Creating a second instance of Postfix from an existing one involves the following steps:
1. Add an IP address to the server
2. Copy the /etc/postfix directory and all files
3. Create an additional spool directory
4. Edit the config files
5. Create startup and administration scripts
Step one: Add an IP address
The second instance of Postfix will be used for all outbound e-mail. Users will configure their e-mail clients to connect to that IP as their "SMTP server".
Follow the procedure appropriate to your server's version of Linux to add a second IP. The new IP can exist on the same network card as the first (eg. as device eth0:1 on Linux) or can be tied to a second NIC, whichever best suits your requirements.
The new IP address must resolve to a name. Either add a name for it in your DNS, or add an entry in the server's /etc/hosts file. Postfix will not work unless the IP address resolves to a name on the server Postfix is installed on.
As an alternative, the new instance can share the same IP but receive mail on a port other than port 25. We won't show that here, but it's an alternative to be aware of.
Step two: copy /etc/postfix
Copy your existing /etc/postfix directory to /etc/postfix-out:
cp -rp /etc/postfix /etc/postfix-out
The new directory should have all the files with the same ownership and permissions as the original.
To make the next step easier, edit file /etc/postfix-out/main.cf. Change the following setting or add it if it does not exist:
queue_directory = /var/spool/postfix-out
Save the changes to the file before proceeding to the next step.
Step three: create an additional spool directory
Each instance of Postfix must have it's own mail spool directory. To avoid file conflicts, the default directory /var/spool/postfix must not be shared among instances.
Create a directory named /var/spool/postfix-out and let Postfix create the appropriate subdirectories and permissions:
mkdir /var/spool/postfix-out
postfix -c /etc/postfix-out check
The result should be directory /var/spool/postfix-out containing something similar to the following:
drwxr-xr-x 14 root root 336 Jan 30 10:20 .
drwxr-xr-x 15 root root 384 Jan 30 10:20 ..
drwx------ 2 postfix root 48 Jan 30 10:20 active
drwx------ 2 postfix root 48 Jan 30 10:20 bounce
drwx------ 2 postfix root 48 Jan 30 10:20 corrupt
drwx------ 2 postfix root 48 Jan 30 10:20 defer
drwx------ 2 postfix root 48 Jan 30 10:20 deferred
drwx------ 2 postfix root 48 Jan 30 10:20 flush
drwx------ 2 postfix root 48 Jan 30 10:20 incoming
drwx-wx--- 2 postfix postdrop 48 Jan 30 10:20 maildrop
drwxr-xr-x 2 root root 48 Jan 30 10:20 pid
drwx------ 2 postfix root 48 Jan 30 10:20 private
drwx--x--- 2 postfix postdrop 48 Jan 30 10:20 public
drwx------ 2 postfix root 48 Jan 30 10:20 saved
If directory /var/spool/postfix contains directories named etc, usr and lib, your first Postfix instance was probably installed chrooted: if those directories exist, manually copy them to /var/spool/postfix-out:
cp -rp /var/spool/postfix/etc /var/spool/postfix-out
cp -rp /var/spool/postfix/usr /var/spool/postfix-out
cp -rp /var/spool/postfix/lib /var/spool/postfix-out
Step four: edit the config files
Edit the file /etc/postfix/main.cf and add the following near the bottom of the file:
alternate_config_directories = /etc/postfix-out
The above setting is required to inform the Postfix daemons about the second instance.
Next, edit the file /etc/postfix-out/main.cf and change the following setting:
inet_interfaces = second-IP-address-NAME
Note: in the above you must specify the DNS name of the second IP address, not the IP address. If the IP address does not have a DNS name, add an entry for it to /etc/hosts so it can be resolved locally on the server.
You should also remove settings such as reject_maps_rbl and content filtering that only need to be applied to inbound e-mail, and change syslog_facility so logging of outbound mail sent to a different file than inbound.
You might also want to change the setting myhostname so the second instance uses a name difference than the first (eg. "mx1-out"). This is required if the two instances will exchange mail with each other, otherwise Postfix will complain mail "loops back to myself".
Lastly, you can force mail being sent from the outbound instance to send using the same IP address as the inbound instance. This is useful when the mail server is behind a firewall and you want only one IP address to communicate with the Internet. To send mail on a different IP, add the setting smtp_bind_address to main.cf similar to the following:
smtp_bind_address = 192.168.1.1
(Of course, replace the IP address above with your own server's inbound SMTP IP address)
Step five: Create startup and administration scripts
Startup script
The second instance can be started using the normal postfix start command, except you must point to the other configuration directory. For example:
postfix -c /etc/postfix-out start
To create a startup script for the second instance, either edit your existing Postfix startup script and add the above command after the existing postfix start command, or copy the existing startup script to a new name and change the copy. If you copy the start script, be sure to also follow your operating system's instructions for installing a new init script (for example, chkconfig on Redhat Linux, update-rc.d on Debian Linux).
1 comments:
Many thanks for detailed article.
Post a Comment