70d742df08
Adds 3 hc submission ports (2526/2527/2528) in the single Postfix instance,
each content_filter'd onto a dedicated hc transport (hcout1/2/3) binding the
hc IPs .107/.108/.109 with hc HELO identity (hcmta01-03) and hotter concurrency.
listmonk-hc round-robins the 3 ports.
Discovered + documented the constraint that drove this shape: transport_maps
randmap is owned by the shared trivial-rewrite(8) and is global, so neither a
per-smtpd -o transport_maps nor a FILTER randmap:{...} can scope a separate IP
pool (FILTER parses randmap as a literal transport). content_filter=hcoutN:
(empty nexthop) overrides transport_maps and keeps the real recipient domain.
Verified end-to-end on the server: :2527 -> hcout2 (.108) -> real gmail MX;
trucking transport_maps (.94-.96) untouched. Idempotent, postfix-check gated
with auto-rollback.
109 lines
4.7 KiB
Bash
109 lines
4.7 KiB
Bash
#!/bin/bash
|
|
# Healthcare HOT-stream Postfix setup (dual-stream design).
|
|
#
|
|
# Goal: inject the healthcare campaign on a path that egresses ONLY from the
|
|
# dedicated hc sending IPs (.107/.108/.109 with hc HELO identity), completely
|
|
# separate from the trucking rotation pool (.94-.96), in a SINGLE Postfix
|
|
# instance.
|
|
#
|
|
# Why this shape: source-IP round-robin inside one Postfix instance normally
|
|
# comes from `transport_maps = randmap:{...}`, but that is owned by the shared
|
|
# trivial-rewrite(8) daemon and is GLOBAL -- a per-smtpd `-o transport_maps`
|
|
# does not override it, and a `FILTER randmap:{...}` action is parsed as a
|
|
# literal transport (verified: "connect to transport private/randmap: not
|
|
# found"). FILTER only accepts a real transport:nexthop.
|
|
#
|
|
# So we pin ONE hc IP per submission port and let listmonk-hc round-robin across
|
|
# the three ports (Listmonk natively round-robins its configured SMTP servers):
|
|
#
|
|
# listmonk-hc SMTP server 1 -> :2526 --content_filter--> hcout1 (.107, hcmta01)
|
|
# listmonk-hc SMTP server 2 -> :2527 --content_filter--> hcout2 (.108, hcmta02)
|
|
# listmonk-hc SMTP server 3 -> :2528 --content_filter--> hcout3 (.109, hcmta03)
|
|
#
|
|
# `content_filter=hcoutN:` (empty nexthop) re-injects via the hc transport but
|
|
# keeps the ORIGINAL recipient domain, so it delivers to the real recipient MX
|
|
# from the bound hc IP. content_filter overrides the global transport_maps, so
|
|
# hc mail never touches the trucking pool. The trucking smtp:25 path is left
|
|
# completely untouched.
|
|
#
|
|
# Verified end-to-end on the app server: a msg injected on :2527 egressed via
|
|
# hcout2 (bind .108, helo hcmta02) and connected to the real gmail-smtp-in MX;
|
|
# the trucking transport_maps (randmap:{out05,out06,out07} = .94-.96) was
|
|
# unchanged.
|
|
#
|
|
# Idempotent + gated by `postfix check` with auto-rollback (mirrors mta_setup.sh).
|
|
set -euo pipefail
|
|
|
|
TS=$(date +%s)
|
|
MC=/etc/postfix/master.cf
|
|
|
|
echo "=== backup (.$TS) ==="
|
|
sudo cp "$MC" "$MC.bak.$TS"
|
|
|
|
# hc IP pool: port -> (smtp transport name, source IP octet, HELO label)
|
|
# 2526->hcout1/.107, 2527->hcout2/.108, 2528->hcout3/.109
|
|
echo "=== master.cf: add hc submission ports + per-IP transports ==="
|
|
sudo python3 - "$MC" <<'PY'
|
|
import sys
|
|
mc = open(sys.argv[1]).read()
|
|
add = []
|
|
pool = [
|
|
(2526, 'hcout1', 107, 'hcmta01'),
|
|
(2527, 'hcout2', 108, 'hcmta02'),
|
|
(2528, 'hcout3', 109, 'hcmta03'),
|
|
]
|
|
if 'hcout1 unix' not in mc:
|
|
add.append('')
|
|
add.append('# === Healthcare HOT stream (dual-stream design) ===')
|
|
add.append('# One submission port per hc IP; listmonk-hc round-robins the ports.')
|
|
add.append('# FILTER forces each port onto its hc transport, overriding the global')
|
|
add.append('# trucking transport_maps so hc mail never uses the .94-.96 pool.')
|
|
for port, name, octet, helo in pool:
|
|
# Submission listener: tag every message with FILTER -> the hc transport.
|
|
add += [
|
|
'%d inet n - y - - smtpd' % port,
|
|
' -o syslog_name=postfix/hcsubmit%d' % octet,
|
|
' -o smtpd_client_restrictions=permit_mynetworks,reject',
|
|
' -o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination',
|
|
' -o smtpd_helo_required=no',
|
|
' -o content_filter=%s:' % name,
|
|
]
|
|
for port, name, octet, helo in pool:
|
|
# The hc smtp transport: bind the hc IP, hc HELO, hotter concurrency.
|
|
add += [
|
|
'%s unix - - y - - smtp' % name,
|
|
' -o smtp_bind_address=207.174.124.%d' % octet,
|
|
' -o smtp_helo_name=%s.performancewest.net' % helo,
|
|
' -o syslog_name=postfix/%s' % name,
|
|
' -o smtp_destination_concurrency_limit=10',
|
|
' -o smtp_destination_rate_delay=0s',
|
|
' -o smtp_destination_recipient_limit=20',
|
|
]
|
|
mc = mc.rstrip('\n') + '\n' + '\n'.join(add) + '\n'
|
|
open(sys.argv[1], 'w').write(mc)
|
|
print(' master.cf updated (+%d lines)' % len(add))
|
|
else:
|
|
print(' master.cf already has hc stream (no change)')
|
|
PY
|
|
|
|
echo "=== hc warmup stamp (drives the listmonk-hc ramp cap) ==="
|
|
[ -f /etc/postfix/hc-warmup-start ] || date +%s | sudo tee /etc/postfix/hc-warmup-start >/dev/null
|
|
echo " hc-warmup-start: $(sudo cat /etc/postfix/hc-warmup-start)"
|
|
|
|
echo "=== postfix check (gate) ==="
|
|
if sudo postfix check 2>&1 | grep -viE 'not owned|^$'; then :; fi
|
|
if sudo postfix check >/dev/null 2>&1; then
|
|
echo "CHECK OK"; sudo postfix reload && echo "RELOADED"
|
|
else
|
|
echo "CHECK FAILED — rolling back"
|
|
sudo cp "$MC.bak.$TS" "$MC"
|
|
sudo postfix reload || true
|
|
echo "ROLLED BACK"; exit 1
|
|
fi
|
|
|
|
echo "=== verify ==="
|
|
echo -n "hc transports: "; sudo grep -cE "^hcout[123] unix" "$MC"
|
|
for p in 2526 2527 2528; do
|
|
echo -n ":$p "; sudo ss -ltn 2>/dev/null | grep -qE ":$p\b" && echo "LISTENING" || echo "(settling)"
|
|
done
|
|
echo "DONE."
|