> 2009/9/30 Postfix User <post...@linuxnet.ca>: > > > I've since implemented an iptables SNAT rule as a temporary workaround > > as I really needed this working this morning. I doubt this will > > interfere with the verbose logging output. What exactly is it I should > > be looking for? > > Can you show us some proof that it's not working? Eg. send mail via > that machine and show the headers that appear on the receiving end. >
> If you really want to use iptables, I'd use it for logging first. Just > some trivial rules. > > iptables -I OUTPUT -s 142.22.75.146 -p tcp --dport smtp -m state --state NEW > iptables -I OUTPUT -s 142.22.75.147 -p tcp --dport smtp -m state --state NEW > Bingo, good thinking Barney. I removed my SNAT rule and sent a couple of emails and this shed some light on it as the second rule was the only one to increment so postfix was working as expected yet email headers and logs on the receiving MTA showed delivery using 142.22.75.146 so I dropped the firewall sent another email and the results were as expected on the receiving end, ie 142.22.75.147 was used. Wadding through the firewall rules I spotted the culprit rule. The rules are not my handy work and they certainly need peer review as looking deeper I see a few others I had to cock an eye at. Anyhow, *perceived* problem solved, thank you very much for the help guys and sorry for wasting everyones time. --
