Postfix Multi Instance - Test connect to secondary instance from external Email xlient to send emails

Question

Problem: I'm trying to achieve sending and receiving Emails through the same server over domains email.domain1.us and email.domain2.net with authenticated users and being able to receive email as well.

I have domain1.us and domain2.net, both are hosted on same the server with independent Public IPs 100.100.100.1 and 200.200.200.2, IP 100.100.100.1 resolves domain1.us and IP 200.200.200.2 resolves domain2.net through A DNS Records. For the email subdomains in addition to what was previously stated now IP 100.100.100.1 also resolves email.domain1.us and IP 200.200.200.2 email.domain2.net through A DNS Records and also have MX DNS Records.

I'm running Ubuntu 16.04.5 LTS, I installed postfix and successfully set up email.domain1.us to receive and distribute emails according to my virtual hash file and to send emails only from authenticated users over secure connections using SSL on standard port 465. SPF, DMARC, DKIM settings and record all good and PASS authentication (according to GOOGLE when I send tests to my GMAIL account)

I'm running Ubuntu 16.04.5 LTS

netstat -ltn shows

Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN
tcp        0      0 100.100.100.1:587       0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:465           0.0.0.0:*               LISTEN
tcp        0      0 100.100.100.1:465       0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 100.100.100.1:25        0.0.0.0:*               LISTEN

Then I set up a secondary postfix instance using postmulti, pretty straight forward:

postmulti -e init
postmulti -I postfix-2 -e create

Changed or made sure the following were on my main postfix main.cf file

nano /etc/postfix/main.cf

inet_interfaces = localhost, 100.100.100.1                       # This was changed from inet_interfaces = all
myhostname = mail.domain1.us                                     # just making sure to have different names on each
multi_instance_wrapper = ${command_directory}/postmulti -p --    # These were added
multi_instance_enable = yes                                      # by the postmulti command init
multi_instance_directories = /etc/postfix-2                      # This one was added by postmulti enable command

Then I backed up both main.cf and master.cf of the secondary postfix instance and copied the main postfix instance ones:

cp /etc/postfix/main.cf etc/postfix-2/main.cf cp /etc/postfix/master.cf etc/postfix-2/master.cf

and edited the parameters to make it is independent and that necessary lines for multi instance are present

nano etc/postfix-2/main.cf

inet_interfaces = localhost, 200.200.200.2                       # This was changed from inet_interfaces = all
myhostname = mail.domain2.net                                    # Just making sure to have different names on each
virtual_alias_maps = hash:/etc/postfix-2/virtual                 # Want to have different users/inboxes
inet_protocols = ipv4                                            # Some of these were added 
master_service_disable = inet                                    # by the enable and/or init commad
authorized_submit_users =                                        # others were added by me after 
queue_directory = /var/spool/postfix-2                           # reading how to do it better
data_directory = /var/lib/postfix-2
multi_instance_name = postfix-2
multi_instance_enable = yes

Then did the following changes on master.cf of the secondary Postfix Instance to have separated ports

nano /etc/postfix-2/master.cf

# smtp  inet  n  -  y  -   -  smtpd -o smtpd_sasl_auth_enable=yes    # Commented this line out
10025   inet  n  -  n  -   -  smtpd -o smtpd_sasl_auth_enable=yes    # Added this line
.
.
.
#smtps  inet  n  -  y  -   -  smtpd                                  # Commented this line out
10465   inet  n  -  y  -   -  smtpd                                  # Added this line

Finally created the virtual hash file for the secondary Postfix Instance used postmap and enabled the instance

postmulti -i postfix-2 -e enable

restarted postfix

service postfix restart

and checked status of the instance

postmulti -i postfix-2 -p status
postfix-2/postfix-script: the Postfix mail system is running: PID: 28004

Got this far on my own looking up forums and questions but this is where I get stuck, I have looked extensively on how to test the secondary instance and I can't find how to, I don't see ports 10025 and 10465 when I try netstat -ltn and of course when I try to test the SMTP for mail.domain2.net somewhere like smtper.net/ I get the following error:

SMTP send error
Failure sending mail.
No connection could be made because the target machine actively refused it. [::ffff:104.168.34.235]:25

Everything works perfectly for the email.domain1.us even after all this changes and secondary Postfix Image setup but can't get it to work for email.domain2.net.

Answer 1

I encountered the same problem when setting up multiple instances of Postfix. Secondary instances have TCP disabled by default. To enable it, edit /etc/postfix-2/main.cf:

master_service_disable = 
inet_interfaces = loopback-only

Explicitly set master_service_disable to be empty to enable TCP. Set inet_interfaces to the IPs you wish to listen on (or loopback-only if you prefer).

Answer 2

For some reason systemctl restart postfix wasn't restarting the secondary instance on my machine (Ubuntu 20.04 in an LXC container on Proxmox 6.4), so it wasn't picking up any of the configuration changes, including setting the new listening address in master.cf

A reboot cleared this issue, and subsequent systemctl restart postfix actions are restarting both the primary and secondary instances.