Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Software] Postfix

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

[Software] Postfix

#1 Post by rtobiasr »

I've searched how to create a backup Postfix server by copying the Postfix config files. I find a lot of complicated stuff about multiple MX records and also TLS certificates. Firstly, I don't use TLS because my mail server is mostly a hobby, and I don't want to pay for a certificate. Secondly, can't I just change my MX record when I need to use the backup server? I'm hoping that there is a way that I can copy all of my Postfix config files, and then paste it onto a different Postfix server. Is there a way to do it that simply? If it helps, I do own *.mydomain.xyz.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#2 Post by dilberts_left_nut »

The answer is 'it depends'.
Do you just want another standby server to replace your primary when it blows up?
i.e. You discover your mail isn't working, turn on your "backup" and adjust DNS to point to the new server.
If so, a direct copy of your configs should work.

Probably what is muddying the waters is you are finding results for a 'backup mx', which is always live and has a MX record and passes incoming mail to your primary, storing it while your primary is temporarily down and forwarding it when back up.
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#3 Post by rtobiasr »

You've pretty much described what I want. Either of my servers is likely to "blow up" because they're hobby servers. I'm retired from IT, so they're just there for my own fun. Having said that, my family is starting to get interested in firstname@lastname.abc because I own lastname.abc. I want to accommodate them with stability in their email addresses. Are all the config files in /etc/postfix, or should I also copy other files? I don't know for sure because I used Webmin for much of the setup.

NOTE: I know that I could get a hosting solution for email only, but money is tight. I'm already paying EU12/month for two servers and a domain. My wife would be pissed if I started incurring another "IT" cost.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#4 Post by dilberts_left_nut »

I would lean towards the simple solution of just having your "backup" server ready to go as a manual drop in replacement.

Put down webmin and wash your hands immediately ... ;)

Yes all postfix conf is in /etc/postfix (unless YOU have put some stuff elsewhere).

What about authentication and a MDA? (dovecot or ??)
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#5 Post by rtobiasr »

I only use Postfix to forward emails to firstname@lastname.abc to Gmail or other accounts. I cannot see any reason for authentication. Nobody is looking for incoming emails on my server. It only forwards emails to accounts run by other email providers.
Last edited by rtobiasr on 2022-12-10 01:03, edited 1 time in total.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#6 Post by dilberts_left_nut »

Ah, ok - in that case, it's nice and simple.
You could still have your second server doing the same thing and just add another MX record.
That way if either stops, the other is still going.-, with no intervention required.
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#7 Post by rtobiasr »

So I just copy /etc/postfix and adjust MX record and/or change the A record from backup.mydomain.abc to mydomain.abc. Is that correct?

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#8 Post by dilberts_left_nut »

Are both servers live anyway, with their own FQDN's?
If so, just add an extra MX record (with a lower priority) pointing to the "backup" hostname.

edit: and yes, just copy the postfix config, with suitable adjustment for their own hostname.
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#9 Post by rtobiasr »

The servers are both live. I typically experiment with backup.doman, but do sometimes crash .doman. It's a wildcard address. I own *.richards.zone, and have full control of it. In fact, unless otherwise explicitly specified in DNS, ANYTHING.richards.zone goes to richards.zone (with various /var/www/vhosts/whatever directories hosted by name via Apache configuration). My two servers and domain and DNS are hosted by contabo.com. Both servers are always live unless I crash one of them.

Extra note: Before retirement I was a fan of Nginx for my employer, but as a hobbyist I don't want to deal with the complicated configs that Apache does automatically, like just getting php to work.

Extra question: What do you think about OSSEC? I used it at work, but after so many years I don't know if it may crash my server.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#10 Post by dilberts_left_nut »

Never used it.
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#11 Post by rtobiasr »

If Linux is part of your job duties then OSSEC is definitely worth checking out. You may be familiar with HIPS (Host Intrusion Protection System). OSSEC is a highly respected and open source HIPS that competes with Cisco's HIPS solution. There's a Windows version, but it sends you a hundred emails about sensitive file changes (for every OSSEC Windows host) every time Microsoft issues an update.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#12 Post by dilberts_left_nut »

Logwatch & rsync works for me.
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#13 Post by rtobiasr »

How is rsync a security measure?

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#14 Post by dilberts_left_nut »

By reporting any filesystem changes.
Suitably filtered of course.
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#15 Post by rtobiasr »

OSSEC does a lot more such as reporting logon failures (especially via root), IP blocking of anybody who unsuccessfully logs in 10 times in 1 minute (configurable), and watching after attacks against Apache, Nginx, PHP, FTP, SFTP, Sendmail, Postfix, and so forth with email warnings that can be configured.

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: [Software] Postfix

#16 Post by dilberts_left_nut »

Logwatch & fail2ban got that covered.
AdrianTM wrote:There's no hacker in my grandma...

rtobiasr
Posts: 10
Joined: 2022-11-21 17:36

Re: [Software] Postfix

#17 Post by rtobiasr »

I should have looked at those when I was employed. OSSEC does have a tendency to email the admin about a lot of false positives unless you turn email reporting off for certain stuff.

Post Reply