I have working smtp server on OBSD 6.6 which did it's job successfully using 
egress server's IP before IPsec iked tunnel has been implemented.

/etc/mail/smtpd.conf
...
# smptd bound on server's egress interface (early setup with clearnet IP config 
without IPsec)
table sources {1.2.3.4}
table helonames {1.2.3.4 = smtp.domain.tld}
...

Now all server's traffic goes trough IKEv2 gateway with NAT, and smtpd runs on 
the same server, but now behind IPsec NAT.

The goal is that smtpd should send/receive mail trough IPsec tunnel. smtpd 
receives mail successfully but can't send mail trough IPsec tunnel.

Once mail is sent by mail agent, mailq reports "No valid route to destination". 
I tried to bind smtpd to localhost and IPsec server's local NAT interface in 
smtpd.conf but unsuccessfully:
...
table sources {127.0.0.1}
table helonames {4.3.2.1 = smtp.another-domain.tld}
...

I suppose smtpd uses system default routing table for delivering mail, instead 
of using IPsec gateway. And binding smtpd to localhost or IPsec NAT interface 
can't solve the problem.

Any suggestions what can be missed or misconfigured?

Martin

Reply via email to