postfix wont send on failover ip

Hello All

hotmail have my main server ip on their blacklist and will not migrate it for love nor money . i have a group of failover ip's which have been migrated for a trail bases by hotmail. ( hotmail is the only provider i am having trouble with)
i have tried changing my server domain to one of these failover, which would be good for not only the email trouble but for the future of i ever needed to move servers. would just be amatter of cloning my setup and getting the failover ip's transfered to the new box.

i had change these setting but have since reverted back as it didnt make any change to the send ip from posfix.

i changed server ip:
/etc/hosts
/etc/resolv.conf
all failover's are already listed in /etc/network/interfaces

i also changed the ip in system/server config/server name/server/ip address.
all of which block any mail from being sent.

i even tried
# Bind to an ip address
smtp_bind_address = xx.xx.xx.xx
inet_interfaces = xx.xx.xx.xx,127.0.0.1

which also broke the emails.

any help is much appreciated.
Chris

 

Hi Till

thanks for the reply but the above recommendation has broke the email altogether.

now im try to figure out how to remove

Code:

iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx

sometimes it goes easy, other times you just wanna pull out what hair you have left.

i cant even find that table i put in

Code:

root@server1:~# iptables -t nat --line-numbers -L
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

 

i have noticed that when the system is rebooted it loss the iptable record. so if that is the case why does it not go back to original settings.
what else could be wrong. all other settings have all been returned to the original settings, i am starting to form a my queue

Code:

root@server1:~# postconf -n
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
dovecot_destination_recipient_limit = 1
greylisting = check_policy_service inet:127.0.0.1:10023
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = domain.tld, localhost, localhost.localdomain
myhostname = domain.tld
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
policy-spf_time_limit = 3600s
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
smtpd_restriction_classes = greylisting
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_soft_error_limit = 10
smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf

 

i was just about to post back. i got my mail server working . when i changed all the settings back yet again i forgot to reboot the system to allow the hostname to change

im gonna retry that iptables line again . . will post back

 

right . i resubmitted

Code:

iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx

and emails are being received with the chosen ip address.

what is best practice for me now.

• do i edit /etc/resolv.conf and change the nameserver to this ip.
• then change the ns1 and ns2 at the domain provider.

• also do i change the ip for the email gateway domain for all mail sent in the dns zones. ( meaning all my email get sent through one ip and one mail.domain.tld)
• change my rDNS for this ip to correspond with my gateway domain

• then since changing the ns1 and ns2 ip . change the ns records for all other domains on server.

i dont think i need to change hosts or and any settings in :ispconfig/system/server settings

please correct me if i am wrong
thanks in advance
Chris

 

i have placed this

Code:

#!/bin/bash
#Ip routing for email  delivery
/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx

/usr/local/ispconfig/server/iptableroute.sh and trying to set cronjob

Code:

* * * * * /usr/local/ispconfig/server/iptableroute.sh

can you check to see if this is good or if i need to change anything

thanks


nope this doesnt work.

i have also tried

Code:

 iptables-save > /etc/iptables_rules 

and added

Code:

/sbin/iptables-restore < /etc/iptables_rules

to /etc/rc.local but that doesnt work either lol

doesnt even work if you load with /etc/network/if-up.d/iptables

this iptables line just does not want to load at boot

 

i also followed this guide but did not help one bit http://www.debiantutorials.com/loading-iptables-rules-on-startup/
using the iptables rule "-A POSTROUTING -p tcp -m tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx"

any ideas would be much appreciated.

 

i willl give that a go. no want it change permanantly

thanks till

 

when i restart the machine and run iptables -t nat -L the does show .

does it matter where in /etc/rc.local i place that line ?

Code:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

true > /etc/motd

/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source xx.xx.xx.xx

 

thanks you till

that done the job now i can stop worrying about the mail being routed to the wrong ip.

 

ps: is it a good idea to use bastille? its just when you said "bastille firewall (standard ISPConfig firewall)" mind me think ooooh oooh lol

the server was originally installed with the perfect server .
https://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3

so i presumed i had the best for the server.

 

Urgent*****
i followed what was in the post and reboot system . it does indeed load the iptables line at bootup

but now all my websites have been deleted everythings gone. i check all the dir in /var/www/clients and the all lead to log folder only

everything was working perfectly before i followed this guide https://www.howtoforge.com/communit...-to-iptables-postfix-ports.36299/#post-202906