SMTP Connection Forwarding to Various Ports

SMTP Connection Forwarding to Various Ports
SMTP Connection Forwarding to Various Ports
Mia Chevalier
Saturday, June 1, 2024 at 8:16:00 AM

Understanding SMTP Port Forwarding:

It can be difficult to forward SMTP connections for distinct domains to separate internal ports on the same mail server, particularly when port 25 is required for both mail servers. A mechanism for rerouting inbound SMTP traffic to the relevant internal port based on the domain is needed for this arrangement.

We go over the tools that can help with this process and how to accomplish this configuration in this guide. The idea is to handle your SMTP connections efficiently and without port conflicts, regardless of whether you are using Nginx, HAProxy, or other solutions.

Command Description
upstream Specifies a load-balancing group of backend servers in Nginx.
proxy_pass Indicates, in Nginx, which backend server the request should be directed to.
acl Defines a conditional routing access control list in HAProxy.
hdr(host) Verifies that the HTTP host header in HAProxy corresponds to a particular domain.
use_backend Uses HAProxy to route traffic to a designated backend under certain situations.
transport_maps Designates a mapping file for Postfix's domain-specific transport settings.
postmap Creates a binary hash map file for Postfix based on a plain text file.

A Comprehensive Guide to SMTP Forwarding Solutions

The scripts in the aforementioned examples show how to use Nginx, HAProxy, and Postfix to reroute SMTP connections for various domains to particular internal ports. The upstream directive in Nginx is used in the initial script to specify the backend servers for every domain. Next, based on the domain name, the proxy_pass directive indicates which backend server to send the connection to. This enables the redirection of inbound SMTP traffic on port 25 to distinct internal ports for every domain.

HAProxy is used in the second script to get comparable features. Using the hdr(host) command, the acl command generates an access control list that corresponds to the incoming domain. The use_backend command routes traffic to the correct backend server based on the domain. The third script sets up Postfix to use a transport map file, which is specified by the transport_maps option. Every domain is mapped to a unique internal port by this file, and the postmap command assembles the transport map into a Postfix-compatible structure. With the help of these solutions, SMTP traffic is directed appropriately and without port conflicts to the intended mail server.

SMTP Connection Redirections Based on Domain

Using Stream Module with Nginx

stream {
    upstream mail_backend_abc {
        server 127.0.0.1:26;
    }
    upstream mail_backend_xyz {
        server 127.0.0.1:27;
    }
    server {
        listen 25;
        proxy_pass mail_backend_abc;
        server_name abc.com;
    }
    server {
        listen 25;
        proxy_pass mail_backend_xyz;
        server_name xyz.com;
    }
}

Setting up SMTP Port Forwarding with HAProxy

Using HAProxy Configuration

frontend smtp_frontend
    bind *:25
    acl host_abc hdr(host) -i abc.com
    acl host_xyz hdr(host) -i xyz.com
    use_backend smtp_backend_abc if host_abc
    use_backend smtp_backend_xyz if host_xyz

backend smtp_backend_abc
    server smtp_abc 127.0.0.1:26

backend smtp_backend_xyz
    server smtp_xyz 127.0.0.1:27

SMTP Forwarding Management Using Postfix Transport Maps

Postfix Configuration

/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport:
abc.com smtp:[127.0.0.1]:26
xyz.com smtp:[127.0.0.1]:27

Run the following command to update the transport map:
postmap /etc/postfix/transport
Restart Postfix:
systemctl restart postfix

More Complex SMTP Port Forwarding Methods

When forwarding SMTP connections, using SSL/TLS to secure email communication is an additional vital factor to take into consideration. An extra degree of security is added by ensuring that data is encrypted during transmission between the client and the server through the use of SSL/TLS. The SSL module in Nginx or stunnel can be used to manage encrypted SMTP connections. With the right configuration, you may accomplish the required port forwarding while preserving security by decrypting the incoming connection and forwarding it to the relevant internal port.

Furthermore, logging and monitoring are necessary to keep an email server configuration safe and dependable. Monitoring log files and banning IP addresses that exhibit malicious behavior, such as repeatedly trying unsuccessfully to log in, can be done with tools like Fail2Ban. When these security precautions are combined with the port forwarding options previously covered, a reliable and secure email infrastructure that can effectively manage several domains on a single server is ensured.

Frequently Asked Questions about SMTP Port Forwarding

  1. On a single server, how can I forward SMTP connections for several domains?
  2. To redirect SMTP connections to different internal ports dependent on the domain, you can use tools like Nginx with the stream module, HAProxy, or Postfix with the transport maps.
  3. Can encrypted SMTP connections be handled by Nginx?
  4. Using the SSL module to decrypt the incoming connection and then route it to the proper backend server, Nginx can handle encrypted SMTP connections.
  5. What function does Nginx's upstream directive serve?
  6. In Nginx, a set of backend servers is defined using the upstream directive, which gives you control over the traffic forwarding destination.
  7. What is the Nginx implementation of the proxy_pass directive?
  8. Based on parameters like the domain name, the proxy_pass directive indicates which backend server the request should be directed to.
  9. What is the purpose of HAProxy's acl command?
  10. In HAProxy, the acl command generates an access control list that matches particular criteria, like domain names, to determine routing choices.
  11. What is the Postfix implementation of the transport_maps parameter?
  12. Postfix's transport_maps parameter defines a mapping file that controls the mail routing for various domains to particular internal ports.
  13. In Postfix, which command is used to compile the transport map file?
  14. The transport map file is compiled into a binary format that Postfix may use using the postmap command.
  15. Why are SMTP servers interested in monitoring?
  16. In order to identify and stop harmful activity, guarantee the email server's dependability, and preserve security using techniques like Fail2Ban, monitoring is essential.

Conclusions Regarding SMTP Forwarding:

It is possible to forward SMTP connections for many domains to different internal ports on the same server by using Nginx, HAProxy, and Postfix. By avoiding port conflicts and enabling effective traffic management, these techniques guarantee the seamless functioning of several mail servers. Furthermore, adding monitoring capabilities and security measures improves the server's dependability and security. Administrators may efficiently scale and maintain their mail server infrastructure by adhering to these rules.