Thanks Viktor, for you have diagnosed my problem to the point. >>Typically this also means that the DNS view of the domain's MX >>records as seen by the servers is likely the external one, but >>they probably need an internal view that presents only the internal >>SMTP servers for the domain.
This exactly the problem however, I am not how to set up the dns for the host correctly such that any lookup will yield the host's internal (NATted) address. Any suggestions would be most welcome. I have now included the proxy_interface parameter that points to the host's internal address. Not sure though whether that will solve the problem. What I wonder however, is why does this problem appear intermittently? Thanks. ________________________________________ From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni [postfix-us...@dukhovni.org] Sent: Wednesday, November 23, 2011 12:30 PM To: postfix-users@postfix.org Subject: Re: Mail server tries to send to redundant server instead of accepting the incoming smtp mail On Wed, Nov 23, 2011 at 10:29:54AM -0600, Stan Hoeppner wrote: > On 11/23/2011 9:52 AM, Islam, Towhid wrote: > > I have been puzzled over this for a while and do not know what causes the > > problem or what is really happening. > > > > I have two internet mail relay servers, let's call them mr1 and mr2. Both > > are identical in configuration but have different host names and ip > > addresses are running simultaneously. Every now and then I notice that > > some incoming mail is stuck in mr1's mail queue because it tries to > > contact/send the mail to mr2 where it times out. Something like: > > > > 6E60C5F3CAF 2784 Wed Nov 23 10:26:04 > > tis...@yahoo.com<mailto:tis...@yahoo.com> > > (connect to mr2.junk.com[xx.xxx.xx.xx]:25: > > Operation timed out) > > > > My question is why does this happen? Why does mr1 try to > > connect to mr2 where it times out for some reason? Why does it > > not accept (receive) the (incoming) mail from yahoo itself and > > process for delivery (to the next hop which is located on the other > > side of the firewall)? How do the resolve the problem? Thanks. Perhaps missing proxy_interfaces definitions on servers behind a NAT firewall, so the two servers don't know that they are MX hosts for the domain (the IPs don't match), and may attempt to forward to each other, using external addresses that they can't reach. There may also be issues with inet_interfaces and smtp_bind_address (the OP should read the documentation for these parameters) if the machines have multiple network interfaces. http://www.postfix.org/postconf.5.html#inet_interfaces http://www.postfix.org/postconf.5.html#proxy_interfaces http://www.postfix.org/postconf.5.html#smtp_bind_address Typically this also means that the DNS view of the domain's MX records as seen by the servers is likely the external one, but they probably need an internal view that presents only the internal SMTP servers for the domain. The OP must either implement a suitable internal DNS view or make sure transport settings are properly defined for inbound domains. http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Viktor.
