Check into smtp_bind_address in Postfix. If you're still having issues,
binat rather than rdr to internal IPs so connections will originate
properly. Without seeing your pf.conf or master.cf, this is a guess, but
I think these tips should lead you in the right direction.
...master.cf:
smtp ... smtp -o smtp_bind_address=11.22.33.44
On 3/27/10 3:02 AM, Scott McEachern wrote:
> Hi folks, I'm running into a bit of a routing gotcha getting two mail
> servers to send mail out using their own respective IP addresses.
> (While this involves postfix, this is not a postfix support question,
> it's a routing question)
>
> What I'm trying to accomplish is this:
> - two autonomous domains, each with their own mail server instance
> (postfix in this case) so that one domain never 'mentions' the other
> domain. Using one instance of postfix to relay for the 2nd domain is
> not an option, as domain1.com will be shown in the headers when mail is
> from domain2.com. The reason is that 2nd domain is a business entity
> and should not be associated in any way with the first.
>
> The setup (which works fine):
> - the two domains have their own external IPs, dns-wise.
> - two instances of postfix listen on their respective external IPs
> taking mail for their domains (set in master.cf)
> - postfix acts as a mail gateway on the firewall, which shuffles mail to
> either of two instances of postfix on an internal mail server
> - 5 (non-contiguous) IPs are assigned to me by ADSL, so I have one
> physical connection, with 1 'main' IP and 4 aliases.
>
> That works fine and dandy: two independent domains. I should mention
> that (some) internal traffic, depending on its origin, is NAT'd out with
> pf on those aliases, appearing to come from independent networks.
>
> The problem:
> - mail sent out via either instance of postfix, regardless of the
> master.cf setting, go out on the 'main' IP, such that mail headers
> appear like such:
>
> Received: from mail.domain2.com (erratic.ca [75.119.251.119])
>
> The goal:
> I'd prefer it to read ".. from mail.domain2.com (domain2.com [a.b.c.d])"
>
> The untouched firewall routing table looks like this:
>
> Internet:
> Destination Gateway Flags Refs Use Mtu Prio
> Iface
> default 206.248.154.122 UGS 322803 56410450 - 8
> tun0
> 127/8 127.0.0.1 UGRS 0 0 33200 8 lo0
> (snipping a bunch of lo0 stuff)
> 192.168.0/24 link#1 UC 1 0 - 4
> nfe0
> 192.168.0.2 00:0d:60:91:5d:a4 UHLc 1 43271 - 4
> nfe0
> 192.168.1/24 link#5 UC 2 0 - 4 sk0
> 192.168.1.2 00:19:5b:68:91:20 UHLc 1 7177 - 4 sk0
> 192.168.1.3 00:10:c6:b5:c1:72 UHLc 4 136762 - 4 sk0
> 192.168.2/24 link#5 UC 1 0 - 4 sk0
> 192.168.2.1 127.0.0.1 UGHS 0 0 33200 8 lo0
> 192.168.3/24 link#5 UC 0 0 - 4 sk0
> 192.168.3.1 127.0.0.1 UGHS 0 0 33200 8 lo0
> 206.248.154.122 75.119.251.119 UH 1 0 1492 4
> tun0
> 224/4 127.0.0.1 URS 0 0 33200 8 lo0
>
> I've tried this:
> # route add 206.248.154.122 a.b.c.d
>
> but my routing-fu is not strong. That command gives all of the above,
> plus this:
>
> 206.248.154.122 a.b.c.d UGHS 0 0 - 8 tun0
>
> Of course, sending mails from domain2.com still appears from erratic.ca.
>
> Any suggestions? Clear as mud? The firewall does not have an
> /etc/mygate set, and is OpenBSD 4.6-current (GENERIC) #7: Sat Jan 23
> 16:34:02 EST 2010, but I don't think a dmesg is of much use here.
>
> Unrelated question: can smtpd handle this kind of funkiness? I'd like
> to switch to smtpd eventually if it can, but that's another project for
> another day.
>
> Thanks!
>
--
James M. Shupe
[email protected]
RHCE Certified
Plain text preferred
1.903.522.3425
------------------------------------------------------------------------
This Email is covered by the Electronic Communications Privacy Act,
18 U.S.C. 2510-2521 and is legally privileged. The information
contained in this Email is intended only for use of the individual
or entity named above. If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately
notify us by telephone 1.903.522.3425 and destroy the original message.
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
