Cameron Smith put forth on 11/19/2010 11:13 AM: > I have a Postfix mail gateway behind a security appliance. > The mail gateway has a published public IP of the security appliance. > > On all my Postfix servers I am routing mail for root to an off network email > address using an entry in /etc/aliases
Apparently it is not an "off network" email address, or your Postfix gateway wouldn't be attempting to connection to your MX for delivery. > They all work fine except for the root account on the gateway. > > It seems that the gateway is doing a dns lookup and trying to send mail to > it's own root to the IP of the security appliance and of course is getting > no response rather than using the entry in /etc/aliases. If this is the case you have a configuration problem. Where exactly (full unobfuscated email address please, use "at" to avoid scrapes) are you attempting to redirect root's mail to? You say it's "off network" but if this is the case Postfix shouldn't be connecting to your domain MX. When you say "off network" do you simply mean a different hosted domain that this gateway handles mail for? That's not "off network". > Nov 19 12:06:53 mail postfix/smtp[29722]: connect to mail.example.org[IP of > security appliance]: Connection timed out (port 25) > Nov 19 12:06:53 mail postfix/smtp[29722]: 278A11BFA74: to=< > r...@mail.example.org>, relay=none, delay=30, delays=0.09/0/30/0, dsn=4.4.1, > status=deferred (connect to mail.example.org[IP of security appliance]: > Connection timed out) Your NAT appliance isn't properly handling loop back connections. This is strange as nearly every $20 consumer broadband router does this properly. > How can I get mail to root on the gateway to send out? This is only mail > generated on the gateway itself to root. r...@mail.example.org will never > need to receive external mail. It only needs to send out server > notifications. First we need to know what the address you're sending to is so we actually know if it's internal or external to your MX. If the address is external, such as b...@hotmail.com, you shouldn't be having an issue now. If it's root_collec...@yourdomain.com, a connection should not be made to the outside world, but redirected to the appropriate internal mailbox server. If this is the case it leads me to believe you probably have a DNS problem, likely because you're not using split DNS. More details would really be helpful. -- Stan
