Configuring postfix on Mountain Lion Server

We need to capture and archive email and to have email sync across multiple devices. Do iMap is preferable than POP. We have POP disabled.

We have email account set up for each individual on the server. Mail gets sent with a "reply to" for the external email address which is tied to Google Apps. The MX record for the "reply to" is Google's email server. When the email hits Google's server, it is forwarded (minus all the spam) to the user's internal server email account, archived on that server, Users can use their iPad, iPhone, Android or whatever with iMap to retrieve, delete, send and all the emails are synced on all the devices.

My post was to figure out how to get postfix to accept the incoming email that Google sends to our server. It was trivial with Snow Leopard Server. Mountain Lion Server is a pain to deal with using the SERVER gui.

I'm not looking for alternative ways to handle our email. Just advice on how to configure postfix to accept incoming email only from google and block all other email senders.

MrHoffman, thank you for your response to my challenge to get the new test server working. This is a migration from Snow Leopard Server to Mountain Lion Server.

Here is the "checkhostname" test results:

blue:~ admin$ sudo changeip -checkhostname

Password:

Primary address = 96.231.165.211

Current HostName = blue.pderby.com

DNS HostName = blue.pderby.com

The names match. There is nothing to change.

dirserv:success = "success"

blue:~ admin$

Here is the response from postconf -n

blue:~ admin$ postconf -n

biff = no

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

dovecot_destination_recipient_limit = 1

html_directory = /usr/share/doc/postfix/html

imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

inet_interfaces = loopback-only

inet_protocols = all

mail_owner = _postfix

mailbox_size_limit = 0

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

message_size_limit = 10485760

mydomain_fallback = localhost

newaliases_path = /usr/bin/newaliases

queue_directory = /Library/Server/Mail/Data/spool

readme_directory = /usr/share/doc/postfix

recipient_delimiter = +

sample_directory = /usr/share/doc/postfix/examples

sendmail_path = /usr/sbin/sendmail

setgid_group = _postdrop

smtpd_tls_ciphers = medium

smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

use_sacl_cache = yes

blue:~ admin$

I agree that I should change the LAN domain from .local to something like .internal or whatever. I've been running with .local for 5 years on snow leopard server and never had any problems so that was a low priority.

I hope I'm just not seeing some obvious setting in main.cf

I think I know what the problem might be. In SYSTEM PREFERENCES / NETWORK the network connections are listed in service order.

On the Snow Leopard Server the network service order was ETHERNET followed by VLAN2, a configuration that works.

On the Mountain Lion Server the network service order was VLAN2 followed by ETHERNET, a configuration that accepts local email but not email from the WAN.

When I installed Mountain Lion Server I didn't pay any attention to the order of the services.

When MrHoffman suggested I run CHECKHOSTNAME that was a clue. Even though the names matched, the names should have been the LAN IP address and the LAN name, not the WAN address and name.

So I moved the service order with ETHERNET at the top and vlan2 second using the "set service order" under the gear icon in PREFERENCES NETWORK

With that change, the SERVER app reported that the host name had changed.

That explains why the only entry I would see in the POSTFIX log was "CISCO" the DNS name of my router. The connection should have been coming directly to the Mac Mini through its IP address instead of being routed through the LAN's CISCO router.

So now email traffic seems to be flowing into the machine just fine. Now the problem I'm facing is redoing open directory so the mail can get to the user. With the change in the primary hostname and IP address all the pointers in open directory are messed up. The Server APP has a workflow to correct this problem for the ETHERNET side of the network, but isn't aware of the VLAN network service.

I just spent the better part of this week trying to debug a POSTFIX config file that was just fine.

I agree. We don't run the Mountain Lion server email and web server box as a router. The two network connections give access from either the WAN or the LAN for those with access credentials, but the box doesn't route and NAT is not enabled. The only services available to the outside are those that are intended on a handful of ports.

We do routing with CISCO routers running IOS that support VPNs and take care of NAT

Thanks for you help.