Hi everyone,
I’m currently working on setting up an external Postfix relay to send emails from my Mailcow instance and forward incoming mails back to Mailcow. I would love to get your feedback and suggestions on my configuration. Here’s my setup:
Server01: mail.example.com (Mailcow Server)
- Mailcow-dockerized standard installation.
- Configured with my domain and mailboxes.
- Uses Sender-dependent transports in Routing to send mails through the Postfix relay.
Server02: mx1.example.com (Postfix Relay)
- Running a Postfix Docker image with DKIM keys for my domain, which are also imported into Mailcow. (port 25 open)
- Configured with a transport map to forward mails back to Mailcow: smtp:[mail.example.com]:25.
- The relay has Mailcow’s IP in its mynetworks whitelist, but it isn’t whitelisted in Mailcow to ensure spam filters are effective (not in forwarding hosts either).
DNS Settings:
MX Records: Pointing to my relay
SPF: v=spf1 ip4:relay-ip all
DKIM: DKIM keys (identical on both Mailcow and relay)
Mailcow can send and receive emails using my relay. However, I noticed that emails sent to the relay and forwarded back to my Mailcow instance and only when both the sender and recipient are mailboxes from my own domain in Mailcow, are not rejected as spoof attempts. To mitigate this, I created a Lua script that discards unauthenticated internal mails with a score of -100 in Rspamd.
Questions:
- Is this the correct approach for setting up an external Postfix relay with Mailcow?
- Are there any suggestions or best practices to improve this setup?
- Is there a better or official approach to achieve my goal? If so, could you please point me to the relevant documentation?
- Could my Mailcow instance potentially blacklist my relay if it detects too many or spam emails being forwarded through the relay to Mailcow (considering it’s not in the forwarding hosts or whitelisted)?
Thanks in advance!