routing question: 2 mail servers sending from their own IPs
Hi folks, I'm running into a bit of a routing gotcha getting two mail servers to send mail out using their own respective IP addresses. (While this involves postfix, this is not a postfix support question, it's a routing question) What I'm trying to accomplish is this: - two autonomous domains, each with their own mail server instance (postfix in this case) so that one domain never 'mentions' the other domain. Using one instance of postfix to relay for the 2nd domain is not an option, as domain1.com will be shown in the headers when mail is from domain2.com. The reason is that 2nd domain is a business entity and should not be associated in any way with the first. The setup (which works fine): - the two domains have their own external IPs, dns-wise. - two instances of postfix listen on their respective external IPs taking mail for their domains (set in master.cf) - postfix acts as a mail gateway on the firewall, which shuffles mail to either of two instances of postfix on an internal mail server - 5 (non-contiguous) IPs are assigned to me by ADSL, so I have one physical connection, with 1 'main' IP and 4 aliases. That works fine and dandy: two independent domains. I should mention that (some) internal traffic, depending on its origin, is NAT'd out with pf on those aliases, appearing to come from independent networks. The problem: - mail sent out via either instance of postfix, regardless of the master.cf setting, go out on the 'main' IP, such that mail headers appear like such: Received: from mail.domain2.com (erratic.ca [75.119.251.119]) The goal: I'd prefer it to read .. from mail.domain2.com (domain2.com [a.b.c.d]) The untouched firewall routing table looks like this: Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default206.248.154.122UGS322803 56410450 - 8 tun0 127/8 127.0.0.1 UGRS 00 33200 8 lo0 (snipping a bunch of lo0 stuff) 192.168.0/24 link#1 UC 10 - 4 nfe0 192.168.0.200:0d:60:91:5d:a4 UHLc 143271 - 4 nfe0 192.168.1/24 link#5 UC 20 - 4 sk0 192.168.1.200:19:5b:68:91:20 UHLc 1 7177 - 4 sk0 192.168.1.300:10:c6:b5:c1:72 UHLc 4 136762 - 4 sk0 192.168.2/24 link#5 UC 10 - 4 sk0 192.168.2.1127.0.0.1 UGHS 00 33200 8 lo0 192.168.3/24 link#5 UC 00 - 4 sk0 192.168.3.1127.0.0.1 UGHS 00 33200 8 lo0 206.248.154.12275.119.251.119 UH 10 1492 4 tun0 224/4 127.0.0.1 URS00 33200 8 lo0 I've tried this: # route add 206.248.154.122 a.b.c.d but my routing-fu is not strong. That command gives all of the above, plus this: 206.248.154.122a.b.c.dUGHS 00 - 8 tun0 Of course, sending mails from domain2.com still appears from erratic.ca. Any suggestions? Clear as mud? The firewall does not have an /etc/mygate set, and is OpenBSD 4.6-current (GENERIC) #7: Sat Jan 23 16:34:02 EST 2010, but I don't think a dmesg is of much use here. Unrelated question: can smtpd handle this kind of funkiness? I'd like to switch to smtpd eventually if it can, but that's another project for another day. Thanks! -- - RSM www.erratic.ca
Re: routing question: 2 mail servers sending from their own IPs
On Sat, Mar 27, 2010 at 1:02 AM, Scott McEachern sc...@erratic.ca wrote: Hi folks, I'm running into a bit of a routing gotcha getting two mail servers to send mail out using their own respective IP addresses. (While this involves postfix, this is not a postfix support question, it's a routing question) I don't see anything about routing in your question. What I see is an issue involving the binding of the client-side of TCP connections. ... The setup (which works fine): - the two domains have their own external IPs, dns-wise. - two instances of postfix listen on their respective external IPs taking mail for their domains (set in master.cf) - postfix acts as a mail gateway on the firewall, which shuffles mail to either of two instances of postfix on an internal mail server - 5 (non-contiguous) IPs are assigned to me by ADSL, so I have one physical connection, with 1 'main' IP and 4 aliases. ... The problem: - mail sent out via either instance of postfix, regardless of the master.cf setting, go out on the 'main' IP, such that mail headers appear like such: Received: from mail.domain2.com (erratic.ca [75.119.251.119]) The goal: I'd prefer it to read .. from mail.domain2.com (domain2.com [a.b.c.d]) You need to configure the postfix for domain2.com to explicitly bind() to the IP address of a.b.c.d and not use the default for the host. (You might think but I've configured this postfix instance to only listen on IP A.B.C.D, why isn't it sending from that IP?. The answer is because, in general, such a restriction is *not* correct behavior for MTAs, and therefore is not the default for postfix.) Philip Guenther
Re: routing question: 2 mail servers sending from their own IPs
Check into smtp_bind_address in Postfix. If you're still having issues, binat rather than rdr to internal IPs so connections will originate properly. Without seeing your pf.conf or master.cf, this is a guess, but I think these tips should lead you in the right direction. ...master.cf: smtp ... smtp -o smtp_bind_address=11.22.33.44 On 3/27/10 3:02 AM, Scott McEachern wrote: Hi folks, I'm running into a bit of a routing gotcha getting two mail servers to send mail out using their own respective IP addresses. (While this involves postfix, this is not a postfix support question, it's a routing question) What I'm trying to accomplish is this: - two autonomous domains, each with their own mail server instance (postfix in this case) so that one domain never 'mentions' the other domain. Using one instance of postfix to relay for the 2nd domain is not an option, as domain1.com will be shown in the headers when mail is from domain2.com. The reason is that 2nd domain is a business entity and should not be associated in any way with the first. The setup (which works fine): - the two domains have their own external IPs, dns-wise. - two instances of postfix listen on their respective external IPs taking mail for their domains (set in master.cf) - postfix acts as a mail gateway on the firewall, which shuffles mail to either of two instances of postfix on an internal mail server - 5 (non-contiguous) IPs are assigned to me by ADSL, so I have one physical connection, with 1 'main' IP and 4 aliases. That works fine and dandy: two independent domains. I should mention that (some) internal traffic, depending on its origin, is NAT'd out with pf on those aliases, appearing to come from independent networks. The problem: - mail sent out via either instance of postfix, regardless of the master.cf setting, go out on the 'main' IP, such that mail headers appear like such: Received: from mail.domain2.com (erratic.ca [75.119.251.119]) The goal: I'd prefer it to read .. from mail.domain2.com (domain2.com [a.b.c.d]) The untouched firewall routing table looks like this: Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default206.248.154.122UGS322803 56410450 - 8 tun0 127/8 127.0.0.1 UGRS 00 33200 8 lo0 (snipping a bunch of lo0 stuff) 192.168.0/24 link#1 UC 10 - 4 nfe0 192.168.0.200:0d:60:91:5d:a4 UHLc 143271 - 4 nfe0 192.168.1/24 link#5 UC 20 - 4 sk0 192.168.1.200:19:5b:68:91:20 UHLc 1 7177 - 4 sk0 192.168.1.300:10:c6:b5:c1:72 UHLc 4 136762 - 4 sk0 192.168.2/24 link#5 UC 10 - 4 sk0 192.168.2.1127.0.0.1 UGHS 00 33200 8 lo0 192.168.3/24 link#5 UC 00 - 4 sk0 192.168.3.1127.0.0.1 UGHS 00 33200 8 lo0 206.248.154.12275.119.251.119 UH 10 1492 4 tun0 224/4 127.0.0.1 URS00 33200 8 lo0 I've tried this: # route add 206.248.154.122 a.b.c.d but my routing-fu is not strong. That command gives all of the above, plus this: 206.248.154.122a.b.c.dUGHS 00 - 8 tun0 Of course, sending mails from domain2.com still appears from erratic.ca. Any suggestions? Clear as mud? The firewall does not have an /etc/mygate set, and is OpenBSD 4.6-current (GENERIC) #7: Sat Jan 23 16:34:02 EST 2010, but I don't think a dmesg is of much use here. Unrelated question: can smtpd handle this kind of funkiness? I'd like to switch to smtpd eventually if it can, but that's another project for another day. Thanks! -- James M. Shupe shu...@gridexec.com RHCE Certified Plain text preferred 1.903.522.3425 This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is legally privileged. The information contained in this Email is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone 1.903.522.3425 and destroy the original message. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: routing question: 2 mail servers sending from their own IPs
James Shupe wrote: Check into smtp_bind_address in Postfix. If you're still having issues, binat rather than rdr to internal IPs so connections will originate properly. Without seeing your pf.conf or master.cf, this is a guess, but I think these tips should lead you in the right direction. ...master.cf: smtp ... smtp -o smtp_bind_address=11.22.33.44 Thank-you James and Philip, problem solved! Between using inet_interfaces in main.cf and a.b.c.d:smtp... in master.cf, I figured it was covered, but I was wrong. The smtp_bind_address works like a charm, which I didn't see when searching for multiple instances of postfix. I did find it rather odd that I'd have to use routing. I thought it was like using a sledgehammer to solve a thumbtack problem, when it was just a leaky screwdriver. -- - RSM www.erratic.ca
