Hello All hotmail have my main server ip on their blacklist and will not migrate it for love nor money . i have a group of failover ip's which have been migrated for a trail bases by hotmail. ( hotmail is the only provider i am having trouble with) i have tried changing my server domain to one of these failover, which would be good for not only the email trouble but for the future of i ever needed to move servers. would just be amatter of cloning my setup and getting the failover ip's transfered to the new box. i had change these setting but have since reverted back as it didnt make any change to the send ip from posfix. i changed server ip: /etc/hosts /etc/resolv.conf all failover's are already listed in /etc/network/interfaces i also changed the ip in system/server config/server name/server/ip address. all of which block any mail from being sent. i even tried # Bind to an ip address smtp_bind_address = xx.xx.xx.xx inet_interfaces = xx.xx.xx.xx,127.0.0.1 which also broke the emails. any help is much appreciated. Chris
Instead of configuring postfix, it might be easier to use iptables like this: https://nixtree.com/blog/change-outgoing-ip-address-for-smtp-using-iptables/
Hi Till thanks for the reply but the above recommendation has broke the email altogether. now im try to figure out how to remove Code: iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx sometimes it goes easy, other times you just wanna pull out what hair you have left. i cant even find that table i put in Code: root@server1:~# iptables -t nat --line-numbers -L Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain INPUT (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination
i have noticed that when the system is rebooted it loss the iptable record. so if that is the case why does it not go back to original settings. what else could be wrong. all other settings have all been returned to the original settings, i am starting to form a my queue Code: root@server1:~# postconf -n alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 dovecot_destination_recipient_limit = 1 greylisting = check_policy_service inet:127.0.0.1:10023 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all inet_protocols = all mailbox_size_limit = 0 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 message_size_limit = 0 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = domain.tld, localhost, localhost.localdomain myhostname = domain.tld mynetworks = 127.0.0.0/8 [::1]/128 myorigin = /etc/mailname nested_header_checks = regexp:/etc/postfix/nested_header_checks owner_request_special = no policy-spf_time_limit = 3600s proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf relayhost = sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtp_tls_exclude_ciphers = RC4, aNULL smtp_tls_protocols = !SSLv2,!SSLv3 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_message_rate_limit = 100 smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_error_sleep_time = 1s smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_restriction_classes = greylisting smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_soft_error_limit = 10 smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem smtpd_tls_exclude_ciphers = RC4, aNULL smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = dovecot virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
The iptable settings are reset on reboot, so the post routing must be gone after a server reboot. Please post the exact error messages from mail log file.
i was just about to post back. i got my mail server working . when i changed all the settings back yet again i forgot to reboot the system to allow the hostname to change im gonna retry that iptables line again . . will post back
right . i resubmitted Code: iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx and emails are being received with the chosen ip address. what is best practice for me now. do i edit /etc/resolv.conf and change the nameserver to this ip. then change the ns1 and ns2 at the domain provider. also do i change the ip for the email gateway domain for all mail sent in the dns zones. ( meaning all my email get sent through one ip and one mail.domain.tld) change my rDNS for this ip to correspond with my gateway domain then since changing the ns1 and ns2 ip . change the ns records for all other domains on server. i dont think i need to change hosts or and any settings in :ispconfig/system/server settings please correct me if i am wrong thanks in advance Chris
I would just do this step. What matters is that the email providers get a correct rdns answer when they query the new IP.
i have placed this Code: #!/bin/bash #Ip routing for email delivery /sbin/iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx /usr/local/ispconfig/server/iptableroute.sh and trying to set cronjob Code: * * * * * /usr/local/ispconfig/server/iptableroute.sh can you check to see if this is good or if i need to change anything thanks nope this doesnt work. i have also tried Code: iptables-save > /etc/iptables_rules and added Code: /sbin/iptables-restore < /etc/iptables_rules to /etc/rc.local but that doesnt work either lol doesnt even work if you load with /etc/network/if-up.d/iptables this iptables line just does not want to load at boot
i also followed this guide but did not help one bit http://www.debiantutorials.com/loading-iptables-rules-on-startup/ using the iptables rule "-A POSTROUTING -p tcp -m tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx" any ideas would be much appreciated.
I would just add the line: /sbin/iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx in rc.local. Or do you use a firewall on the server that might remove the rule?
when i restart the machine and run iptables -t nat -L the does show . does it matter where in /etc/rc.local i place that line ? Code: #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. true > /etc/motd /sbin/iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx
Seems as if you run the bastille firewall (standard ISPConfig firewall). See here for instructions to add custom rules to the firewall: https://www.howtoforge.com/communit...-to-iptables-postfix-ports.36299/#post-202906
thanks you till that done the job now i can stop worrying about the mail being routed to the wrong ip.
ps: is it a good idea to use bastille? its just when you said "bastille firewall (standard ISPConfig firewall)" mind me think ooooh oooh lol the server was originally installed with the perfect server . https://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3 so i presumed i had the best for the server.
Urgent***** i followed what was in the post and reboot system . it does indeed load the iptables line at bootup but now all my websites have been deleted everythings gone. i check all the dir in /var/www/clients and the all lead to log folder only everything was working perfectly before i followed this guide https://www.howtoforge.com/communit...-to-iptables-postfix-ports.36299/#post-202906