From: Wietse Venema on
Victor Duchovni:
> On Fri, Jun 18, 2010 at 10:30:35AM -0400, Phil Howard wrote:
>
> > > I am fine with the workarounds supplied and can see your point of view,
> > > although I can't agree with a loop detected that is not a loop, I see
> > > that it happens because inet addresses are mixed between instances and I
> > > have my view about wasting more public ip addresses to do this as I told
> > > before. That's all. Thank you all for your answers and comments. :)
> >
> > The original principle of the loop detection is based on where DNS MX
> > records would point to. That points to hostnames which point to IP
> > addresses. Port numbers are not part of it and are assumed to be the
> > SMTP port. How the detection is actually implemented could vary.
>
> Not really, for loop detection to be effective, it must detect
> cases in which remote domains specify unexpected MX records (even
> 127.0.0.1) or local transport tables are incomplete. When MX records
> are bogus our transport tables are incomplete, the traffic will go
> to port 25, so all port 25 connections must be tested.
>
> The supported way to avoid loop detection false-positives on with
> internal forwarding between Postfix instances is to:
>
> - Ensure that each Postfix instance uses a separate set of
> IP addresses.
>
> and/or
>
> - Not use port 25 as an internal forwarding destination when
> IP address sharing is unavoidable.
>
> This is robust and easy to document. The work-arounds I posted
> also work, but are less elegant and should be avoided. If the
> OP wants to use them, fine, he is fully informed...

I recommend a different myhostname per "port 25" instance. The
Postfix SMTP client verifies the HELO response and will declare a
loop when the best MX host replies to HELO with the client's own
myhostname.

Wietse

From: Victor Duchovni on
On Fri, Jun 18, 2010 at 11:41:46AM -0400, Wietse Venema wrote:

> > This is robust and easy to document. The work-arounds I posted
> > also work, but are less elegant and should be avoided. If the
> > OP wants to use them, fine, he is fully informed...
>
> I recommend a different myhostname per "port 25" instance. The
> Postfix SMTP client verifies the HELO response and will declare a
> loop when the best MX host replies to HELO with the client's own
> myhostname.

Sure, but when the destination IP address is listed in inet_interfaces,
the connection is not even made and a loop is detected. Hostname tweaks
don't help in this case, the idea is to not forward to your own port
25, where "your own" means an IP address that is listed in instance's
"inet_interfaces".

--
Viktor.

From: Wietse Venema on
Victor Duchovni:
> On Fri, Jun 18, 2010 at 11:41:46AM -0400, Wietse Venema wrote:
>
> > > This is robust and easy to document. The work-arounds I posted
> > > also work, but are less elegant and should be avoided. If the
> > > OP wants to use them, fine, he is fully informed...
> >
> > I recommend a different myhostname per "port 25" instance. The
> > Postfix SMTP client verifies the HELO response and will declare a
> > loop when the best MX host replies to HELO with the client's own
> > myhostname.
>
> Sure, but when the destination IP address is listed in inet_interfaces,
> the connection is not even made and a loop is detected. Hostname tweaks
> don't help in this case, the idea is to not forward to your own port
> 25, where "your own" means an IP address that is listed in instance's
> "inet_interfaces".

Even if you have different IP addresses, Postfix will declare a
loop when the server responds with myhostname to HELO.

Therefore a different myhostname is NECESSARY but not sufficient.

Wietse