0

I need to manage two mailservers (postfix and dovecot on different machines) using a single public IP. I thought I solved by putting non-standard ports on the second postfix instance, but I do not get mail from outside my network.

Is my approach right? How should I accomplish this?

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
Gian Piero
  • 1
  • 1
  • 1
    `putting non-standard ports on the second postfix but I do not get mail from outside my network.` --> of course it won't work. Outside mail server only connect to your server through port 25 – masegaloeh Sep 01 '15 at 10:47
  • So it is impossible to handle two email servers with a single public IP? – Gian Piero Sep 01 '15 at 12:18
  • Why do you need two separated mail servers? – masegaloeh Sep 01 '15 at 12:36
  • It s a business choice.First is mail server of my company, the other is the server of our customers that we host in our network temporarily. – Gian Piero Sep 01 '15 at 12:48
  • Both postfix and dovecot has capabilities to serve multiple domains. Why not use it? – masegaloeh Sep 01 '15 at 12:52
  • Yes I understood.But my problem is different ..there are two physically different servers in our network with different system administrator... etc etc ..unfortunately I can not unify them... – Gian Piero Sep 01 '15 at 13:04
  • 2
    Setup a third instance which relays incoming mails to the back-end mailservers depending on the recipient domain. – sebix Sep 01 '15 at 19:27
  • If SMTP supported SRV records, this would be easy. As it is, you'll have to do a single passthrough mailserver filter. Note that dovecot should be doable because you can just tell your users to use a non-specific port; you can't do that with random mail servers from the Internet. – Bandrami Sep 02 '15 at 03:55

2 Answers2

3

postfix is capable of relaying messages to another server for specific domains.

Take a look at this setup for an example: Proxy mail to different smtp server with Postfix

Community
  • 1
eKKiM
  • 1,540
  • 9
  • 23
3

You can only run one MTA on each IP address. This is because MX records, unlike SRV records, do not allow a port to be specified. Mails from other sites always come on the standard ports (25, 465 which is deprecated, and 587 for submission). Those ports must absolutely not go to different MTAs, or you will experience odd delivery problems, though really you only need to serve on 25.

None of this has anything to do with dovecot, which is an IMAP and POP3 server. It's all about the SMTP server in this case, or MTA, postfix. You can run IMAP and POP3 on nonstandard ports as long as you are prepared to communicate them to your users.

You should set up an MTA on a new server on the IP address, and have the two existing MTAs use RFC1918 addresses. Have the new MTA act as a relay for those two domains, and give it internal DNS so that it sees the RFC1918 addresses in the MX records. Ensure it can only relay to those two domains, and your problems will be solved. You don't need it to relay outgoing mail, and internal SMTP clients can send mail through the existing mailservers.

Set your MX records for both your domains to the domain name pointing to your single IP, and set your SPF records on those domains to allow the FQDN given in that IP's public DNS to originate mail for them. Ensure your NAT is configured such that SNAT of your SMTP servers uses that IP.

That's it! It should just work after that, without any IT governance issues at all.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92