How to override an MX value for a particular domain only?

> Hi,
>
> I'm running postfix on an internal network with an internal DNS.  My
> internal DNS is configured for my particular domain (ie:  
> mydomain.com).  I
> have an MX pointer that points to my postfix machine so any email  
> being
> generated for mydomain.com from the internal network ends up at the  
> postfix
> machine.  All that setup works fine.
>
> My problem is the following.  The email received by Postfix for mydomain.com
> actually needs to be resent out into the internet destined for the  
> actual
> mydomain.com email server located in a geographically different  
> location.
> At the moment, Postfix will do an MX query for mydomain.com, realize  
> that it
> is itself, and understandably not forward the email to the appropriate
> place.
>
> How can I instruct Postfix on that server to ignore the MX record  
> being
> served by the internal DNS and actually query an external DNS server  
> for the
> MX pointer instead?  I looked through the main.cf config file, but  
> can't
> seem to find anything.  Can I configure Postfix to use a different DNS
> server as opposed to the internal one specified by my resolve.conf  
> file?
>
> Any help or suggestions would be appreciated.

>> How can I instruct Postfix on that server to ignore the MX record being
>> served by the internal DNS and actually query an external DNS server
>> for the
>> MX pointer instead?  I looked through the main.cf config file, but can't
>> seem to find anything.  Can I configure Postfix to use a different DNS
>> server as opposed to the internal one specified by my resolve.conf file?
>>
>> Any help or suggestions would be appreciated.
>
> http://www.postfix.org/postconf.5.html#transport_maps
>
> mydomain.com smtp:[realmx.mydomain.com]

> Martijn de Munnik wrote:
>>
>> On Nov 4, 2009, at 10:52 PM, Eric B. wrote:
>
>>> How can I instruct Postfix on that server to ignore the MX record being
>>> served by the internal DNS and actually query an external DNS server for
>>> the
>>> MX pointer instead?  I looked through the main.cf config file, but can't
>>> seem to find anything.  Can I configure Postfix to use a different DNS
>>> server as opposed to the internal one specified by my resolve.conf file?
>>>
>>> Any help or suggestions would be appreciated.
>>
>> http://www.postfix.org/postconf.5.html#transport_maps
>>
>> mydomain.com smtp:[realmx.mydomain.com]
>
> Martijn's above suggestion will reliably send mail for mydomain.com to
> realmx.mydomain.com, which is what you may want to do.
>
> Note: It does *not* query any DNS server for an MX record for
> mydomain.com, though. You would need to adapt it manually in case the
> external MX pointer is changed.

> Eric B. wrote:
> >
> > Is there no way to direct Postfix to a different DNS server (as opposed to
> > the ones specified in resolve.conf) either for a particular domain, or for
> > all domains altogether?
> >
>
> No, that's outside of the purview of Postfix. You could probably do
> something with BIND views though.
>
> ~Seth
>

>>>
>>> mydomain.com smtp:[realmx.mydomain.com]
>> Martijn's above suggestion will reliably send mail for mydomain.com to
>> realmx.mydomain.com, which is what you may want to do.
>>
>> Note: It does *not* query any DNS server for an MX record for
>> mydomain.com, though. You would need to adapt it manually in case the
>> external MX pointer is changed.
>
> This is definitely helpful information; thanks.  I'll take a look into that
> ASAP.  My only concern with this setup, of course, is that it requires me to
> manually update the MX for the domain if ever it changes.

> Eric B. wrote:
>>
>> Is there no way to direct Postfix to a different DNS server (as opposed
>> to
>> the ones specified in resolve.conf) either for a particular domain, or
>> for
>> all domains altogether?
>>
>
> No, that's outside of the purview of Postfix. You could probably do
> something with BIND views though.

> On Wed, Nov 04, 2009 at 03:26:07PM -0800, Seth Mattinen wrote:
>> Eric B. wrote:
>> >
>> > Is there no way to direct Postfix to a different DNS server (as opposed
>> > to
>> > the ones specified in resolve.conf) either for a particular domain, or
>> > for
>> > all domains altogether?
>> >
>>
>> No, that's outside of the purview of Postfix. You could probably do
>> something with BIND views though.
>>
>> ~Seth
>>
> You could also use a cronjob to check for a change and then update
> the configuration based on that change. Why can't you update resolve.conf?

> On Wed, Nov 04, 2009 at 06:16:56PM -0500, Eric B. wrote:
>
>> Is there no way to direct Postfix to a different DNS server (as opposed
>> to
>> the ones specified in resolve.conf) either for a particular domain, or
>> for
>> all domains altogether?
>
> If you chroot-jail the smtp(8) delivery agent, it will use the resolv.conf
> file in the chroot jail. This is ugly, you are probably solving the
> wrong problem.

> "Victor Duchovni"<Victor.Duchovni@...>  wrote in message
> news:20091104232940.GI27037@......
>> On Wed, Nov 04, 2009 at 06:16:56PM -0500, Eric B. wrote:
>>
>>> Is there no way to direct Postfix to a different DNS server (as opposed
>>> to
>>> the ones specified in resolve.conf) either for a particular domain, or
>>> for
>>> all domains altogether?
>>
>> If you chroot-jail the smtp(8) delivery agent, it will use the resolv.conf
>> file in the chroot jail. This is ugly, you are probably solving the
>> wrong problem.
>
> Interesting thought.  I agree that this is somewhat ugly, but might be
> something worth investigating...
>
> Thanks for the tip.
>
> Eric
>
>
>

> "Victor Duchovni" <Victor.Duchovni@...> wrote in message
> news:20091104232940.GI27037@......
>> On Wed, Nov 04, 2009 at 06:16:56PM -0500, Eric B. wrote:
>>
>>> Is there no way to direct Postfix to a different DNS server (as opposed
>>> to
>>> the ones specified in resolve.conf) either for a particular domain, or
>>> for
>>> all domains altogether?
>>
>> If you chroot-jail the smtp(8) delivery agent, it will use the
>> resolv.conf
>> file in the chroot jail. This is ugly, you are probably solving the
>> wrong problem.
>
> Interesting thought.  I agree that this is somewhat ugly, but might be
> something worth investigating...

> "Eric B." <ebenze@...> wrote in message
> news:hcupsk$b8a$3@......
>> "Victor Duchovni" <Victor.Duchovni@...> wrote in  
>> message
>> news:20091104232940.GI27037@......
>>> On Wed, Nov 04, 2009 at 06:16:56PM -0500, Eric B. wrote:
>>>
>>>> Is there no way to direct Postfix to a different DNS server (as  
>>>> opposed
>>>> to
>>>> the ones specified in resolve.conf) either for a particular  
>>>> domain, or
>>>> for
>>>> all domains altogether?
>>>
>>> If you chroot-jail the smtp(8) delivery agent, it will use the
>>> resolv.conf
>>> file in the chroot jail. This is ugly, you are probably solving the
>>> wrong problem.
>>
>> Interesting thought.  I agree that this is somewhat ugly, but might  
>> be
>> something worth investigating...
>
> Ok - now I am very confused.  I tried setting up Postfix in a chroot  
> jail,
> and specified a different set of nameservers in
> /var/spool/postfix/etc/resolv.conf.  However, it seems as though  
> Postfix
> continues to use the name servers specified in /etc/resolv.conf and  
> not the
> ones in the chroot jail.
>
> I have gone so far as to create an empty /var/spool/.../resolv.conf  
> with no
> nameservers specified, and yet postfix is still able to deliver the  
> email
> (to the wrong server).  I would have expected that leaving the  
> nameservers
> blank would have caused Postfix to choke, and yet it still connects.
>
> I definitley have chroot set to Y in my master.cf file, and have  
> done a
> postfix restart.  I do get a warning on restart that
> postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf  
> and
> /etc/resolv.conf differ
>
> Or does the fact that they differ cause the chroot to fail, and the  
> process
> ends up running in regular mode instead?
>
> I have gone as far as deleting the /var/spool/postfix/lib and lib64
> directories, and postfix still starts without any error messages.  
> And when
> I try to mail something, it still manages to send the mail.  So that  
> gives
> me confirmation that the chroot isn't working properly.
>
> Apart from setting chroot to y in master.cf, is there anything else  
> I have
> to do to enable it properly?
>
> Thanks,

> On Nov 5, 2009, at 15:52, Eric B. wrote:
>> "Eric B." <ebenze@...> wrote in message
>> news:hcupsk$b8a$3@......
>>> "Victor Duchovni" <Victor.Duchovni@...> wrote in  message
>>> news:20091104232940.GI27037@......
>>>> On Wed, Nov 04, 2009 at 06:16:56PM -0500, Eric B. wrote:
>>>>
>>>>> Is there no way to direct Postfix to a different DNS server (as
>>>>> opposed
>>>>> to
>>>>> the ones specified in resolve.conf) either for a particular  domain,
>>>>> or
>>>>> for
>>>>> all domains altogether?
>>>>
>>>> If you chroot-jail the smtp(8) delivery agent, it will use the
>>>> resolv.conf
>>>> file in the chroot jail. This is ugly, you are probably solving the
>>>> wrong problem.
>>>
>>> Interesting thought.  I agree that this is somewhat ugly, but might  be
>>> something worth investigating...
>>
>> Ok - now I am very confused.  I tried setting up Postfix in a chroot
>> jail,
>> and specified a different set of nameservers in
>> /var/spool/postfix/etc/resolv.conf.  However, it seems as though  Postfix
>> continues to use the name servers specified in /etc/resolv.conf and  not
>> the
>> ones in the chroot jail.
>>
>> I have gone so far as to create an empty /var/spool/.../resolv.conf  with
>> no
>> nameservers specified, and yet postfix is still able to deliver the
>> email
>> (to the wrong server).  I would have expected that leaving the
>> nameservers
>> blank would have caused Postfix to choke, and yet it still connects.
>>
>> I definitley have chroot set to Y in my master.cf file, and have  done a
>> postfix restart.  I do get a warning on restart that
>> postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf  and
>> /etc/resolv.conf differ
>>
>> Or does the fact that they differ cause the chroot to fail, and the
>> process
>> ends up running in regular mode instead?
>>
>> I have gone as far as deleting the /var/spool/postfix/lib and lib64
>> directories, and postfix still starts without any error messages.   And
>> when
>> I try to mail something, it still manages to send the mail.  So that
>> gives
>> me confirmation that the chroot isn't working properly.
>>
>> Apart from setting chroot to y in master.cf, is there anything else  I
>> have
>> to do to enable it properly?
>>
>> Thanks,
>
> Eric,
>
> Getting back to your original goal, my understanding is that the  original
> goal is to override the DNS "A" record for a single host,  yes?  If so,
> that is a perfect use for /etc/hosts.  Give that method a  try.

> "Daniel L'Hommedieu" <dlhommedieu@...> wrote in message
> news:670A051C-1871-4E2E-82D8-187324EF11BB@......
>> On Nov 5, 2009, at 15:52, Eric B. wrote:
>>> "Eric B." <ebenze@...> wrote in message
>>> news:hcupsk$b8a$3@......
>>>> "Victor Duchovni" <Victor.Duchovni@...> wrote in  
>>>> message
>>>> news:20091104232940.GI27037@......
>>>>> On Wed, Nov 04, 2009 at 06:16:56PM -0500, Eric B. wrote:
>>>>>
>>>>>> Is there no way to direct Postfix to a different DNS server (as
>>>>>> opposed
>>>>>> to
>>>>>> the ones specified in resolve.conf) either for a particular  
>>>>>> domain,
>>>>>> or
>>>>>> for
>>>>>> all domains altogether?
>>>>>
>>>>> If you chroot-jail the smtp(8) delivery agent, it will use the
>>>>> resolv.conf
>>>>> file in the chroot jail. This is ugly, you are probably solving  
>>>>> the
>>>>> wrong problem.
>>>>
>>>> Interesting thought.  I agree that this is somewhat ugly, but  
>>>> might  be
>>>> something worth investigating...
>>>
>>> Ok - now I am very confused.  I tried setting up Postfix in a chroot
>>> jail,
>>> and specified a different set of nameservers in
>>> /var/spool/postfix/etc/resolv.conf.  However, it seems as though  
>>> Postfix
>>> continues to use the name servers specified in /etc/resolv.conf  
>>> and  not
>>> the
>>> ones in the chroot jail.
>>>
>>> I have gone so far as to create an empty /var/spool/.../
>>> resolv.conf  with
>>> no
>>> nameservers specified, and yet postfix is still able to deliver the
>>> email
>>> (to the wrong server).  I would have expected that leaving the
>>> nameservers
>>> blank would have caused Postfix to choke, and yet it still connects.
>>>
>>> I definitley have chroot set to Y in my master.cf file, and have  
>>> done a
>>> postfix restart.  I do get a warning on restart that
>>> postfix/postfix-script: warning: /var/spool/postfix/etc/
>>> resolv.conf  and
>>> /etc/resolv.conf differ
>>>
>>> Or does the fact that they differ cause the chroot to fail, and the
>>> process
>>> ends up running in regular mode instead?
>>>
>>> I have gone as far as deleting the /var/spool/postfix/lib and lib64
>>> directories, and postfix still starts without any error  
>>> messages.   And
>>> when
>>> I try to mail something, it still manages to send the mail.  So that
>>> gives
>>> me confirmation that the chroot isn't working properly.
>>>
>>> Apart from setting chroot to y in master.cf, is there anything  
>>> else  I
>>> have
>>> to do to enable it properly?
>>>
>>> Thanks,
>>
>> Eric,
>>
>> Getting back to your original goal, my understanding is that the  
>> original
>> goal is to override the DNS "A" record for a single host,  yes?  If  
>> so,
>> that is a perfect use for /etc/hosts.  Give that method a  try.
>
> Actually, it isn't for the "A" record; it is for the MX record(s).  
> And
> unfortunately, I know of no way of using the hosts file to override MX
> records for a particular domain.
>
> Thanks,
>
> Eric