Thanks for replying. Please see my answers inline. On Mon, Aug 19, 2013 at 4:21 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Abhijeet Rastogi: > > Hi all, > > > > Some info before starting: > > > > a. There are two postfix instances on two different boxes. One (named > > Postfix-INT) has only 1 IP and the other (named Postfix-EXT) has 5 ips > (to > > divide traffic among them by defining separate smtp services). > > Please describe the problem that you are trying to solve, instead > of one solution that you came up with. There may be better > solutions. > > Issue is, earlier I had only 1 IP on the outgoing mail server. Due to compromised accounts, it got blocked on one of the RBLs. I've a anti-spam solution that categorises the mail as L1, L2 and L3. (L1 being the sure-shot spam). Moreover, more than 1 domain will use that outgoing server to send the mails. While sending mails, Idea is to use separate IP addresses for each domains & also to send the L3 (suspect mails, ie there is a high probability for it to be spam) from a common suspect IP for all these domains. So, if there are any compromised accounts, only the suspect IP (from which I send L3 mails) gets blocked. As mentioned earlier, L1 and L2 are rejected. > Is the goal to select the SMTP client source IP address based on > recipient address or message header properties? Does it matter that > SMTP mail may contain more than one recipient? > Actually both. Lets suppose I've 4 domains and 5 ip addresses. - All these domains will use separate IPs for sending mails. Domain Pure_Traffic Suspect_Traffic A1.com ip1 ip5 A2.com ip2 ip5 A3.com ip3 ip5 A4.com ip4 ip5 > Wietse > Also, correct psuedo code is: (Wrote "C" instead of header L3 in line 5) 1. If header is L1 or L2, REJECT (done via milter_header_checks) 2. If internal domains *(even that have header L3)* 3. then deliver it to our storage servers *(through lmtp, as explained above, it's done via transport_maps) * 4. else if external domains 5. If the header value is L3 6. deliver via postfix-INT (Because I don't care much about the IP bound in postfix-INT) 7. else 8. relay mails to Postfix-EXT. ( * record in transport_maps. Note that this comes after the lmtp delivery part and is the last entry there) -- Regards, Abhijeet Rastogi (shadyabhi) http://blog.abhijeetr.com
