Postfix using multiple IPs (catch22) Help!!!!

Discussion in 'Server Operation' started by fbarcenas, May 26, 2015.

  1. fbarcenas

    fbarcenas Member

    Postfix will use different IP addresses to send mail on a server with virtual IPs:
    Eth0 = 1.1.1.1 (rdns=mx.example.com)
    eth0:0 = 1.1.1.2 (rdns=mx.example.com)
    eth0:1 = 1.1.1.3 (rdns=mx.example.com)
    eth0:2 = 1.1.1.4 (rdns=mx.example.com)
    The problem is that if it sends mail from one of the virtual ip the reverse dns will never match and much of the mail gets labeled as SPAM even thought the SPF record clearly states that receiving mail from that IP for that domain is OK.
    The possible fix to the problem was to smtp_bind_address in /etc/postfix/main.cf to 1.1.1.1, but if you do so all the other processes that will internally contact the server at 127.0.0.1 will fail and your mail will back up in the queue(postqueue -p).
    So I've already tried changing the master.cf config to:
    1.1.1.1:10025 inet n - - - - smtpd
    But it did not work apparently with an ISPCONFIG setup there are more things to consider (AMAVIS, etc,etc,etc).
    Just grepping for 127.0.0.1 in postfix returns many other things to change:
    /etc/postfix# grep -R '127.0.0.1' *
    main.cf:#inet_interfaces = 1.1.1.1,127.0.0.1
    main.cf:content_filter = amavis:[127.0.0.1]:10024
    main.cf~:content_filter = amavis:[127.0.0.1]:10024
    main.cf~2:content_filter = amavis:[127.0.0.1]:10024
    main.cf~3:content_filter = amavis:[127.0.0.1]:10024
    master.cf:127.0.0.1:10025 inet n - - - - smtpd
    master.cf~:127.0.0.1:10025 inet n - - - - smtpd
    mysql-virtual_client.cf:hosts = 127.0.0.1
    mysql-virtual_client.cf~:hosts = 127.0.0.1
    mysql-virtual_domains.cf:hosts = 127.0.0.1
    mysql-virtual_domains.cf~:hosts = 127.0.0.1
    mysql-virtual_email2email.cf:hosts = 127.0.0.1
    mysql-virtual_email2email.cf~:hosts = 127.0.0.1
    mysql-virtual_forwardings.cf:hosts = 127.0.0.1
    mysql-virtual_forwardings.cf~:hosts = 127.0.0.1
    mysql-virtual_mailboxes.cf:hosts = 127.0.0.1
    mysql-virtual_mailboxes.cf~:hosts = 127.0.0.1
    mysql-virtual_recipient.cf:hosts = 127.0.0.1
    mysql-virtual_recipient.cf~:hosts = 127.0.0.1
    mysql-virtual_relaydomains.cf:hosts = 127.0.0.1
    mysql-virtual_relaydomains.cf~:hosts = 127.0.0.1
    mysql-virtual_relayrecipientmaps.cf:hosts = 127.0.0.1
    mysql-virtual_relayrecipientmaps.cf~:hosts = 127.0.0.1
    mysql-virtual_sender.cf:hosts = 127.0.0.1
    mysql-virtual_sender.cf~:hosts = 127.0.0.1
    mysql-virtual_transports.cf:hosts = 127.0.0.1
    mysql-virtual_transports.cf~:hosts = 127.0.0.1

    So my question is, am I going about this all wrong??? Is there an easier way to force postfix to use the main ip for outgoing and still service 127.0.0.1?
    HELP!!!!
     
  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    smtp_bind_address binds postfix smtp-client to an ip-address when making a connection. You can define this in the main.cf or or in any service in the master.cf with -o smtp_bind_address=xxx - and this works with ispconfig.

    You must restart (not just reload) postfix after changing thi smtp-binding.

    What did you set for mynetworks?
     
  3. fbarcenas

    fbarcenas Member

    Yes, I know and it works, however it causes the postqueue to pile up with failures.

    mynetworks = 127.0.0.0/8 [::1]/128
    That's the default. I followed the perfect server guide for debian 7.
     
    Last edited: May 26, 2015
  4. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Not sure if you really need it, but i always add a "bind-ip" to mynetworks. Can you post the log when a mail-processing fails? Did you use -o 127.0.0.1 in the master.cf for the amavis-service?
     
  5. fbarcenas

    fbarcenas Member

    Ok I will add smtp_bind_address = 1.1.1.1 to my /etc/postfix/main.cf and restart postfix.
    I do postqueue -p and begin seeing messages like these begin to fill the queue:
    F30976980355 2001 Wed May 27 11:39:30 [email protected]
    (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
    [email protected]



    This is the only section of master.conf that specifies 127.0.0.1:
    Code:
    127.0.0.1:10025 inet n - - - - smtpd
      -o content_filter=
      -o local_recipient_maps=
      -o relay_recipient_maps=
      -o smtpd_restriction_classes=
      -o smtpd_client_restrictions=
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o mynetworks=127.0.0.0/8,xxx.xxx.xxx.xxx/29
      -o strict_rfc821_envelopes=yes
      -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
     
    Last edited: May 27, 2015
  6. fbarcenas

    fbarcenas Member

    I think I fixed it with help from this post:
    http://www.faqforge.com/linux/send-all-outgoing-email-trough-one-ip-address-in-postfix/
    OK I added to /etc/postfix/main.cf
    Code:
    inet_interfaces = 1.1.1.1,127.0.0.1
    smtp_bind_address = 1.1.1.1
    
    and created /etc/amavis/conf.d/60-custom with this in it:
    Code:
    @inet_acl = qw( 127.0.0.1 [::1] 1.1.1.1 );
    And everything seems to work right up to this moment. I will run a battery of tests and check logs to see if it did no affect something else.
     
  7. fbarcenas

    fbarcenas Member

    So far so good. Looks like everything chugs along just fine.
     
  8. fbarcenas

    fbarcenas Member

    This is probably something I would like to see permanently implemented into ISPCONFIG, as I don't know anyone that would want postfix mail leaving the server from an IP without a matching RDNS record.
    This should probably be written into the PERFECT SERVER guides.
     
  9. florian030

    florian030 Well-Known Member HowtoForge Supporter

    You don´t need inet_interfaces to SEND on a specified ip. inet_interfaces defines the address(es) postfix should listen on.
     
    fbarcenas likes this.
  10. fbarcenas

    fbarcenas Member

    Good idea. I'll remove this.
     

Share This Page