Hi everyone, I am running Zimbra which means my MTAs are running Postfix 2.6.7.
At work, our mail systems were hosted within our office but as of yesterday they are hosted externally at a data center. When everyone would get to the MTA while the system was in the office, they would be seen by their internal address. However, since moving the mail systems to the data center, we are sending all of that traffic over the WAN and so all of our users are getting NAT'd to one IP outbound which is what our MTAs will see them as when they go to send mail. It seems like this is causing an issue because intermittently any connections from our NAT IP start getting ignored by our two MTA's. I can watch a TCPDUMP on the MTAs and then telnet to them on 25 from a box behind the NAT and I can see the SYN packets arriving to the MTA but no response is given. Worth noting, no connection can be made from the NAT IP to other ports I have Postfix listening on, either. During the same time, I can get to the MTAs on port 25 from outside of the NAT or if I am coming from a box on the same network that gets NAT'd to a different IP. Viewing logs, I can't find any sort of rate limiting being applied to this NAT IP. Anvil doesn't appear to be doing anything to the connections and I even strace'd the anvil process on both MTAs and there was nothing for the NAT IP. Considering that when the issue occurs I can't even establish a connection on 25, makes me think that this may not be a Postfix issue and may be something kernel related. However, I'm baffled, so if anyone has any ideas I'd really appreciate them. Thanks, Ryan
