I'm running a high availability cluster, and so far, most things work great. I have two external machines that act as outgoing mail hosts (smarthosts). The internal hosts are configured to relay all email through these two external facing hosts.
My smarthosts' main.cf looks like this:
myhostname = lb1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = lb1.example.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 10.1.248.0/24
My internal hosts' main.cf looks like this:
mynetworks = 127.0.0.0/8
myhostname = web1.example.com
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost = [10.1.248.3]
smtp_fallback_relay = [10.1.248.2]
lb1's internal IP is 10.1.248.2, and lb2's internal IP is 10.1.248.3.
On the external hosts, email for root and www-data is forwarded to
[email protected] with /etc/aliases.
One advantage to using the smarthost setup is that spam filters and the like can connect back to the sending sending server. All email is sent fine, and headers look like this:
Received: from lb2.example.com ([198.51.100.3])
by mx.google.com with ESMTP id y17si1571259icb.76.2011.01.13.18.20.32;
Thu, 13 Jan 2011 18:20:32 -0800 (PST)
Received-SPF: neutral (google.com: 198.51.100.3 is neither permitted nor denied by best guess record for domain of
[email protected]) client-ip=198.51.100.3;
Received: from db1.example.com (unknown [10.1.248.20])
by lb2.example.com (Postfix) with ESMTP id D364823C0BE
for <
[email protected]>; Thu, 13 Jan 2011 21:20:31 -0500 (EST)
Received: by db1.example.com (Postfix)
id C9FA7760D6A; Thu, 13 Jan 2011 21:20:31 -0500 (EST)
Delivered-To: www-data@localhost
Received: by db1.example.com (Postfix, from userid 0)
id C1632760D6C; Thu, 13 Jan 2011 21:20:31 -0500 (EST)
The problem is bounced/reject email. The external machine tries to forward the email back to the internal machine, e.g. www-data on web1 sending an email that bounces (such as a user signing up with a bad email address).
An additional complication is using Google mail for the main example.com domain.
In lieu of specifying every internal host in the external hosts' mydestination, is there a better way of setting things up, keeping in mind I can't adjust touch the mx for example.com?
