I want to put one domain on a separate IP address for email. When I create an email box, I don't see any place to enter an IP. How is this done?
There is no easy way to achieve this as postfix does not has such a setting. You can e.g. setup a virtual machine with a separate ispconfig installation or you try to add listeners for each IP separately in postfix master.cf instead of the global port 25 listener, but this will only affect incoming email and not outgoing.
Thanks, Till. How can I change the IP address for mail only--on the whole server? Or is this a bad idea? I've been using an IP address for mail for a long time, and I'm wondering if it's time to change.
Postfix does support this, we have a single server (debian wheezy, non-ispconfig) using separate ip addrs for a couple domains (incoming and outgoing). The outgoing piece uses sender_dependent_default_transport_maps to select the default transport according to the sender address, eg. set this in main.cf Code: sender_dependent_default_transport_maps = texthash:/etc/postfix/sender_dependent_default_transport_maps then create /etc/postfix/sender_dependent_default_transport_maps with: Code: @dom1.com dom1_smtp @dom2.com dom2_smtp DUNNO Then you create dom1_smtp and dom2_smtp transports that specify a different smtp_bind_address option, eg. in master.cf: Code: dom1_smtp unix - - - - - smtp -o smtp_bind_address=x.x.x.x dom2_smtp unix - - - - - smtp -o smtp_bind_address=y.y.y.y The incoming pieces are handled similarly, ie. multiple transports created to listen on each address and set a few options differently. For another option, I believe you can accomplish the same thing with postfix instances as well, but I don't have a working example offhand.
One other thing that might be useful if someone were to incorporate such a config into ispconfig, we actually set variables with the bind IP addresses and use those in the transport definition. Eg. in main.cf: Code: dom1_smtp_bind_address = x.x.x.x dom2_smtp_bind_address = y.y.y.y And in master.cf: Code: dom1_smtp unix - - - - - smtp -o smtp_bind_address=$dom1_smtp_bind_address dom2_smtp unix - - - - - smtp -o smtp_bind_address=$dom2_smtp_bind_address You can then use postconf -e to set/change the ip address, rather than parsing master.cf (I don't know how how ispconfig handles that, it may or may not be easier).
I see that is a very old thread, but is this still doable? I am getting a lot of issues with people not accepting emails from multiple domains on my server (Multiple IP addresses go to multiple domains, but the email only wants to work on the primary IP) This has caused a lot of problems with people telling me that their emails are ending up in people's quarantine folders due to the discrepency with SSL showing only the Primary IP addresses SSL. For websites and ftp, etc all is working as it should via multiple IP's. Only the email is having an issue in this regard. I see that this was brought up 7 years ago. How come this has not made into new releases?
Because it is not needed, but if you want to have such a setup, you can modify your system. Back to your original problem, deliverability issues are not caused by the fact that the IPs of web and mail services are different. A mail system contacts other mail servers by using its own hostname only anyway, and this hostname normally has just one IP address (or two, if you use IPv4 and IPv6), and this one hostname is the one that is and has to be in the SSL cert of the mail system. Your clients should use this hostname in their mail clients as SMTP and IMAP server, but this part is irrelevant for spam scoring. The IP of a domain that one of your clients uses for his website or to connect to the system via his mail client is irrelevant. If you have deliverability issues, then then you should check that you set up SPF records correctly, and that you enabled DKIM signing for the emails and check your primary mail system IP to take care that its not blacklisted and check the DNS records of your domains to take care MX records are set up correctly. Also, if your server or your client's domain is known to send spam, then your IP might have a bad reputation, but this will change over time if you fix the issues and no more spam is sent. There are also sender reputation programs at big service providers like google and Microsoft that you can join to find out what the issue with the emails is. As a side note, IP addresses are not part of an SSL cert. An SSL cert contains only a domain or a list of domains, not an IP.
And using a different IP for each domain might even be the cause for the issue, mail spam systems at MS, Google, and other bigger providers seem to assign an IP a score. This score is not set to 'good' just because the IP has never sent spam mail, it might even be blocked when starting with a blank new IP, the score becomes good (at least in what I experienced in the past) when your mail system provides a steady flow of good and not too few emails, so if you use an IP per client domain then it might be that not enough emails get sent from this one IP to e.g. Gmail so that the Ip does not get into the range of reliable mail systems due to not providing a steady flow of good emails.