Skip to content

Setting up postmulti with multiple xoauth2 relays

Jump to bottom
Jamen edited this page May 13, 2022 · 17 revisions

test header

Use Case:

Let's say that I have 4 gmail accounts. fax@test.net, everything@test.net, important@test.net and sender@test.net

My relay server is configured with an IP of 169.254.1.12.

I want all mail sent by my organization to be sent through my relay as sender@test.net no matter who it's actually sent by. But, there are some critical services running on some machines, so I also want to get super important messages from important@test.net. We can set up two xoauth2 enabled postfix relay instances on the same server to get the super important ones to be sent out of a totally separate account when emails are sent to another IP address. We'll use 169.254.1.13 for the second instance of postfix.

Let's Start!

After a working relay server is configured with 169.254.1.12, you can add on to it with postmulti. That way, an xoauth2 account can be specified as the relay account to be used based on the IP address the message is sent to.

To begin, tell the server that you want to use postmulti

$ postmulti -e init

This allows the following command to be ran, creating the directories for the next instance of postfix. A group can be specified for control of instances by group. If groups are not going to be used, put in a description word.

$ postmulti -I postfix-2 -G postfix_group_2 -e create config_directory=/etc/postfix-2 queue_directory=/var/spool/postfix-2 data_directory=/var/lib/postfix-2

This puts some configuration lines at the end of your current /etc/postfix/main.cf file. Some of the configuration lines that are automatically placed there might need to be modified.

Make your /etc/postfix-2/main.cf file modifications, follow the readme to make a relay setup like you did for the first instance of postfix, they'll be almost identical except for the new lines at the bottom.

Comment out these lines.

#master_service_disable = inet
#authorized_submit_users =

Add the interface lines.

inet_interfaces = 169.254.1.13

edit your original /etc/postfix/main.cf file

modify this line to make local mail go out of this relay by default, and also on the primary IP address.

inet_interfaces = localhost, 169.254.1.12

If everything looks OK, enable the new instance.

$ postmulti -i postfix-2 -e enable

And then start it.

$ postfix -c/etc/postfix-2 start

A note for chroot

If you have multiple instances of postmulti, check out this gist for dynamically managing postmulti instances, this script covers everything below.

DNS will not be able to resolve without a resolv.conf file located in /var/spool/post-whatever directory, It might be a good idea to check the contents of this file first.

$ cp /etc/resolv.conf /var/spool/postfix-2/etc/resolv.conf

It will also need some library files that will not be created automatically.

$ cp /var/spool/postfix/lib/x86_64-linux-gnu /var/spool/postfix-2/lib -r

If these are not copied to the new instance /var/spool directory, you'll get an error when it comes time to get a new token.

TokenStore::GetAccessToken: token expired. refreshing.
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: TokenStore::Refresh: attempt 1
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: TokenStore::Refresh: request: client_id=xxx-xxxxxxx.apps.googleusercontent.com&client_secret=xxxxx-xxxx&grant_type=refresh_token&refresh_token=xxxxxxxx
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: TokenStore::Refresh: http error: Could not resolve host: accounts.google.com
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: Client::DoStep: new state 0 and err -5
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: Client: destroyed

Troubleshooting

list postmulti instances and their status. $ postmulti -l

-               -                 y         /etc/postfix
postfix-2        postfix_group_2  y         /etc/postfix-2

Check Netstat to see if it's running $ netstat -tulpn

The output should contain both IP addresses.

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1782/apache2
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      707/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      793/sshd: /usr/sbin
tcp        0      0 169.254.1.12:25      0.0.0.0:*                  LISTEN      28618/master
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      28485/master
tcp        0      0 169.254.1.13:25      0.0.0.0:*                  LISTEN      28485/master
udp        0      0 127.0.0.53:53           0.0.0.0:*                           707/systemd-resolve

Checking Mail Queues

regular postfix instance queues can be checked with

postqueue -p

Additional instances can be checked with postmulti

postmulti -i postfix-2 -x postqueue -p

Postmulti queues can be cleared with postmulti -i postfix-2 -x postsuper -d ALL

Clone this wiki locally