Applying dfilt to one IP only

2009-05-29 Thread Paul Cocker 
I am attempting setting up footers so they apply only to outgoing mail
not incoming mail (currently they apply to all e-mail), but I would like
to check that I have the right end of the stick.

First I map a second IP (100.100.100.2) to eth0, this interface will be
eth0:0

Next I modify master.cf from:

smtp  inet  n   -   n   -   -   smtpd
   -o content_filter=dfilt:
dfilt unix  -   n   n   -   -   pipe
flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} --
${recipient}

To:

100.100.100.1:smtp  inet  n   -   n   -   -
smtpd
100.100.100.2:smtp  inet  n   -   n   -   -
smtpd
   -o content_filter=dfilt:
127.0.0.1:smtpinet  n   -   n   -   -
smtpd
   -o content_filter=dfilt:
dfilt unix  -   n   n   -   -   pipe
flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} --
${recipient} 

I'm pretty sure that thus far I'm spot on, my only question now is
whether or not I need to change the inet_interfaces setting in main.cf
from all to 100.100.100.2, or whether this would prevent local systems
from sending mail out via 100.100.100.1.

Paul Cocker
_

Please consider the environment, think before you print.

TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047),
TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),
TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post
Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary
and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd
(02556692). All companies are registered in England and Wales; registered
address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire,
SL7 1HY.

Re: Applying dfilt to one IP only

2009-05-29 Thread Victor Duchovni 
On Fri, May 29, 2009 at 09:10:14AM +0100, Paul Cocker wrote:

> I'm pretty sure that thus far I'm spot on, my only question now is
> whether or not I need to change the inet_interfaces setting in main.cf
> from all to 100.100.100.2, or whether this would prevent local systems
> from sending mail out via 100.100.100.1.

At a minimum, the union of "inet_interfaces" and "proxy_addresses"
needs to list all IP addresses at which you receive inbound email
(IP addresses of MX hosts for your domans, or A records of hosts
that receive u...@host email). Email sent to u...@[ip] is considered
"local" provided the "ip" is in inet_interfaces or proxy_addresses.

If "inet_interfaces" is then just a single IP address, but the system
is connected to multiple subnets, not just multi-IP on a single subnet,
then it is important to read the docs for "inet_interfaces" and understand
the notes about "smtp_bind_address".

Otherwise, also "inet_interfaces" is used in the default value of:

local_header_rewrite_clients = permit_inet_interfaces

and of course the default address list for master.cf "inet" services
that only specify a service name, with no address.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.