[geeks] configuring new mail server: need information on private LAN setup

Charles Shannon Hendrix shannon at widomaker.com
Sat Mar 24 18:24:09 CDT 2007 

On Sat, 24 Mar 2007 19:01:07 +0000
Mike Meredith <very at zonky.org> wrote:

> On Sat, 24 Mar 2007 11:48:07 -0400, Charles Shannon Hendrix wrote:
> > sendmail configuration has not required messing with sendmail's
> > language in a long time now.
> > 
> > You edit your site config, usually under a dozen lines, generate
> > sendmail.cf, and then edit some tables.
> 
> Only for relatively simple configurations. My last sendmail.mc (dating
> to the time of the Lovebug 'virus' more or less) contained more cf in it
> than mc; whilst Sendmail has improved over the years, what I do in an
> MTA has increased in complexity 5 fold so I dare say if I were still
> doing it in Sendmail, my mc would still contain lots of cf.

Well, a lot depends on what you do.

For some mail setups, postfix and exim are a lot harder to make work, and
impossible in some cases since they don't have all of the features of
sendmail.

Personally, I think all of them leave a lot to be desired in terms of
documentation, actually doing what their documentation says, and examples of
non mainstream application.

> > In any case, I'm having the same issues getting postfix to work in my
> > setup as sendmail, so for me both are a real PITA.
> 
> Hmm. Odd. It may be worth trying to capture what both Sendmail and
> Postfix are trying to send with tcpdump.

If you get this, I'll at least have figured out what was wrong with postfix,
most of it anyway.
 
> > Despite what I would think is a common setup (a private LAN with a
> > full MTA and a dynamic WAN IP address), there is very little
> > documentation on how to set that up.
> 
> You mean like :-
> 
> http://www.postfix.org/BASIC_CONFIGURATION_README.html

Nothing in there describes a private LAN/dynamic IP setup.

There are some sections in the postfix documentation that do, but they don't
actually work.

> The most obvious problem with running an MTA in a private LAN is that
> the MTA needs to be told the fqdn of the wan ip address but I think
> you've got that covered. 

That would break a private LAN/dynamic IP configuration where you want a full
local MTA.

You do not want the MTA to have its external WAN address/name.  If you do
that, it will fail to serve its private domains and machines.

I want a full MTA serving its own LAN and any attached private LANs, but
still able to send mail to the outside, properly masqueraded.

The MTA's FQDN should be that of your private LAN, and you use some form of
masquerading to rewrite outgoing email.

I have figured out how to make postfix work, I think.  We'll see if the list
gets this and the headers look OK.

The documentation is wrong, and parts of it seem to be missing.  For example,
they'll document a feature but not mention that it only works if another is
present.  Another issue is that some master processes don't actually read
main.cf, or at least not all of it, and you have to specifically configure
them.

Here's what I did to make it work:

I'll assume that you know how to configure postfix for your local LAN, and
the documentation for that seems pretty good.

That leaves the primary issue of sending remote mail, and rewriting the from
headers to match an outside account for each sending local account.  You must
do this so that replies will work, and so verification will work for MTAs
that do the verification (all of them should).

First of all, in main.cf:

relayhost = [<your ISP mail server>]

If you don't use brackets, smtp will do an MX query and try to use the least
expensive MX host for your ISP, which with my ISP doesn't work (* see note at
end).

To do the from address masquerading, you use a generic database, just like
sendmail:

smtp_generic_maps = hash:/etc/postfix/generic

For testing, I did this:

	@goid.lan		shannon at widomaker.com

The documentation says this will rewrite all address from the matching
domain.  However, I found it didn't actually work.  Instead, I had to list a
permutation of all users and machines on my LAN.  I don't know if the feature
is broken, or the documentation is wrong.

I ended up with something like this:

	<user>@goid.lan                  <outside address>
	<user>@escape.goid.lan           <outside address>
	<user>@caesar.goid.lan           <outside address>
	<user>@grey.goid.lan             <outside address>
	<user>@nuvolari.goid.lan         <outside address>

...and so on.  One entry for each user address on each machine.

At this point, testing with "postmap -q" started working.

It still didn't work when actually sending mail, however.  postfix was not
honoring the line in main.cf, even though that's exactly what the
documentation says.

I ended up fixing this by specifically telling relay to use a generic table
in the master.cf file:

relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
        -o smtp_generic_maps=hash:/etc/postfix/generic

...and that appears to fix it.  I don't know why I should have to, or why the
documentation doesn't mention it, but it seems to work.

Maybe I'll figure out more later on, but for now I'm going to test what I
have.

There are also other issues, like postfix trying to talk to the scache master,
even though you've turned it off, and so on.  I wonder if that isn't related
to the problem with the generic option not being honored in main.cf.

Same kind of bug I mean.




-- 
shannon           | All of us get lost in the darkness, dreamers turn to look 
                  | at the stars.
                  |         -- Rush

More information about the geeks mailing list