Home / server / Questions / 234808
Accepted
Abhishek Dujari
Asked: 2011-02-13 10:31:33 +0800 CST

How to setup a Postfix SMTP-only for multiple domains

  • 772

This is my first question on Stacks. I always read a lot of solutions to problems here almost every other day. So thank you to all contributors. I am a noob here so please spare some space if I am doing something wrong. My question is

I am trying to setup a Postfix server to be an SMTP only host for multiple domain names. I do not allow remote connection I just want to be able to use my cron scripts to send emails for various domains. Currently Postfix is default installation but I have added 

 myhostname=example.com

Now problem is if I send email from [email protected] the host shown in email headers (not in From address) is example.com the exact header is

Received: from example.com

my from address is correct. Pardon me but I really don't know a lot about email servers. My incoming is handled by another hosting provider and I know I need to add a reverse dns etc. So please if anyone knows what I should do so all domains have right DNS entries plus good postfix configuration. I want postfix to use the same domain name as the from address. I only need smtp and nothing else.

I have searched google and Stacks but none answered the question completely even if the question was similar.

Thanks in advance, I am still RTFMing all over the place.

I am also getting these errors in my mailog. i have replaced a real valid domain name with MYDOMAIN and a real system username with USER

Feb 14 22:53:13 li222-89 postfix/smtpd[28433]: connect from localhost[127.0.0.1]
Feb 14 22:53:13 li222-89 postfix/smtpd[28433]: 428FCA400C: client=localhost[127.0.0.1]
Feb 14 22:53:13 li222-89 postfix/cleanup[28436]: 428FCA400C: message-id=<4d59f8a8-0ab4-4aee-b6e6-6f0c9389ad7c@>
Feb 14 22:53:13 li222-89 postfix/qmgr[27293]: 428FCA400C: from=<[email protected]>, size=1047, nrcpt=1 (queue active)
Feb 14 22:53:13 li222-89 postfix/smtpd[28433]: disconnect from localhost[127.0.0.1]
Feb 14 22:53:13 li222-89 postfix/smtp[27755]: certificate verification failed for gmail-smtp-in.l.google.com: num=20:unable to get local issuer certificate
Feb 14 22:53:13 li222-89 postfix/smtp[27755]: certificate verification failed for gmail-smtp-in.l.google.com: num=27:certificate not trusted
Feb 14 22:53:13 li222-89 postfix/pickup[26953]: C3761A400D: uid=500 from=<USER>
Feb 14 22:53:13 li222-89 postfix/cleanup[28436]: C3761A400D: message-id=<[email protected]>
Feb 14 22:53:13 li222-89 postfix/qmgr[27293]: C3761A400D: from=<[email protected]>, size=3237, nrcpt=1 (queue active)
Feb 14 22:53:14 li222-89 postfix/smtp[26830]: certificate verification failed for aspmx.l.google.com: num=20:unable to get local issuer certificate
Feb 14 22:53:14 li222-89 postfix/smtp[26830]: certificate verification failed for aspmx.l.google.com: num=27:certificate not trusted
Feb 14 22:53:15 li222-89 postfix/smtp[27755]: 428FCA400C: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.155.27]:25, delay=2.6, delays=0.02/0.02/0.66/1.9, dsn=2.0.0, status=sent (250 2.0.0 OK 1297741995 l9si6487318yhl.10)
Feb 14 22:53:15 li222-89 postfix/qmgr[27293]: 428FCA400C: removed
Feb 14 22:53:17 li222-89 postfix/smtp[26830]: C3761A400D: to=<[email protected]>, orig_to=<USER>, relay=aspmx.l.google.com[74.125.155.27]:25, delay=14, delays=11/0/0.44/3.1, dsn=5.1.1, status=bounced (host aspmx.l.google.com[74.125.155.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at                              550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 hj39si8560308ibb.50 (in reply to RCPT TO command))
Feb 14 22:53:17 li222-89 postfix/cleanup[28436]: 726DFA400C: message-id=<[email protected]>
Feb 14 22:53:17 li222-89 postfix/qmgr[27293]: 726DFA400C: from=<>, size=5596, nrcpt=1 (queue active)
Feb 14 22:53:17 li222-89 postfix/bounce[28222]: C3761A400D: sender non-delivery notification: 726DFA400C
Feb 14 22:53:17 li222-89 postfix/qmgr[27293]: C3761A400D: removed
Feb 14 22:53:17 li222-89 postfix/smtp[27755]: certificate verification failed for aspmx.l.google.com: num=20:unable to get local issuer certificate
Feb 14 22:53:17 li222-89 postfix/smtp[27755]: certificate verification failed for aspmx.l.google.com: num=27:certificate not trusted
Feb 14 22:53:21 li222-89 postfix/smtp[27755]: 726DFA400C: to=<[email protected]>, relay=aspmx.l.google.com[74.125.155.27]:25, delay=3.6, delays=0.02/0.01/0.44/3.1, dsn=5.1.1, status=bounced (host aspmx.l.google.com[74.125.155.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at                              550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 mu18si8573893ibb.7 (in reply to RCPT TO command))
Feb 14 22:53:21 li222-89 postfix/qmgr[27293]: 726DFA400C: removed

Obviously its trying to send email to a gmail account but something is wrong ...really wrong.

smtp postfix

2 Answers

  1. Feb 14 22:53:17 li222-89 postfix/smtp[27755]: certificate verification failed for aspmx.l.google.com: num=20:unable to get local issuer certificate
Feb 14 22:53:17 li222-89 postfix/smtp[27755]: certificate verification failed for aspmx.l.google.com: num=27:certificate not trusted

    If you're attempting to relay mail using Gmail, then it will be necessary to use TLS with Postfix.First, double-check that Postfix was configured with SSL support (ie. ldd should return at least one line starting with libssl):

    $ whereis -b postfix
postfix: /usr/sbin/postfix /etc/postfix /usr/libexec/postfix
$ ldd /usr/sbin/postfix
...
libssl.so.6 => /lib/libssl.so.6 (0x00111000)
...

    Now we need to find your server's CA root certificate bundle, which is typically distributed with openssl. 

    $ locate ca-bundle.crt
/etc/pki/tls/certs/ca-bundle.crt

    Edit the Postfix main.cf to include TLS and SASL2 for Gmail authentication.

    Update your certificate file with new Gmail certificate provider.

    relayhost = smtp.gmail.com:587

# your FQDN, or default value below
mydomain = example.com

# your local machine name, or default value below
myhostname = host.example.com
myorigin = $myhostname

# SASL
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous

# TLS
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls  = yes
smtp_tls_CAfile = /path/to/your/ca-bundle.crt
smtp_sasl_tls_security_options = noanonymous

    Postfix config "how to" ( main.cf )

    Setup Postfix with a remote SMTP relay host

    • 3
  2. Best Answer

    I believe this is what you want.

    http://www.postfix.org/ADDRESS_REWRITING_README.html#generic

    Example:

    /etc/postfix/main.cf:
    smtp_generic_maps = hash:/etc/postfix/generic

/etc/postfix/generic:
    [email protected]       [email protected]
    [email protected]       [email protected]
    @localdomain.local          [email protected]

    So, if you have postfix installed and configured already.

    Open main.cf and add the generic maps setting above.

    Then open the generic file and add @example.com @example2.com or whatever settings you need for your environment

    This is a hash file so when you are done run postmap /etc/postfix/generic

    Then restart postfix.

    UPDATE

    It looks like this is actually what you are after.

    edit the master cf file and change this line

    smtp inet n - n - - smtpd

    To:

    localhost:smtp  inet n - n - - smtpd
ipaddress1:smtp inet n - n - - smtpd
ipaddress2:smtp inet n - n - - smtpd -o myhostname=hostname2
.
.
.
ipaddressn:smtp inet n - n - - smtpd -o myhostname=hostname3

    restart postfix

    Obviously this will require you to setup multiple IP address, one for each domain and setting up the reverse DNS etc. I believe this is the only way to do this.

    • 2