Postfix + relay for icinga notifications

Here is my situation. I have set up two virtual Linux machines in a windows 2022 server.

  • One machine hosts a mail server (iredmail). It has an open port 25, and its FQDN is: mail.mydomain.com. It has the LAN IP address 10.10.10.9 and an internal DNS entry/webserver http://mailserver.lan. It hosts a bunch of email addresses, including icinga@mail.mydomain.com

  • The second machine hosts only Icinga. It has the internal IP address 10.10 dot 10.8 or http://icinga.lan. It can send packets to the internet through the gateway, but none of its incoming ports are NAT-ed from the gateway to the LAN.

My question is: how can I configure the second machine to send notifications to any given email address using the sender’s address icinga@mail.mydomain.com (the domain hosted by the 1st machine). I suspect that I need to configure the iRedMail mailserver as a relayhost. I believe that I understand how I can do that in a safe way (SASL_authentication, noanonymous, etc.).

However, it is unclear to me how I should configure postfix in the icinga.lan machine to send notifications using the relayhost. For safety, I would prefer to avoid exposing icinga to the internet.

it may have become painfully obvious that I’m not an expert on networking. In real life, I am a medical doctor and a Covid specialist. However, I do have a genuine interest in learning these things. I would be exceedingly grateful for some help and I am happy to reciprocate with advice in my field of expertise if need be!

I’m not familiar with your environment and any requirements you may have (you say you are in the medical field), but you can configure postfix as a local MTA to relay to a specific server (mailserver.lan in your case). Then configure that mail server to allow relayed messages from your Icinga2 server.

/etc/postfix/main.cf

relayhost = [an.ip.add.ress]

Icinga2 is executing a script to send a notification, so you can have that script do anything you’d like. As I mentioned in the other post you created - that script can also perform authentication to a specific server (skipping a local MTA). You can configure postfix to use credentials when relaying as well (but that gets more complicated if you want it to relay/deliver any mail not being relayed with those same credentials to the same server).

thank you Lee. I managed to get the relaying up and running. There are still minor wrinkles (the forwarding method changes the sender’s address, which is undesirable), but I seem to already have a working system now.