UCS 5.0 mailserver

UCS - Univention Corporate Server
, ,
#1

So I am trying to get the mail server running on ec2, when I check the /etc/postfix setting there is no domain other than the initial intranet domain. I have created my mail domain under: Domain > mail on mail domain type under my.intranet:/mail/domain

Am I missing something on aws ec2 setup of the UCS 5.0 ami?
Is there some settings in /etc/postfix that are not working?
Are there any more in-depth instruction I can get?

thanks
Will

#2

IIRC, postfix pulls that from the ldap directory. This should be reflected in the postfix settings files as they should be generated from templates when settings change that would affect the postfix config.

#3

so I put a mail proxy in place instead of having UCS on ec2, using wireguard to create a connection between the proxy and main UCS instance.
Using ufw to pre routing.
/etc/ufw/before.rules

Port Forwarding

-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 25 -j DNAT --to-destination 10.10.10.2:25
-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 587 -j DNAT --to-destination 10.10.10.2:587
#-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 465 -j DNAT --to-destination 10.10.10.2:465
-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 143 -j DNAT --to-destination 10.10.10.2:143
-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 993 -j DNAT --to-destination 10.10.10.2:993
#-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 110 -j DNAT --to-destination 10.10.10.2:110
-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 995 -j DNAT --to-destination 10.10.10.2:995
#-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.2:80
#-A PREROUTING -i enp3s0 -d 12.34.56.78 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.2:443

now I can telnet to port 25 from with in my network and across my wireguard tunnel. but when I try to access it over the EIP of the Proxy host I get access denied now.

is there a firewall setting I need to change?

ref: Set Up Mail Proxy Server on Debian/Ubuntu/CentOS/RockyLinux

#4

NEVER MIND… so EC2 EIP was wrong, needed to use the private IP of the ec2 instance in my prerouting.
fixed

Mastodon