So I spoke a bit too soon on the firewall.This morning I had time to look at it from a physical and configuration sense. It is a pfSense firewall that has multiple WAN ports enabled for multiple ISP. The path from the WAN that contains the MX IPs does not load balance or failover to the other WAN port. At one time this was setup but was turned off for some reason.
So NAT/PAT points it to the barracuda. Which in turn passes it to the proper email server based upon domain or IP address. To avoid outbound sending confusion from multiple gateways there is an Outbound NAT but that shouldn't affect the incoming email as those connections are from a different source. In light of this configuration would it still make sense to have multiple MX records? One for each WAN/ISP? I am considering trying to capture and inspect port 25 as it crosses from the firewall to the barracuda to see if that will shed light on the situation. Thanks, Job On Fri, Jul 10, 2020 at 3:56 PM Lukas Tribus <li...@ltri.eu> wrote: > On Fri, 10 Jul 2020 at 23:36, Job Cacka via mailop <mailop@mailop.org> > wrote: > > > > There is PAT firewall that load balances multiple networks. > > Maybe one of those destination networks is unreachable, while others > are reachable, so when the load-balancing decision points to the > unreachable network, the TCP session will not establish? Have you > verified connectivity of each and every backend server from your > load-balancers perspective? > > Using multiple MX records, one for each destination mailserver would > be the better setup, as opposed to load-balancing incoming port 25 > traffic (probably without appropriate health-checking and logging) of > a single MX record. > > > cheers, > lukas >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
