be started using the normal postfix start command, except you must point to the other configuration directory. For example:
postfix -c /etc/postfix-out start

To create a startup script for the second instance, either edit your existing Postfix startup script and add the above command after the existing postfix start command, or copy the existing startup script to a new name and change the copy. If you copy the start script, be sure to also follow your operating system's instructions for installing a new init script (for example, chkconfig on Redhat Linux, update-rc.d on Debian Linux).

Some example startup scripts:

Script Second instance script Redhat Linux 8.x (2k)
Script two instance script Debian Linux 3.x (1k)

Helpful scripts

Most, but not all, postfix commands accept the -c parameter to point to another instance. For example, postconf -c /etc/postfix-out prints configuration settings for the second instance. However, some commands, notably the frequently used "mailq" and "sendmail" ignore the -c parameter.

A work-around you can exploit is the fact that all Postfix commands use the MAIL_CONFIG environment variable to locate configuration files. Set MAIL_CONFIG to /etc/postfix-out and commands will use the main.cf in that directory instead of the default.

You can create shell script wrappers to set MAIL_CONFIG then execute the command. For example, the following shell script "outq" displays the mail queue for the postfix-out instance:

#!/bin/sh
export MAIL_CONFIG=/etc/postfix-out
/usr/bin/mailq

Working with the inbound and outbound instances is easier if you create similar "second instance" shell scripts for commonly used commands such as "postconf", "postfix flush" and "postfix reload".

For mail originating from the mail server itself, you might want to create a small shell script wrapper for "sendmail" so mail originating on the server itself uses the outbound instance. To do this, rename the Postfix "sendmail" binary to sendmail.postfix then create a shell script in the same directory named "sendmail" containing the following:

#!/bin/sh
export MAIL_CONFIG=/etc/postfix-out
/usr/sbin/sendmail.postfix $*

If you do this, you should also want to change the sendmail_path setting in /etc/postfix/main.cf to point to /usr/sbin/sendmail.postfix so your wrapper script won't get overwritten next time you install a Postfix upgrade.

Final notes

The above describes the minimum steps required to create a second Postfix instance.

Many other changes to /etc/postfix-out/main.cf may be desired depending on your requirements. For example, you could add a header_checks table to remove internal IP address and host information from outbound mail, or reject mail addressed to non-work-related destinations. Each instance has it's own main.cf and other files, so you are free to customize one instance without affecting the other.

When upgrading Postfix, you only need to run the normal "make upgrade" script. Both instances share the same Postfix binaries so upgrading one instance also upgrades the others. However, beware that when an upgrade requires changes to main.cf or master.cf, you will have to perform those changes manually for both instances.

 

原文地址:http://http://advosys.ca/papers/email/58-postfix-instance.html

 

你可能感兴趣的:(职场,服务器,postfix,休闲)