Multi-homed server & inet_interfaces or smtp-bind-address

Tue, 15 Feb 2011 11:22:53 -0800 

First off I am still a bit green on this stuff.
Both my servers are multi-homed, server A which runs Postfix is configured -> eth0 :n.n.n.186 and eth1:n.n.n.187. 
The host name for this server is mail.domain.tld which points to n.n.n.187.
Up until last Friday we did not have any problems. On Friday we started to get bounced when we tried to reply to a new contact at AT&T/Prodigy. Their bounce message is as follows: "host sbcmx5.prodigy.net[207.115.21.24] said: 553 5.3.0 flpd241 DNSBL:ATTRBL 521< n.n.n.186 >_is_blocked.__For_information_see_http://att.net/blocks (in reply to MAIL FROM command". A check of our logs shows only four message destined for their servers in the last four weeks. I have check our servers using abuse.net and we do not appear to be an open relay. None of the RBL have us listed. So I do not think the problem is spamming.
I think the problem is Postfix is sending using eth0, which in turn means that it appears to come from n.n.n.186, which in turn means that a reverse lookup does not resolve to mail.domain.tld. The loop is not closed and therefor we are suspect.
I did some digging around I think that I need to modify my Postfix configuration by adding "inet_interfaces=n.n.n.186, n.n.n.187, localhost" and "smtp_bind_address=n.n.n.187". However this is where I get a little confused as in one set of documents I have read it says to add these into main.cf, while the postconf.5html say to leave the inet_interface at default and add the smtp_bind_address the master.cf. 

Help would be appreciated, also any suggestions on improving the setup.
John A

========postconf ouput below==========

alias_database = $alias_maps
alias_maps = hash:/etc/aliases
allow_untrusted_routing = no
biff = no
body_checks = regexp:/etc/postfix/maps/body_checks
bounce_size_limit = 65536
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_privs = nobody
default_process_limit = 20
delay_warning_time = 12
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/maps/header_checks
header_size_limit = 32768
home_mailbox = Maildir/
html_directory = no
in_flow_delay = 1s
inet_protocols = all
local_destination_concurrency_limit = 5
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 32768000
mydestination = localhost, localhost.localdomain, localdomain
mydomain = domain.tld
myhostname = mail.$mydomain
mynetworks = 127.0.0.0/8, 192.168.40.0/28 n.n.n.176/28
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.5/README_FILES
recipient_delimiter = +
relay_domains =
relocated_maps = hash:/etc/postfix/maps/relocated
sample_directory = /usr/share/doc/postfix-2.5.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/pki/CA/sub.class2.server.ca.crt
smtp_tls_cert_file = /etc/pki/tls/certs/Linderly_Mail_SSL.crt
smtp_tls_key_file = /etc/pki/tls/private/Linderly_Mail_SSL_Decrypted.key
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = reject_multi_recipient_bounce, 
reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 5s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_limit = 128
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unlisted_recipient,
check_sender_access hash:/etc/postfix/maps/sender_access,
reject_unlisted_sender,
check_client_access hash:/etc/postfix/maps/client_access,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
check_helo_access pcre:/etc/postfix/maps/helo_checks,
check_helo_access pcre:/etc/postfix/maps/helo_access,
reject_unknown_helo_hostname,
check_recipient_access hash:/etc/postfix/maps/recipient_access  
reject_unknown_sender_domain,
check_policy_service unix:/var/spool/postfix/postgrey/socket
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 10
smtpd_tls_CAfile = /etc/pki/CA/sub.class2.server.ca.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/tls/certs/Linderly_Mail_SSL.crt
smtpd_tls_key_file = /etc/pki/tls/private/Linderly_Mail_SSL_Decrypted.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = hash:/etc/postfix/maps/valiases
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = /etc/postfix/maps/vdomains
virtual_mailbox_maps = hash:/etc/postfix/maps/vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:5000

=======master.cf=========

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
    -o cleanup_service_name=pre-cleanup
pickup    fifo  n       -       n       60      1       pickup
    -o cleanup_service_name=pre-cleanup
submission inet n       -       n       -       -       smtpd
     -o cleanup_service_name=pre-cleanup
#cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} 
-d ${user}@${nexthop} -m ${extension}

amavisfeed unix -       -       n        -      4       lmtp
    -o  lmtp_data_done_timeout=1200
    -o  lmtp_send_xforward_command=yes
    -o  disable_dns_lookups=yes
    -o  max_use=20

127.0.0.1:10025 inet n  -       n       -       -       smtpd
    -o  content_filter=
    -o  smtpd_restriction_classes=
    -o  smtpd_delay_reject=no
    -o  smtpd_client_restrictions=permit_mynetworks,reject
    -o  smtpd_helo_restrictions=
    -o  smtpd_sender_restrictions=
    -o  smtpd_recipient_restrictions=permit_mynetworks,reject
    -o  smtpd_data_restrictions=reject_unauth_pipelining
    -o  smtpd_end_of_data_restrictions=
    -o  mynetworks=127.0.0.0/8
    -o  smtpd_error_sleep_time=0
    -o  smtpd_soft_error_limit=1001
    -o  smtpd_hard_error_limit=1000
    -o  smtpd_client_connection_count_limit=0
    -o  smtpd_client_connection_rate_limit=0
    -o  smtpd_milters=
    -o  local_header_rewrite_clients=
    -o  local_recipient_maps=
    -o  relay_recipient_maps=
    -o  
receive_override_options=no_header_body_checks,no_unknown_recipient_checks

pre-cleanup unix n      -       n       -       0       cleanup
    -o  virtual_alias_maps=

cleanup unix    n       -       n       -       0       cleanup
    -o  mime_header_checks=
    -o  nested_header_checks=
    -o  header_checks=
    -o  body_checks=
#   -oalways_bcc=archi...@domain.tld

Reply via email to