Prev: ATRN reloaded
Next: allowing outside users access to mailman lists
From: Dan Lists on 26 Jan 2010 14:52
We host email for several domains.  Occasionally an account will get
phished and our outbound server will get blacklisted by hotmail and
others.  We'd like to separate the outbound email so that one domain
with a phished account doesn't get all outbound email blacklisted.

I'm trying to set up an outbound server with multiple IPs.  I'd like
email that arrives on an IP to leave on the same IP.  In my master.cf
I put:

<IP 1>:smtp  inet  n       -       n       -       -       smtpd
     -o myhostname=smtp1.host.dom
<IP 2>:smtp  inet  n       -       n       -       -       smtpd
     -o myhostname=smtp2.host.dom

Email comes in on the different IPs, and the hostname is set to smtp1
or smtp2 in the Received headers.  The email is all going out from the
server's main IP not the separate IPs.

I've tried adding "-o smtp_bind_address=<IP 1>" etc.   I've tried
setting up multiple smtp services and adding "-o
default_transport=smtp1".  Email is still going out on the server's
main IP.

I thought it would be easy to get email to go in and out on the same
IP, but I cannot get it to work. What am I missing?

Thanks,

Dan

From: Wietse Venema on 26 Jan 2010 15:17
Dan Lists:
> We host email for several domains.? Occasionally an account will get
> phished and our outbound server will get blacklisted by hotmail and
> others.? We'd like to separate the outbound email so that one domain
> with a phished account doesn't get all outbound email blacklisted.
>
> I'm trying to set up an outbound server with multiple IPs.? I'd like
> email that arrives on an IP to leave on the same IP.? In my master.cf
> I put:
>
> <IP 1>:smtp? inet? n?????? -?????? n?????? -?????? -?????? smtpd
> ???? -o myhostname=smtp1.host.dom
> <IP 2>:smtp? inet? n?????? -?????? n?????? -?????? -?????? smtpd
> ???? -o myhostname=smtp2.host.dom
>
> Email comes in on the different IPs, and the hostname is set to smtp1
> or smtp2 in the Received headers.? The email is all going out from the
> server's main IP not the separate IPs.
>
> I've tried adding "-o smtp_bind_address=<IP 1>" etc.?? I've tried
> setting up multiple smtp services and adding "-o
> default_transport=smtp1".? Email is still going out on the server's
> main IP.
>
> I thought it would be easy to get email to go in and out on the same
> IP, but I cannot get it to work. What am I missing?

The least confusing is using one Postfix instance per IP address.

Setting SMTP client options (smtp_bind_address) on the Postfix SMTP
server does not work: the Postfix SMTP server is not an SMTP client,
and thefore it ignores all SMTP client parameters.

If you must implement this with one Postfix instance, then it
requires the Postfix 2.7 sender_dependent_default_transport_maps
feature, which allows you to specify a different Postfix SMTP client
(with its own smtp_bind_address) for outbound mail with different
sender domains.

Wietse

From: Noel Jones on 26 Jan 2010 15:17
On 1/26/2010 1:52 PM, Dan Lists wrote:
> We host email for several domains. Occasionally an account will get
> phished and our outbound server will get blacklisted by hotmail and
> others. We'd like to separate the outbound email so that one domain
> with a phished account doesn't get all outbound email blacklisted.
>
> I'm trying to set up an outbound server with multiple IPs. I'd like
> email that arrives on an IP to leave on the same IP. In my master.cf
> I put:
>
> <IP 1>:smtp inet n - n - - smtpd
> -o myhostname=smtp1.host.dom
> <IP 2>:smtp inet n - n - - smtpd
> -o myhostname=smtp2.host.dom
>
> Email comes in on the different IPs, and the hostname is set to smtp1
> or smtp2 in the Received headers. The email is all going out from the
> server's main IP not the separate IPs.
>
> I've tried adding "-o smtp_bind_address=<IP 1>" etc. I've tried
> setting up multiple smtp services and adding "-o
> default_transport=smtp1". Email is still going out on the server's
> main IP.
>
> I thought it would be easy to get email to go in and out on the same
> IP, but I cannot get it to work. What am I missing?
>

As a consequence of postfix's modular design, linking [where
mail comes in] to [where mail goes out] is somewhat tricky.

Postfix 2.7 Snapshot 20100117 introduces new functionality
that makes this easier. From the RELEASE_NOTES:
The FILTER action in access maps or header/body_checks now
supports
sender reputation schemes that dynamically choose the SMTP source
IP address.

This is implemented by specifying FILTER actions with empty
next-hop
destinations in access maps or header/body_checks, and by
configuring
in master.cf one Postfix SMTP client for each SMTP source IP
address,
where each client has its own "-o myhostname" and "-o
smtp_bind_address"
settings.


With earlier postfix versions, you need multiple postfix
instances, not just master.cf gymnastics.

-- Noel Jones

 | 
Pages: 1
Prev: ATRN reloaded
Next: allowing outside users access to mailman lists