1

Topic: Config outbound relay without having to mirror email accounts

### REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER
- iRedMail version (check /etc/iredmail-release):  0.9.9
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Server Environment / Scenario:

mx-master.servers.com (10.1.1.1/32): Primary email server (running iredmail 0.9.9)
mx-relay.servers.com (10.1.1.2/32): Relay email server (running iredmail 0.9.9)

Email accounts for servers.com domain are managed on mx-master

Objective:
I'm trying to configure mx-relay to relay email originally sent from mx-master destined for att.com

Here is the issue I am having:

The configurations outlined below successfully relay email destined to example@att.com only if the sending email account on servers.com exists on both mx-master and mx-relay.  The relay does not work if I send an email to example@att.com from a servers.com email account that exists on mx-master but does not exist on mx-relay.

My primary question:
How can I configure mx-relay to successfully relay email destined to att.com without having to mirror all email accounts on mx-relay to be the same as on mx-master?

Thanks in advance.

The following are excerpts from the configurations I am currently using for mx-master and mx-relay:

--------------------

On mx-relay, I've created the email account relay@servers.com

/etc/postfix/main.cf @ mx-relay:

mynetworks = 127.0.0.1 [::1], 10.1.1.1/32

/opt/iredapd/settings.py @ mx-relay

MYNETWORKS = ["10.1.1.1/32"]

--------------------

I've configured postfix on mx-master to use smtp_sasl_passwd_maps and transport hash as follows:

/etc/postfix/main.cf @ mx-master:

# outbound relay configurations
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
...
transport_maps =
    hash:/etc/postfix/transport

/etc/postfix/sasl_passwd @ mx-master:

mx-relay.servers.com relay@servers.com:pass123

/etc/postfix/transport @ mx-master:

att.com relay:[mx-relay.servers.com]:587

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Config outbound relay without having to mirror email accounts

Does mark the domain as backupmx (SQL column "domain.backupmx=1") on mx-relay solve the issue?

3 (edited by rkio 2021-05-22 02:43:22)

Re: Config outbound relay without having to mirror email accounts

setting domain.backupmx=1 on mx-relay causes SASL authentication to now fail.

maillog @ mx-master:

...
SASL authentication failed; server mx-relay.servers.com [10.1.1.2] said: 535 5.7.8 Error: authentication failed
....

maillog @ mx-relay

...
warning: mx-master.servers.com [10.1.1.1]: SASL PLAIN authentication failed:
....

4

Re: Config outbound relay without having to mirror email accounts

we are using a relay server as well. It works out of the box if you set the MX DNS record to the relaying server and set the relaying server so that one accepts relaying for that domain.

E.g.

DNS MX record in my_domain.com --> mx.relay_server.com
Relayserver mx.relay_server.com --> ALLOW relay from my_domain.com

5

Re: Config outbound relay without having to mirror email accounts

Thank you Istaon, but I am looking to relay outbound email and not inbound email.