Loading ...
Sorry, an error occurred while loading the content.

Re: postfix multiple WAN-IP setup

Expand Messages
  • Viktor Dukhovni
    ... This is the wrong question. Nobody cares about the hostname in the 220 banner or in the 250- EHLO response. If there is a howto or
    Message 1 of 6 , Feb 15, 2013
    • 0 Attachment
      On Fri, Feb 15, 2013 at 03:14:44PM +0100, Tom Loewen wrote:

      > We have two WAN connections. One has the RDNS entry mx0.example.com the
      > other has mx1.example.com. Is there a way to setup postfix so that he
      > will reply with the correct hostname? I know that you can do this in
      > master.cf but the server is behind a NAT, so Postfix didn't have any
      > knowledge about the WAN-IPs.

      This is the wrong question. Nobody cares about the hostname in the
      220 <hostname> banner or in the 250-<hostname> EHLO response. If
      there is a howto or other document somewhere that suggests that an
      SMTP server should have a hostname matching its external IP, ignore
      it, it is written by an ignorant person.

      This said, there is a better question to ask about an MTA behind a
      dual-IP NAT. While incoming mail requires no particular attention,
      outgoing mail really SHOULD use a HELO <hostname> that matches the
      source IP of the SMTP client. Since the MTA is behind a dual NAT
      that will determine the source IP address dynamically (presumably
      by determining the "best" route interface for the destination)
      the MTA cannot predict its source IP address. Therefore, with
      two external IPs, say and, the correct
      DNS setup is:

      192.0.2 zone file: IN PTR smtp.example.com. IN PTR smtp.example.com.

      example.com zone file:
      smtp.example.com. IN A
      smtp.example.com. IN A
      example.com. IN MX 0 smtp.example.com.

      that is the give both IPs the *same* name, and configure the (Postfix)
      MTA with:

      proxy_interfaces =,
      smtp_helo_name = smtp.example.com

      In some cases, the second IP address is a backup and is slower or
      incurs higher traffic costs, ... So you may want different MX
      preferences for the two IPs, this is still possible with the above:

      modified example.com zone file:
      ; forward resolution matches PTR records
      smtp.example.com. IN A
      smtp.example.com. IN A
      ; additional per-IP address names
      smtp1.example.com. IN A
      smtp2.example.com. IN A
      ; MX records prefer the first IP address over the second
      example.com. IN MX 10 smtp1.example.com.
      example.com. IN MX 20 smtp2.example.com.

      This covers all sensible NAT-specific questions about such a setup.
      Once again, don't waste your time misconfiguring the hostname of
      the inbound SMTP server. Returning the hostname of the system
      (even if internal) is just fine.

    Your message has been successfully submitted and would be delivered to recipients shortly.