Noel Jones wrote:
Daniel L. Miller wrote:
Noel Jones wrote:
Looks as if the proxy filter has gotten out of sync with postfix.
I would suggest starting using it as a content_filter. Once you get
that working, you can see if it works with smtpd_proxy_filter.
I find it handy to use " -o syslog_name=postfix-something" in
master.cf to differentiate services; makes reading the logs easier.
content_filter gives me the same results (I could be wrong, probably
am, but I think content_filter is actually implemented as shorthand
for a relay operation). I never saw that syslog_name parameter
before - thanks. That makes logs so much clearer.
I'm going back and forth checking configs. I'm using close to a
vanilla Postfix config. I have no changes to any of the default
restrictions. I've setup this mail server with two NIC's, both on
the same subnet. Now that (I think) I've fixed my routing issues,
traffic seems to work properly (unless you think a faulty routing
table is causing my current problem). ASSP listens on 192.168.0.10,
and Postfix on 192.168.0.11. mynetworks includes 192.168.0.0/24.
Is there any other Postfix setting I need to check/change - or at
this point does the fault lie in my ASSP config?
The content_filter accepts and queues the mail, then relays the
message to the content_filter. This is a little simpler than the
smtpd_proxy_filter which makes simultaneous connections to the
originating client and the filter.
The postfix content_filter feature is widely used and considered quite
robust. I'll bet the ASSP folks say the same thing...
A TCP capture of the incoming session should give more insight where
things go wrong.
Multiple NICs on the same subnet is asking for trouble. Any way you
can disable one to see if that helps?
-- Noel Jones
I can switch to that - I thought it would simplify my setup. The
alternative (which I've used on other servers) is to use interface
aliases to support multiple IP's. Since I'm setting up a virtual server
I thought I'd take advantage of cheap hardware and just "throw in a
card". I wanted separate IP's so one would get published for local
clients' use of port 25, and the other would be used for inbound
internet traffic. Since I'm going to be using port forwarding from my
router/firewall anyway - I guess it doesn't matter if the ASSP listener
isn't port 25 - so I'll change it to just be one IP (plus localhost, if
necessary) with different ports. But it doesn't "feel" like that's the
problem right now.
In theory...I think...ASSP is supposed to be a near transparent proxy.
It may add headers...but SHOULDN'T change the smtp stream. So, if I
have ASSP configured to listen on a given port, and relay back to a
Postfix listener, in theory there should be no difference (to a client)
between connecting to the ASSP relay listener vs connecting to the
Postfix listener. At this time - that is not the case. Connecting to
the Postfix listener directly works perfectly. Trying the ASSP listener
fails. A telnet to the ASSP listener gives me Postfix responses, so I
know at least part of the relay operation is working (I set "-o
myhostname" to something different for that listener just to verify).
Short break - I wanted to change smtpd_banner - but Postfix didn't seem
real happy with changing that in a master.cf line.
So from telnet, I could HELO, MAIL FROM, and RCPT TO - and things seemed
ok. It was after those steps that communication breaks down.
--
Daniel
