Loading ...
Sorry, an error occurred while loading the content.

Re: postfix multiple WAN-IP setup

Expand Messages
  • Tom Loewen
    Am Fri, 15 Feb 2013 16:31:52 +0200 ... Hi Levi, thanks. I didn t recognize that I could have another Port 25 NAT-Rule on my WAN2-Interface. Best regards Tom
    Message 1 of 6 , Feb 15, 2013
    • 0 Attachment
      Am Fri, 15 Feb 2013 16:31:52 +0200
      schrieb Birta Levente <blevi.linux@...>:

      > But all of this work only with proper set up of NAT, route ...

      Hi Levi,

      thanks. I didn't recognize that I could have another Port 25 NAT-Rule
      on my WAN2-Interface.

      Best regards
      Tom
    • Viktor Dukhovni
      ... This is the wrong question. Nobody cares about the hostname in the 220 banner or in the 250- EHLO response. If there is a howto or
      Message 2 of 6 , Feb 15, 2013
      • 0 Attachment
        On Fri, Feb 15, 2013 at 03:14:44PM +0100, Tom Loewen wrote:

        > We have two WAN connections. One has the RDNS entry mx0.example.com the
        > other has mx1.example.com. Is there a way to setup postfix so that he
        > will reply with the correct hostname? I know that you can do this in
        > master.cf but the server is behind a NAT, so Postfix didn't have any
        > knowledge about the WAN-IPs.

        This is the wrong question. Nobody cares about the hostname in the
        220 <hostname> banner or in the 250-<hostname> EHLO response. If
        there is a howto or other document somewhere that suggests that an
        SMTP server should have a hostname matching its external IP, ignore
        it, it is written by an ignorant person.

        This said, there is a better question to ask about an MTA behind a
        dual-IP NAT. While incoming mail requires no particular attention,
        outgoing mail really SHOULD use a HELO <hostname> that matches the
        source IP of the SMTP client. Since the MTA is behind a dual NAT
        that will determine the source IP address dynamically (presumably
        by determining the "best" route interface for the destination)
        the MTA cannot predict its source IP address. Therefore, with
        two external IPs, say 192.0.2.1 and 192.0.2.2, the correct
        DNS setup is:

        192.0.2 zone file:
        1.2.0.192.in-arpa. IN PTR smtp.example.com.
        1.2.0.192.in-arpa. IN PTR smtp.example.com.

        example.com zone file:
        smtp.example.com. IN A 192.0.2.1
        smtp.example.com. IN A 192.0.2.2
        example.com. IN MX 0 smtp.example.com.

        that is the give both IPs the *same* name, and configure the (Postfix)
        MTA with:

        proxy_interfaces = 192.0.2.1, 192.0.2.2
        smtp_helo_name = smtp.example.com

        In some cases, the second IP address is a backup and is slower or
        incurs higher traffic costs, ... So you may want different MX
        preferences for the two IPs, this is still possible with the above:

        modified example.com zone file:
        ;
        ; forward resolution matches PTR records
        ;
        smtp.example.com. IN A 192.0.2.1
        smtp.example.com. IN A 192.0.2.2
        ;
        ; additional per-IP address names
        ;
        smtp1.example.com. IN A 192.0.2.1
        smtp2.example.com. IN A 192.0.2.2
        ;
        ; MX records prefer the first IP address over the second
        ;
        example.com. IN MX 10 smtp1.example.com.
        example.com. IN MX 20 smtp2.example.com.

        This covers all sensible NAT-specific questions about such a setup.
        Once again, don't waste your time misconfiguring the hostname of
        the inbound SMTP server. Returning the hostname of the system
        (even if internal) is just fine.

        --
        Viktor.
      Your message has been successfully submitted and would be delivered to recipients shortly.