Our internal network connects to the big wide world using one of two or three ISPs (internet service providers). For most of the time only one of the ISPs is used but if their service becomes unavailable for any reason then it is necessary to switch to another ISP. However the mail server of each ISP will only accept mail from computers connected to the same network so when switching from one ISP to another it is necessary to change our internal email configuration to refer to the server of whichever ISP is being used at that moment. Making such a change on every internal computer for every mail account is tedious and error prone.
The solution was simply to create an internal mail server for outgoing mail and refer all the internal machines to that. Whenever a different ISP is used it is only necessary to alter the configuration of the single internal mail server.
This article describes the simple changes needed.
The first thing to do was to define a computer as the internal mail server and give it a name — we chose “mailserver.local” — on our internal name server. Configuring a name server is outside the scope of this short article so that part of the operation will not be described in detail.
The computer chosen to act as outgoing mail server was equipped with a fairly standard SuSE Linux 9.2 installation. By default SuSE Linux 9.2 installs the postfix program as the mail server. The machine was given a static IP address, 192.168.0.34.
The postfix program has several configuration files all stored in /etc/postfix but only one file /etc/postfix/main.cf was modified and within that file only three parameters had to be changed. These parameters were “mynetworks”, “inet_interfaces” and “relayhost”.
For some reason, presumably simplicity, the SuSE YaST configuration tool makes its modifications to this file in one block at the end of the file. Consequently before modifying any parameter in the body of the file you will need to see if there YaST has already made its own definition for that parameter towards the end of the file. In our case the mynetworks parameter was changed in the body of the file and the other two parameters were changed within YaST's collection of alterations near the end of the file.
The mynetworks parameter tells postfix where it is allowed to accept mail from. If you have defined your internal network to use the 192.168.x.y set of IP numbers then you will probably want to set this parameter to something similar to the following:
mynetworks = 192.168.0.0/16, 127.0.0.0/8
The above line gives Postfix permission to receive mail that is passing around within its host machine and to receive mail from any machine on the 192.168 subnet.
The inet_interfaces parameter tells the postfix program which interfaces it should listen to and accept mail via. You should change this line to look like one of the following. If you choose to specify the IP addresses of the interfaces then make sure you use the correct IP address for YOUR machine!
inet_interfaces = 192.168.0.34, 127.0.0.1 ::1
inet_interfaces = all
The relayhost parameter tells the postfix program where it should send mail that it cannot deliver by itself. In our case we needed this line to refer to the mail server for our Internet service provider (ISP) and, when we change ISP this is the only configuration option on our entire internal network that will need to be altered. Note that the square brackets around the name are important
relayhost = [smtp.Name_Of_ISP.co.uk]
These were the only changes made to the postfix configuration; in all other respects the configuration was left exactly as SuSE Linux 9.2 had originally arranged it. Once these three simple changes had been made the /etc/postfix/main.cf file it was time to restart the postfix program which was done using the command rcpostfix restart.
The next stage was to use the YaST program to modify the fire wall rules for the mail server computer. Using the YaST configuration tool, the firewall was instructed to accept inbound packets destined for port 25.
Our network also has a firewall between the ISP and our internal network. On this machine port 25 was left closed because we do not want anybody from outside the organization to be able to connect directly to our internal mail server.
Finally it was necessary to modify all of the email account details on all of the client machines; where the email programs had previously referred to smtp.Name_Of_ISP.co.uk, they were updated to refer to mailserver.local instead. This part of the exercise was simple but tedious.
With al of the above modifications made, all mail being sent from computers on our internal network was sent first to our internal mail server and forwarded from there to the ISP's mail server for onward distribution. When we need to connect using a different ISP for any reason it will only be necessary to change one line in the /etc/postfix/main.cf file and then restart the postfix program.