Hang on a second... my Postfix is using a network interface that is not the one set with the inet_interfaces parameter. So, my experience is true- the inet_interfaces parameter has no effect.
K > Sent: Tuesday, May 02, 2023 at 4:36 pm > From: "Kolusion K" <kolus...@post.com> > To: "Wietse Venema via Postfix-users" <postfix-users@postfix.org> > Subject: Re: [pfx] Re: Contradicting Postfix documentation > > Yes, and I also told you how I didn't know what most of the results from > tcpdump meant. > > K > > > > Sent: Tuesday, May 02, 2023 at 4:21 pm > > From: "Wietse Venema via Postfix-users" <postfix-users@postfix.org> > > To: "Kolusion K" <kolus...@post.com> > > Cc: postfix-users@postfix.org > > Subject: [pfx] Re: Contradicting Postfix documentation > > > > Kolusion K via Postfix-users: > > Yesterday you sent a tcpdump trace where Postfix fails to make a > > connection from 192.168.2.2: > > > > 23:11:38.333669 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags > > [S], seq 3300139944, win 65280, options [mss 1360,sackOK,TS val > > 912086021 ecr 0,nop,wscale 7], length 0 > > > > Today you claim that Postfix does NOT USE THAT IP ADDRESS. > > > > I have specified Postfix to use a certain interface in 'main.cf': > > > > inet_interfaces = 192.168.2.2 > > > > The problem is, Postfix is not using this interface and is > > instead using another interface to send e-mail. > > > > In fact it does use the IP address, but there is no route from > > 192.168.2.2 to the remote destination. > > > > According to the inet_interfaces manpage, EMPHASIS ADDED FOR CLARITY: > > > > When inet_interfaces specifies just one IPv4 and/or IPv6 address > > that > > is not a loopback address, the Postfix SMTP client will use this > > ad? > > dress as the IP source address for outbound mail. Support for IPv6 > > is > > available in Postfix version 2.2 and later. > > > > On a multi-homed firewall with separate Postfix instances listening > > on > > the "inside" and "outside" interfaces, THIS CAN PREVENT EACH > > INSTANCE > > FROM BEING ABLE TO REACH REMOTE SMTP SERVERS ON THE "OTHER SIDE" OF > > THE > > FIREWALL. Setting smtp_bind_address to 0.0.0.0 avoids the > > potential > > problem for IPv4, and setting smtp_bind_address6 to :: solves the > > prob- > > lem for IPv6. > > > > A better solution for multi-homed firewalls is to leave > > inet_interfaces > > at the default value and instead use explicit IP addresses in the > > mas- > > ter.cf SMTP server definitions. This preserves the Postfix > > SMTP > > client's loop detection, by ensuring that each side of the > > firewall > > knows that the other IP address is still the same host. > > Setting > > $inet_interfaces to a single IPv4 and/or IPV6 address is primarily > > use- > > ful with virtual hosting of domains on secondary IP addresses, > > when > > each IP address serves a different domain (and has a different > > $myhost- > > name setting). > > > > Your complex network configuration makes it a multi-homed host, and it is > > subject to the same problems as described above. > > > > Wietse > > _______________________________________________ > > Postfix-users mailing list -- postfix-users@postfix.org > > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org