also see here for a description to get pop3-before-smtp-authentication working using mysql.
SMTPS is also not covered so far but shouldn't be too complicated.
if You care about security, use Your firewall to only allow incoming port on that IP. i used iptables:
#!/bin/sh IPADDR2="new.new.new.new" # allow SMTP ... /usr/sbin/iptables -A INPUT -p TCP -d $IPADDR2 -j ACCEPT /usr/sbin/iptables -A OUTPUT -p TCP -s $IPADDR2 --sport 25 -m state --state ESTABLISHED -j ACCEPT # .. and nothing else on this IP /usr/sbin/iptables -A INPUT -d $IPADDR2 -j DROP /usr/sbin/iptables -A INPUT -s $IPADDR2 -j DROP |
i've choosen the cheap trick to set the default in /etc/xinetd.conf ...
interface = old.old.old.old |
/sbin/modprobe ip_conntrack_ftp /usr/sbin/iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 25 -j DNAT --to old.old.old.old:25 /usr/sbin/iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 21 -j DNAT --to old.old.old.old:21 /usr/sbin/iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 106 -j DNAT --to old.old.old.old:106 |
maybe reboot at this point to check that everything comes up right.
the following commands should both show something like "220 SERVERNAME ESMTP":
# telnet 127.0.0.1 25 Escape character is '^]'. 220 myserversname ESMTP # telnet old.old.old.old 25 Escape character is '^]'. 220 myserversname ESMTP |
# netstat -tulpen|grep xinet tcp 0 0 old.old.old.old:106 0.0.0.0:* LISTEN 0 11292 3048/xinetd tcp 0 0 old.old.old.old:465 0.0.0.0:* LISTEN 0 11294 3048/xinetd tcp 0 0 old.old.old.old:21 0.0.0.0:* LISTEN 0 11291 3048/xinetd tcp 0 0 old.old.old.old:25 0.0.0.0:* LISTEN 0 11293 3048/xinetd |
# cp /usr/sbin/sendmail /usr/sbin/sendmail.qmail |
# cp /usr/sbin/sendmail /usr/sbin/sendmail.postfix # cp /usr/sbin/sendmail.qmail /usr/sbin/sendmail |
myhostname = myserversname inet_interfaces = new.new.new.new relay_domains = hash:/etc/postfix/relaydomains relayhost = 127.0.0.1 # or whatever is unused syslog_facility = local7 |
# anti-spam: smtpd_helo_required=yes smtpd_helo_restrictions = reject_unauth_pipelining, permit reject_invalid_hostname=yes strict_rfc821_envelopes = yes html_directory = no smtpd_soft_error_limit = 2 smtpd_hard_error_limit = 10 smtpd_error_sleep_time = 20s |
#!/usr/bin/perl -w # create relaydomains for postfix from rcpthosts from qmail # 20060405,arnim rupp my $rcpthost = "/var/qmail/control/rcpthosts"; # must be same as postfixs main.cf "relay_domains=" my $relaydomains = "/etc/postfix/relaydomains"; my $postmap="/usr/sbin/postmap"; my $sort="/bin/sort"; use strict; open (RCPTHOSTS, "$sort $rcpthost|" ) || die "cant open $rcpthost\n"; open (RELAYDOMAINS, "> $relaydomains" ) || die "cant open $relaydomains\n"; while(<RCPTHOSTS>) { chomp; print RELAYDOMAINS "$_ RELAY\n" if ( $_ ); } close (RELAYDOMAINS); close (RCPTHOSTS); system "$postmap $relaydomains"; |
*/5 * * * * /usr/local/sbin/make_postfix_relaydomains |
# netstat -tulpen|grep :25 tcp 0 0 old.old.old.old:25 0.0.0.0:* LISTEN 0 11293 3048/xinetd tcp 0 0 new.new.new.new:25 0.0.0.0:* LISTEN 0 23689 8476/master |
a@ubuntu:~$ telnet new.new.new.new 25 Trying new.new.new.new ... Connected to new.new.new.new. Escape character is '^]'. 220 myserversname ESMTP Postfix EHLO test.de 250-myserversname 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250 8BITMIME MAIL FROM: 250 Ok RCPT TO: |
if it doesn't work out, the fallback is putting the MX-records back.
also make sure the configuration is boot-proof!