Loading ...
Sorry, an error occurred while loading the content.

Re: postfix multiple WAN-IP setup

Expand Messages
  • Birta Levente
    ... You need to inform postfix: Set up virtual interface with different internal IP on postfix machine or listen on different port But all of this work only
    Message 1 of 6 , Feb 15, 2013
    • 0 Attachment
      On 15/02/2013 16:14, Tom Loewen wrote:
      > EHLO list,
      >
      > we have two WAN connections. One has the RDNS entry mx0.example.com the
      > other has mx1.example.com. Is there a way to setup postfix so that he
      > will reply with the correct hostname? I know that you can do this in
      > master.cf but the server is behind a NAT, so Postfix didn't have any
      > knowledge about the WAN-IPs.

      You need to inform postfix:
      Set up virtual interface with different internal IP on postfix machine
      or
      listen on different port

      But all of this work only with proper set up of NAT, route ...

      Levi



      >
      > Thanks for any ideas.
      >
      > Best regards
      > Tom Loewen
      >
    • Wietse Venema
      ... http://www.postfix.org/BASIC_CONFIGURATION_README.html#proxy_interfaces You MUST specify external IP addresses with main.cf:proxy_interfaces. This is
      Message 2 of 6 , Feb 15, 2013
      • 0 Attachment
        Tom Loewen:
        > EHLO list,
        >
        > we have two WAN connections. One has the RDNS entry mx0.example.com the
        > other has mx1.example.com. Is there a way to setup postfix so that he
        > will reply with the correct hostname? I know that you can do this in
        > master.cf but the server is behind a NAT, so Postfix didn't have any
        > knowledge about the WAN-IPs.

        http://www.postfix.org/BASIC_CONFIGURATION_README.html#proxy_interfaces

        You MUST specify external IP addresses with main.cf:proxy_interfaces.
        This is required to prevent mail from looping between MX hosts, and
        is required to handle mail for user@[ipaddress].

        If you want Postfix to reply with the right hostname without knowing
        the connection destination address, then send your donations for a
        project that adds telepathic intelligence to Postfix.

        Wietse
      • Tom Loewen
        Am Fri, 15 Feb 2013 09:32:26 -0500 (EST) ... Hi Wietse, thanks. I ll have a look. ... How much? :) Best regards Tom
        Message 3 of 6 , Feb 15, 2013
        • 0 Attachment
          Am Fri, 15 Feb 2013 09:32:26 -0500 (EST)
          schrieb Wietse Venema <wietse@...>:

          > You MUST specify external IP addresses with main.cf:proxy_interfaces.
          > This is required to prevent mail from looping between MX hosts, and
          > is required to handle mail for user@[ipaddress].

          Hi Wietse,

          thanks. I'll have a look.

          > If you want Postfix to reply with the right hostname without knowing
          > the connection destination address, then send your donations for a
          > project that adds telepathic intelligence to Postfix.

          How much? :)

          Best regards
          Tom
        • Tom Loewen
          Am Fri, 15 Feb 2013 16:31:52 +0200 ... Hi Levi, thanks. I didn t recognize that I could have another Port 25 NAT-Rule on my WAN2-Interface. Best regards Tom
          Message 4 of 6 , Feb 15, 2013
          • 0 Attachment
            Am Fri, 15 Feb 2013 16:31:52 +0200
            schrieb Birta Levente <blevi.linux@...>:

            > But all of this work only with proper set up of NAT, route ...

            Hi Levi,

            thanks. I didn't recognize that I could have another Port 25 NAT-Rule
            on my WAN2-Interface.

            Best regards
            Tom
          • Viktor Dukhovni
            ... This is the wrong question. Nobody cares about the hostname in the 220 banner or in the 250- EHLO response. If there is a howto or
            Message 5 of 6 , Feb 15, 2013
            • 0 Attachment
              On Fri, Feb 15, 2013 at 03:14:44PM +0100, Tom Loewen wrote:

              > We have two WAN connections. One has the RDNS entry mx0.example.com the
              > other has mx1.example.com. Is there a way to setup postfix so that he
              > will reply with the correct hostname? I know that you can do this in
              > master.cf but the server is behind a NAT, so Postfix didn't have any
              > knowledge about the WAN-IPs.

              This is the wrong question. Nobody cares about the hostname in the
              220 <hostname> banner or in the 250-<hostname> EHLO response. If
              there is a howto or other document somewhere that suggests that an
              SMTP server should have a hostname matching its external IP, ignore
              it, it is written by an ignorant person.

              This said, there is a better question to ask about an MTA behind a
              dual-IP NAT. While incoming mail requires no particular attention,
              outgoing mail really SHOULD use a HELO <hostname> that matches the
              source IP of the SMTP client. Since the MTA is behind a dual NAT
              that will determine the source IP address dynamically (presumably
              by determining the "best" route interface for the destination)
              the MTA cannot predict its source IP address. Therefore, with
              two external IPs, say 192.0.2.1 and 192.0.2.2, the correct
              DNS setup is:

              192.0.2 zone file:
              1.2.0.192.in-arpa. IN PTR smtp.example.com.
              1.2.0.192.in-arpa. IN PTR smtp.example.com.

              example.com zone file:
              smtp.example.com. IN A 192.0.2.1
              smtp.example.com. IN A 192.0.2.2
              example.com. IN MX 0 smtp.example.com.

              that is the give both IPs the *same* name, and configure the (Postfix)
              MTA with:

              proxy_interfaces = 192.0.2.1, 192.0.2.2
              smtp_helo_name = smtp.example.com

              In some cases, the second IP address is a backup and is slower or
              incurs higher traffic costs, ... So you may want different MX
              preferences for the two IPs, this is still possible with the above:

              modified example.com zone file:
              ;
              ; forward resolution matches PTR records
              ;
              smtp.example.com. IN A 192.0.2.1
              smtp.example.com. IN A 192.0.2.2
              ;
              ; additional per-IP address names
              ;
              smtp1.example.com. IN A 192.0.2.1
              smtp2.example.com. IN A 192.0.2.2
              ;
              ; MX records prefer the first IP address over the second
              ;
              example.com. IN MX 10 smtp1.example.com.
              example.com. IN MX 20 smtp2.example.com.

              This covers all sensible NAT-specific questions about such a setup.
              Once again, don't waste your time misconfiguring the hostname of
              the inbound SMTP server. Returning the hostname of the system
              (even if internal) is just fine.

              --
              Viktor.
            Your message has been successfully submitted and would be delivered to recipients shortly.