Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
smtp_fallback_relay sending to exchange for outbound messages?
104 views
Skip to first unread message
Don
Oct 14, 2009, 2:30:17 PM10/14/09
to
Hi, we have been looking for ways of implementing some redundancy on our postfix gateways by using the smtp_fallback_directive. Our goal is to have
mail to our domain example.com failover to our secondary exchange server if the primary is down. So in our transport we have:
example.com smtp:[192.168.99.10]
if above goes down use:
smtp_fallback_relay = [192.168.99.11]
This solution works perfectly for inbound messages destined to our users at example.com. The issue is on our outbound messages, after we implemented the
smtp_fallback_relay directive in our main.cf we started getting complaints from end users that they were getting NDR's from exchange. Here was an example:
Delivery has failed to these recipients or distribution lists:
some...@somedomain.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: 192.168.99.11.
This message came from our exchange server @ 192.168.99.11, which is also our smtp_fallback_relay.
A check from the postfix logs show:
Oct 5 18:40:24 mail postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: host mail.somedomain.com[194.99.99.99] said: 421 <some...@somedomain.com>: Deferring connection (in reply to RCPT TO command)
Oct 5 18:40:24 mail postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: host mail.somedomain.com[194.99.99.99] said: 421 <some...@somedomain.com>: Deferring connection (in reply to RCPT TO command)
Oct 5 18:40:29 mailg postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: to=<some...@somedomain.com>, relay=192.168.99.11[192.168.99.11]:25, delay=6.4, delays=0.03/0/1.3/5.1, dsn=5.7.1, status=bounced (host 192.168.99.11[192.168.99.11] said: 550 5.7.1 Unable to relay (in reply to RCPT TO command))
My interpretation of what is going on is that the message was sent from exchange to our gateways and the gateway attempted to relay to mail.somedomain.com and got a 421.
Then our gateway followed our smtp_fallback_relay directive and attempted to deliver back to our secondary exchange server which also bounced since we have user address
verification turned on. So my question out of all of this is: How do we get smtp_fallback_relay to only function for incoming messages to our domain example.com but
not use the directive if messages are coming from exchange destined towoards other domains such as somedomain to prevent fallback to our exchange if the relay is down. We got a tone of emails from end users when they started getting all these NDR's from exchange.
Thanks
mail to our domain example.com failover to our secondary exchange server if the primary is down. So in our transport we have:
example.com smtp:[192.168.99.10]
if above goes down use:
smtp_fallback_relay = [192.168.99.11]
This solution works perfectly for inbound messages destined to our users at example.com. The issue is on our outbound messages, after we implemented the
smtp_fallback_relay directive in our main.cf we started getting complaints from end users that they were getting NDR's from exchange. Here was an example:
Delivery has failed to these recipients or distribution lists:
some...@somedomain.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: 192.168.99.11.
This message came from our exchange server @ 192.168.99.11, which is also our smtp_fallback_relay.
A check from the postfix logs show:
Oct 5 18:40:24 mail postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: host mail.somedomain.com[194.99.99.99] said: 421 <some...@somedomain.com>: Deferring connection (in reply to RCPT TO command)
Oct 5 18:40:24 mail postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: host mail.somedomain.com[194.99.99.99] said: 421 <some...@somedomain.com>: Deferring connection (in reply to RCPT TO command)
Oct 5 18:40:29 mailg postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: to=<some...@somedomain.com>, relay=192.168.99.11[192.168.99.11]:25, delay=6.4, delays=0.03/0/1.3/5.1, dsn=5.7.1, status=bounced (host 192.168.99.11[192.168.99.11] said: 550 5.7.1 Unable to relay (in reply to RCPT TO command))
My interpretation of what is going on is that the message was sent from exchange to our gateways and the gateway attempted to relay to mail.somedomain.com and got a 421.
Then our gateway followed our smtp_fallback_relay directive and attempted to deliver back to our secondary exchange server which also bounced since we have user address
verification turned on. So my question out of all of this is: How do we get smtp_fallback_relay to only function for incoming messages to our domain example.com but
not use the directive if messages are coming from exchange destined towoards other domains such as somedomain to prevent fallback to our exchange if the relay is down. We got a tone of emails from end users when they started getting all these NDR's from exchange.
Thanks
Wietse Venema
Oct 14, 2009, 2:44:56 PM10/14/09
to
Don:
> So my question out of all of this is: How do we get
> smtp_fallback_relay to only function for incoming messages to our domain
> example.com but
> not use the directive if messages are coming from exchange destined towoards
> So my question out of all of this is: How do we get
> smtp_fallback_relay to only function for incoming messages to our domain
> example.com but
> not use the directive if messages are coming from exchange destined towoards
Use different master.cf transports. For example, for inbound
/etc/postfix/transport:
example.com: relay:[gateway.example.com]
/etc/postfix/master.cf:
relay unix ... smtp -o smtp_fallback_relay=[fallback.example.com]
And don't use smtp_fallback_relay in main.cf.
In the above example, [] is needed to suppress MX lookups.
Wietse
0 new messages