On 11/26/11 6:01 PM, Wietse Venema wrote:
> Philip Prindeville:
> [ Charset ISO-8859-1 unsupported, converting... ]
>>> And unless you turn off IP forwarding in the TCP/IP stack, the value
>>> of {if_addr} and {if_name} says nothing about the path that packets
>>> have taken. It just says something about the destination IP address.
>
>> In a richly connected network with a multihomed host, packets might
>> arrive on more than one interface during the course of a connection
>> anyway, possibly even simultaneously.
>
> Indeed. That's why {if_name} is totally meaningless in such
> configurations, and {if_addr} mostly meaningless.
>
> So, you can save yourself time and skip these features unless you
> intend to run Postfix on a multi-homed firewall, which case I would
> recommend running Postfix on single-homed hosts on both sides of a
> "bare" firewall (the configuration of classical DEC SEAL firewall).
>
> Wietse
I really don't think it's that simple.
I know of one scenario for instance where the public interface speaks to
outside mailers (and indeed is an MXer on that interface), but a loX interface
(like 127.0.0.2) talks only to a another relay agent which is allowed to submit
outbound messages for relaying.
Give people the capacity to do flexible and powerful things, and you're rarely
disappointed.
-Philip
