bind outgoing mail connects to virtual ip address? - Networking

This is a discussion on bind outgoing mail connects to virtual ip address? - Networking ; I'm pretty sure that this has been asked before... but I googled a bit and could not find an answer.... I have a server running postfix ( don't think that the mail server software will make a difference ) and ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: bind outgoing mail connects to virtual ip address?

  1. bind outgoing mail connects to virtual ip address?

    I'm pretty sure that this has been asked before... but I googled a bit
    and could not find an answer....

    I have a server running postfix ( don't think that the mail server
    software will make a difference ) and it has a primary IP Address
    and a 2nd / virtual IP Address. The 2nd / virtual IP address is
    reverse mapped back to my domain so when I send mail, I want that
    IP Address to be associated with the connection. Normally, the main
    IP Address on the Interface is used.... this does not reverse back
    to my domain so I need to use the 2nd / virtual Ip address on the
    outgoing mail connects. Some mail servers do a reverse lookup on
    the incoming connection and act differently if you say that you
    are 'y' but your reverse lookup says that you are 'x'.

    I am pretty sure that iptables is the answer... but I'm not sure
    if I want to mangle or snat or what....

    Thanks - jack

    --
    D.A.M. - Mothers Against Dyslexia

    see http://www.jacksnodgrass.com for my contact info.

    jack - Grapevine/Richardson

  2. Re: bind outgoing mail connects to virtual ip address?

    Jack Snodgrass wrote:
    > I'm pretty sure that this has been asked before... but I googled a bit
    > and could not find an answer....
    >
    > I have a server running postfix ( don't think that the mail server
    > software will make a difference ) and it has a primary IP Address
    > and a 2nd / virtual IP Address. The 2nd / virtual IP address is
    > reverse mapped back to my domain so when I send mail, I want that
    > IP Address to be associated with the connection. Normally, the main
    > IP Address on the Interface is used.... this does not reverse back
    > to my domain so I need to use the 2nd / virtual Ip address on the
    > outgoing mail connects. Some mail servers do a reverse lookup on
    > the incoming connection and act differently if you say that you
    > are 'y' but your reverse lookup says that you are 'x'.
    >
    > I am pretty sure that iptables is the answer... but I'm not sure
    > if I want to mangle or snat or what....
    >
    > Thanks - jack
    >


    In postfix main.cf set (according to man 5 postconf
    [http://linux.die.net/man/5/postconf])
    inet_interfaces =

    HTH
    /peter

  3. Re: bind outgoing mail connects to virtual ip address?

    On Thu, 13 Mar 2008 13:58:25 +0100, Peter Ludikovsky wrote:

    > Jack Snodgrass wrote:
    >> I'm pretty sure that this has been asked before... but I googled a bit
    >> and could not find an answer....
    >>
    >> I have a server running postfix ( don't think that the mail server
    >> software will make a difference ) and it has a primary IP Address
    >> and a 2nd / virtual IP Address. The 2nd / virtual IP address is
    >> reverse mapped back to my domain so when I send mail, I want that
    >> IP Address to be associated with the connection. Normally, the main
    >> IP Address on the Interface is used.... this does not reverse back
    >> to my domain so I need to use the 2nd / virtual Ip address on the
    >> outgoing mail connects. Some mail servers do a reverse lookup on
    >> the incoming connection and act differently if you say that you
    >> are 'y' but your reverse lookup says that you are 'x'.
    >>
    >> I am pretty sure that iptables is the answer... but I'm not sure
    >> if I want to mangle or snat or what....
    >>
    >> Thanks - jack
    >>

    >
    > In postfix main.cf set (according to man 5 postconf
    > [http://linux.die.net/man/5/postconf])
    > inet_interfaces =
    >
    > HTH
    > /peter


    thanks... but that is for incoming mail... that tells postfix which
    ip addresses you want to listen on... when it send mails, it goes
    out the default iface and uses the main ip address associated with
    it...

    jack

    --
    D.A.M. - Mothers Against Dyslexia

    see http://www.jacksnodgrass.com for my contact info.

    jack - Grapevine/Richardson

  4. Re: bind outgoing mail connects to virtual ip address?

    Hello,

    Jack Snodgrass a écrit :
    >
    > I have a server running postfix ( don't think that the mail server
    > software will make a difference )


    The mail software does matter. I don't know about postfix, but exim has
    an "interface" option which allows to specify the source adress for
    outgoing SMTP connections.

    > and it has a primary IP Address
    > and a 2nd / virtual IP Address. The 2nd / virtual IP address is
    > reverse mapped back to my domain so when I send mail, I want that
    > IP Address to be associated with the connection. Normally, the main
    > IP Address on the Interface is used.... this does not reverse back
    > to my domain so I need to use the 2nd / virtual Ip address on the
    > outgoing mail connects.


    Why do you need 1) a second address and 2) that address reverse back to
    your domain ?

    > Some mail servers do a reverse lookup on
    > the incoming connection and act differently if you say that you
    > are 'y' but your reverse lookup says that you are 'x'.


    Why not just set up postfix so the HELO/EHLO name matches the primary
    address reverse name ?

    > I am pretty sure that iptables is the answer... but I'm not sure
    > if I want to mangle or snat or what....


    Iptables may be one answer. First, you need to match packets sent from
    postfix belonging to outgoing SMTP connections. Then you need to SNAT
    those connections with the desired address.

    If the postfix process runs as a specific user, you can match the user
    id with the 'owner' match. You'll have to MARK the matching packets
    because 'owner' is valid only in the OUTPUT chain and 'SNAT' is valid
    only in the POSTROUTING chain.

    iptables -t mangle -A OUTPUT -m owner --uid-owner \
    -j MARK --set-mark 0x1
    iptables -t nat -A POSTROUTING -m mark --mark 0x1 \
    -j SNAT --to-source

    You can also just match the destination port 25.

    iptables -t nat -A POSTROUTING -p tcp --dport 25 \
    -j SNAT --to-source

    Or both.

    iptables -t mangle -A OUTPUT -m owner --uid-owner \
    -j MARK --set-mark 0x1
    iptables -t nat -A POSTROUTING -p tcp --dport 25 -m mark --mark 0x1 \
    -j SNAT --to-source

  5. Re: bind outgoing mail connects to virtual ip address?

    Jack Snodgrass wrote:
    > On Thu, 13 Mar 2008 13:58:25 +0100, Peter Ludikovsky wrote:
    >
    >> Jack Snodgrass wrote:
    >>> I'm pretty sure that this has been asked before... but I googled a bit
    >>> and could not find an answer....
    >>>
    >>> I have a server running postfix ( don't think that the mail server
    >>> software will make a difference ) and it has a primary IP Address
    >>> and a 2nd / virtual IP Address. The 2nd / virtual IP address is
    >>> reverse mapped back to my domain so when I send mail, I want that
    >>> IP Address to be associated with the connection. Normally, the main
    >>> IP Address on the Interface is used.... this does not reverse back
    >>> to my domain so I need to use the 2nd / virtual Ip address on the
    >>> outgoing mail connects. Some mail servers do a reverse lookup on
    >>> the incoming connection and act differently if you say that you
    >>> are 'y' but your reverse lookup says that you are 'x'.
    >>>
    >>> I am pretty sure that iptables is the answer... but I'm not sure
    >>> if I want to mangle or snat or what....
    >>>
    >>> Thanks - jack
    >>>

    >> In postfix main.cf set (according to man 5 postconf
    >> [http://linux.die.net/man/5/postconf])
    >> inet_interfaces =
    >>
    >> HTH
    >> /peter

    >
    > thanks... but that is for incoming mail... that tells postfix which
    > ip addresses you want to listen on... when it send mails, it goes
    > out the default iface and uses the main ip address associated with
    > it...
    >
    > jack
    >


    Quote postconf(5), under inet_interfaces:
    When inet_interfaces specifies just one IPv4 and/or IPv6 address that
    is not a loopback address, the Postfix SMTP client will use this
    address as the IP source address for outbound mail....
    ...
    Setting $inet_interfaces to a single IPv4 and/or IPV6 address is
    primarily useful with virtual(5,8) host- ing of domains on secondary IP
    addresses

    HTH
    /peter

+ Reply to Thread