Loading ...
Sorry, an error occurred while loading the content.

Problem with smtp client bind address

Expand Messages
  • James Seymour
    Good Day, I m trying to bring up a new machine that serves several purposes and have run into a potentially Very Big Problem. The machine has two physical
    Message 1 of 5 , Dec 1, 2011
    • 0 Attachment
      Good Day,

      I'm trying to bring up a new machine that serves several purposes and
      have run into a potentially Very Big Problem.

      The machine has two physical interfaces, one LAN-facing and one
      Internet-facing. So, naturally, I have something like:

      Let's say 10.1.1.0 is the Internet-facing network and 192.168.1.0 is
      inside.

      inet_interfaces = 10.1.1.4, 192.168.1.1

      The machine has its "real" interface and additional virtual (or alias)
      interfaces on the outside:

      10.1.1.2 hostname.example.com
      10.1.1.3 ns1.example.com # alias/virtual
      10.1.1.4 mx1.example.com # alias/virtual

      and so-on.

      The problem is: On outgoing connections to The World, via the 10.1.1...
      interface, SMTP clients, instead of binding to 10.1.1.4, are binding to
      10.1.1.2, rather than 10.1.1.4.

      I can't use smtp_bind_address, because the server also delivers email
      to an internal server on the 192.168.1.0 network.

      So, do I either have to swap the addresses of "hostname" and
      "mx1" (which would be kind of lame, IMO) or do-away with "mx1"
      entirely, and let "hostname" be the MX?

      ISTM Postfix' SMTP clients should chose from the interfaces listed in
      inet_interfaces or smtp_bind_address should be smtp_bind_addresses, and
      it should chose from them.

      Thanks,
      Jim
      --
      Note: My mail server employs *very* aggressive anti-spam
      filtering. If you reply to this email and your email is
      rejected, please accept my apologies and let me know via my
      web form at <http://jimsun.LinxNet.com/contact/scform.php>.
    • Wietse Venema
      ... I suggest that you use different smtp_bind_address settings in master.cf for the (default) smtp transport and for the (inbound) relay transport. I don t
      Message 2 of 5 , Dec 1, 2011
      • 0 Attachment
        James Seymour:
        > Good Day,
        >
        > I'm trying to bring up a new machine that serves several purposes and
        > have run into a potentially Very Big Problem.
        >
        > The machine has two physical interfaces, one LAN-facing and one
        > Internet-facing. So, naturally, I have something like:
        >
        > Let's say 10.1.1.0 is the Internet-facing network and 192.168.1.0 is
        > inside.
        >
        > inet_interfaces = 10.1.1.4, 192.168.1.1
        >
        > The machine has its "real" interface and additional virtual (or alias)
        > interfaces on the outside:
        >
        > 10.1.1.2 hostname.example.com
        > 10.1.1.3 ns1.example.com # alias/virtual
        > 10.1.1.4 mx1.example.com # alias/virtual
        >
        > and so-on.
        >
        > The problem is: On outgoing connections to The World, via the 10.1.1...
        > interface, SMTP clients, instead of binding to 10.1.1.4, are binding to
        > 10.1.1.2, rather than 10.1.1.4.

        I suggest that you use different smtp_bind_address settings in
        master.cf for the (default) smtp transport and for the (inbound)
        relay transport.

        I don't think it is practical for Postfix to grope kernel routing
        tables in order to choose the client IP address. There is no standard
        API for doing such things.

        Wietse
      • James Seymour
        On Thu, 1 Dec 2011 16:27:07 -0500 (EST) Wietse Venema wrote: [snip] ... This server is, amongst other things, a mail gateway. It
        Message 3 of 5 , Dec 1, 2011
        • 0 Attachment
          On Thu, 1 Dec 2011 16:27:07 -0500 (EST)
          Wietse Venema <wietse@...> wrote:
          [snip]
          > I suggest that you use different smtp_bind_address settings in
          > master.cf for the (default) smtp transport and for the (inbound)
          > relay transport.

          This server is, amongst other things, a mail gateway. It accepts
          incoming on both interfaces, and sends on both.

          >
          > I don't think it is practical for Postfix to grope kernel routing
          > tables in order to choose the client IP address. There is no standard
          > API for doing such things.

          Very well. Then either "mx1" has to go away, and the machine's "real"
          hostname used, or I have to swap "hostname"s and "mx1"s addresses, or
          make mx1's address the "real" address. I don't like any of those
          solutions, but it would appear I've no choice.

          Thanks for the follow-up, Wietse.

          Regards,
          Jim
          --
          Note: My mail server employs *very* aggressive anti-spam
          filtering. If you reply to this email and your email is
          rejected, please accept my apologies and let me know via my
          web form at <http://jimsun.LinxNet.com/contact/scform.php>.
        • Wietse Venema
          ... It sends outbound mail on both interfaces? It sends inbound mail on both interfaces? I would expect that inbound and outbound use different interfaces,
          Message 4 of 5 , Dec 1, 2011
          • 0 Attachment
            James Seymour:
            > On Thu, 1 Dec 2011 16:27:07 -0500 (EST)
            > Wietse Venema <wietse@...> wrote:
            > [snip]
            > > I suggest that you use different smtp_bind_address settings in
            > > master.cf for the (default) smtp transport and for the (inbound)
            > > relay transport.
            >
            > This server is, amongst other things, a mail gateway. It accepts
            > incoming on both interfaces, and sends on both.

            It sends outbound mail on both interfaces?

            It sends inbound mail on both interfaces?

            I would expect that inbound and outbound use different interfaces,
            therefore you can use different delivery agents.

            For the default smtp transport, use -o smtp_bind_address=external-address

            Use a transport map to force inbound mail to use the "relay"
            transport, and that one will automagically use the right source IP
            address because there is only one to choose from.

            Wietse
          • Jim Seymour
            On Thu, 1 Dec 2011 16:46:00 -0500 (EST) ... Bah! No. Incoming goes out the inside interface and outgoing out the outside interface :p. Sorry, I was in
            Message 5 of 5 , Dec 1, 2011
            • 0 Attachment
              On Thu, 1 Dec 2011 16:46:00 -0500 (EST)
              Wietse Venema <wietse@...> wrote:

              > James Seymour:
              > > On Thu, 1 Dec 2011 16:27:07 -0500 (EST)
              > > Wietse Venema <wietse@...> wrote:
              > > [snip]
              > > > I suggest that you use different smtp_bind_address settings in
              > > > master.cf for the (default) smtp transport and for the (inbound)
              > > > relay transport.
              > >
              > > This server is, amongst other things, a mail gateway. It accepts
              > > incoming on both interfaces, and sends on both.
              >
              > It sends outbound mail on both interfaces?
              >
              > It sends inbound mail on both interfaces?

              Bah! No. Incoming goes out the inside interface and outgoing out the
              outside interface :p. Sorry, I was in serious burnout mode after
              having been hacking on the new box since about 07:30.

              >
              > I would expect that inbound and outbound use different interfaces,
              > therefore you can use different delivery agents.

              And right you'd be.

              >
              > For the default smtp transport, use -o
              > smtp_bind_address=external-address
              >
              > Use a transport map to force inbound mail to use the "relay"
              > transport, and that one will automagically use the right source IP
              > address because there is only one to choose from.

              Done! Worked like a charm, Wietse. Thanks *very* much for your help.

              I'd already had all the transport entries. (Holdover from when our
              mail routing was significantly more complicated.) I simply had to
              replace the "smtp:"s with "relay:"s, in addition to the master.cf
              change, and it was done.

              Great :)

              Regards,
              Jim
              --
              Note: My mail server employs *very* aggressive anti-spam
              filtering. If you reply to this email and your email is
              rejected, please accept my apologies and let me know via my
              web form at <http://jimsun.LinxNet.com/contact/scform.php>.
            Your message has been successfully submitted and would be delivered to recipients shortly.