Skip to content

Setting up postmulti with multiple xoauth2 relays

Jump to bottom
Jamen edited this page Nov 2, 2020 · 17 revisions

Use Case:

Let's say that I have 4 gmail accounts. [email protected], [email protected], [email protected] and [email protected]

My relay server is configured with an IP of 169.254.1.12.

I want all mail sent from my organization to be sent through my relay as [email protected] no matter who it's actually sent by. But, there are some critical services running on some machines, so I also want to get super important messages from [email protected], we can set up two xoauth2 enabled postfix relay instances to get the super important ones to be sent out of a totally separate account when emails are sent to 169.254.1.13.

Let's Start!

After a working relay server is configured with 169.254.1.12, you can add on to it with postmulti, that way an xoauth2 account can be specified as a relay account based on the IP address the message is sent to.

To begin, tell the server that you want to use postmulti

$postmulti -e init

this allows the following command to be ran, creating the directories for the next instance of postfix. A group can be specified for control of instances by group, if it's not used then put in a description word.

$postmulti -I postfix-2 -G postfix_group_2 -e create config_directory=/etc/postfix-2 queue_directory=/var/spool/postfix-2 data_directory=/var/lib/postfix-2

This puts some configuration lines at the end of your current postfix/main.cf file. some of the configuration lines that are automatically placed there need to be modified.

Comment out these lines.

#master_service_disable = inet
#authorized_submit_users =

Add the interface lines.

inet_interfaces = 169.254.1.13

Make your /etc/postfix-2/main.cf file modifications, follow the readme to make a relay setup like you did for the first instance of postfix, they'll be almost identical except for the new lines at the bottom.

edit your original /etc/postfix/main.cf file

modify this line to make local mail go out of this relay by default, and also on the primary ip address.

inet_interfaces = localhost, 169.254.1.12

If everything looks OK, enable the new instance.

postmulti -i postfix-2 -e enable

And then start it.

postfix -c/etc/postfix-2 start

A note for chroot

DNS will not be able to resolve without a resolv.conf file located in /var/spool

cp /etc/resolv.conf /var/spool/postfix-2/etc/resolv.conf

It will also need some library files that will not be created automatically.

cp /var/spool/postfix/lib/x86_64-linux-gnu /var/spool/postfix-munis/lib -r

If these are not copied to the new instance /var/spool directory, you'll get an error when it comes time to get a new

TokenStore::GetAccessToken: token expired. refreshing.
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: TokenStore::Refresh: attempt 1
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: TokenStore::Refresh: request: client_id=xxx-xxxxxxx.apps.googleusercontent.com&client_secret=xxxxx-xxxx&grant_type=refresh_token&refresh_token=xxxxxxxx
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: TokenStore::Refresh: http error: Could not resolve host: accounts.google.com
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: Client::DoStep: new state 0 and err -5
Nov  2 15:23:39 relay sasl-xoauth2:   2020-11-02 15:23:39: Client: destroyed

Troubleshooting

list postmulti instances and their status. postmulti -l

Check Netstat to see if it's running netstat -tulpn

Clone this wiki locally