Specifying a Postfix Instance to send outbound email
- by Catherine Jefferson
I have a CentOS 6.5 server running Postfix 2.6x (the default distribution) with five public IPv4 IPs bound to it. Each IP has DNS and rDNS set separately. Each uses a different hostname at a different domain. I have five Postfix instances, one bound to each IP, like this example:
192.168.34.104 red.example.com /etc/postfix
192.168.36.48 green.example.net /etc/postfix-green
192.168.36.49 pink.example.org /etc/postfix-pink
192.168.36.50 orange.example.info /etc/postfix-orange
192.168.36.51 blue.example.us /etc/postfix-blue
I've tested each IP by telneting to port 25. Postfix answers and banners properly with the correct hostname. Email is received on all of these instances with no problems and is routed to the correct place. This setup, minus the final instance, has existed for a couple of years and works.
I never bothered to set up outbound email to go through any but the main instance, however; there was no need. Now I need to send email from blue.example.us that actually leaves from that interface and IP, such that the Received headers show blue.example.us as the sending mailhost, so that SPF and DKIM validate, etc etc.
The email that will be sent from blue.example.com is a feedback loop sent by a single shell account on the server (account5), an account that is dedicated to sending this email. The account receives the feedback loop emails from servers on other networks, saves the bodies of those emails, and then generates a new outbound email header, appends the saved body, and sends the email. It's sending by piping each email to sendmail -oi -t. We're doing it this way to mask the identities of the initial servers. The procmail script that processes these emails works correctly.
However, I cannot configure this account to send email through the proper Postfix instance/IP/interface. The exact same account and script sends email through the main Postfix instance /etc/postfix without any issues. When I change MAIL_CONFIG to point to /etc/postfix-blue in either .bash_profile or the Procmail script that handles this email, though, I get this error:
sendmail: fatal: User account5(###) is not allowed to submit mail
I've read the manuals on Postfix.org, searched Google, and tried the suggestions in three previous answers here on ServerFault.com:
Postfix - specify interface to deliver outbound mail on
Postfix user is not allowed to submit mail
Postfix rejects php mails
I have been careful to stop and restart Postfix after each configuration change, and tested the results. Nothing has worked. The main postfix instance happily accepts outbound email from account5. The postfix-blue instance continues to reject email from account5 with the sendmail error above.
As tempting as it is to blame machine hostility, I know that I must be missing something or doing something wrong. Does anybody have any suggestions as to what it might be? Please feel free to ask for further information about my setup if you need it.
=-=-=-=-=-=-=-=-=-=
At the request of the responder, here are main.cf and master.cf for a) the main postfix instance ("red.example.com") and b) the FBL instance ("blue.example.us")
[NOTE: All parameters not specified below were left at the default Postfix 2.6 settings]
MAIN:
master.cf
smtp inet n - n - - smtpd
main.cf
myhostname = red.example.com
mydomain = example.com
inet_interfaces = $myhostname, localhost
inet_protocols = all
lmtp_host_lookup = native
smtp_host_lookup = native
ignore_mx_lookup_error = yes
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps =
mynetworks = 192.168.34.104/32
relay_domains = example.com,
example.info,
example.net,
example.org,
example.us
relayhost = [192.168.34.102] # Separate physical server, main mailserver.
relay_recipient_maps = hash:/etc/postfix/relay_recipients
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name
multi_instance_wrapper = ${command_directory}/postmulti -p --
multi_instance_enable = yes
multi_instance_directories = /etc/postfix-green /etc/postfix-pink /etc/postfix-orange /etc/postfix-blue
FBL:
master.cf
184.173.119.103:25 inet n - n - - smtpd
main.cf
myhostname = blue.example.us
mydomain = blue.example.us <= Deliberately set to subdomain only.
myorigin = $mydomain
inet_interfaces = $myhostname
lmtp_host_lookup = native
smtp_host_lookup = native
ignore_mx_lookup_error = yes
mydestination = $myhostname
local_recipient_maps = unix:passwd.byname $alias_maps $virtual_alias_maps
mynetworks = 192.168.36.51/32, 192.168.35.20/31 <= Second IP is backup MX servers
relay_domains = $mydestination
recipient_canonical_maps = hash:/etc/postfix-blue/canonical
virtual_alias_maps = hash:/etc/postfix-fbl/virtual
alias_maps = hash:/etc/aliases, hash:/etc/postfix-blue/canonical
alias_maps = hash:/etc/aliases, hash:/etc/postfix-blue/canonical
mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Mail/ MAILDIR=$HOME/Mail
smtpd_banner = $myhostname ESMTP $mail_name
authorized_submit_users =
multi_instance_name = postfix-blue
multi_instance_enable = yes
