main.cf

main.cf

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = smtp.cloud
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, smtp.cloud, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/24 1.2.3.4 5.6.7.8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

Convient parfaitement avec la conf serveur satellite d'exim

• Serveur mx secondaire : mx2.domain.tld
• Serveur principal : mx.domain.tld
• Domaine : domain.tld

main.cf

myhostname = mx2.domain.tld
mydomain = domain.tld
myorigin = $mydomain
mydestination = $myhostname, mx2, localhost.localdomain, localhost
mynetworks_style= subnet
mynetworks = 127.0.0.0/8 <ip du relay>
smtpd_banner = $myhostname ESMTP ; Violators will be shot, survivors will be shot again.
empty_address_recipient = MAILER-DAEMON@$mydomain
 
# Options diverses
compatibility_level = 2
biff = no
readme_directory = no
append_dot_mydomain = no
recipient_delimiter = +
anvil_status_update_time = 2h
disable_vrfy_command = yes
bounce_template_file = /etc/postfix/bounce.cf
 
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
inet_protocols = ipv4
smtp_address_preference = ipv4
 
relay_domains = domain.tld, <autres domaines à relayer au serveur principal>
maximal_queue_lifetime = 14d
 
relayhost = mx.domain.tld
 
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mx2.domain.tld/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mx2.domain.tld/privkey.pem
 
smtpd_use_tls=yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_security_level = may
 
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
 
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
mailbox_size_limit = 0

A décommenter dans le master.cf :

master.cf

smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes

Comme précédemment, mais sans relayhost :

main.cf

...
relayhost =
...

…Et bien sûr, rajouter le secondaire en relayhost du primaire !

journalctl -u postfix@-.service -f

postqueue -f

postsuper -d ALL