Use Postfix on Bastion-host

From Scalix Wiki
Revision as of 20:13, 19 February 2008 by Majx (Talk | contribs) (+ master.cf)

Jump to: navigation, search

If you want to use your scalix-server in your LAN and need an exposed server for incomming mail here's how to make it with Postfix. As the default scalix uses sendmail this gives you a better chance to survive a hacked bastion-host

  • Install your bastion-host's OS
  • Install postfix
  • config your firewall-rules to allow
    • incomming SMTP (TCP: Port 25) on external interface
    • outgoing SMTP to host:scalix.inside (Use the IP of your internal scalix-gateway)

Forwarding to internal server

edit the /etc/postfix/main.cf to contain the following 

myorigin = $mydomain 
mydestination = $mydomain 
transport_maps = hash:/etc/postfix/transport 
mynetworks = 
scalix.inside/32, 
127.0.0.1/8

in /etc/postfix/transport 

domain.com    inside-gateway.domain.com

in /etc/postfix/master.cf 

#========================================================================== 
# service type private unpriv chroot wakeup maxproc command + args 
# (yes) (yes) (yes) (never) (50) 
#========================================================================== 
smtp inet n - - - - smtpd 
pickup fifo n n - 60 1 pickup 
cleanup unix - - - - 0 cleanup 
qmgr fifo n - - 300 1 qmgr 
#qmgr fifo n - - 300 1 nqmgr 
rewrite unix - - - - - trivial-rewrite 
bounce unix - - - - 0 bounce 
defer unix - - - - 0 bounce 
flush unix - - - 1000? 0 flush 
smtp unix - - - - - smtp 
showq unix n - - - - showq 
error unix n - - - - error 
#local unix - n n - - local

Be aware - don't install the bastion's SSH-key (without password) as a trusted key on your internal server if somebody breaks the bastion (postfix or other services) he will need to break your scalix as well

Retrieved from "https://www.scalix.com/wiki/index.php?title=Use_Postfix_on_Bastion-host&oldid=3995"