Also, I can't bind all IPs on the same box as I'm short of IPs in the location where Postfix-INT is located. The ip5 is located on Postfix-INT and not Postfix-EXT, rest are on Postfix-EXT. The above table also has an exception than if they're are internal mails, meaning mails from A1.com to A1.com or A1.com to A2.com, they're lmtp'ed directly on postfix-INT itself. (This is done to save bandwidth)
Sorry for wrong info in previous mail, I was trying to be as quick as possible to catch you while you're online. On Mon, Aug 19, 2013 at 4:42 PM, Abhijeet Rastogi <abhijeet.1...@gmail.com>wrote: > Thanks for replying. Please see my answers inline. > > On Mon, Aug 19, 2013 at 4:21 PM, Wietse Venema <wie...@porcupine.org>wrote: > >> Abhijeet Rastogi: >> > Hi all, >> > >> > Some info before starting: >> > >> > a. There are two postfix instances on two different boxes. One (named >> > Postfix-INT) has only 1 IP and the other (named Postfix-EXT) has 5 ips >> (to >> > divide traffic among them by defining separate smtp services). >> >> Please describe the problem that you are trying to solve, instead >> of one solution that you came up with. There may be better >> solutions. >> >> > Issue is, earlier I had only 1 IP on the outgoing mail server. Due to > compromised accounts, it got blocked on one of the RBLs. I've a anti-spam > solution that categorises the mail as L1, L2 and L3. (L1 being the > sure-shot spam). Moreover, more than 1 domain will use that outgoing server > to send the mails. > > While sending mails, Idea is to use separate IP addresses for each domains > & also to send the L3 (suspect mails, ie there is a high probability for it > to be spam) from a common suspect IP for all these domains. So, if there > are any compromised accounts, only the suspect IP (from which I send L3 > mails) gets blocked. As mentioned earlier, L1 and L2 are rejected. > > > >> Is the goal to select the SMTP client source IP address based on >> recipient address or message header properties? Does it matter that >> SMTP mail may contain more than one recipient? >> > > Actually both. Lets suppose I've 4 domains and 5 ip addresses. > - All these domains will use separate IPs for sending mails. > > Domain Pure_Traffic Suspect_Traffic > A1.com ip1 ip5 > A2.com ip2 ip5 > A3.com ip3 ip5 > A4.com ip4 ip5 > > > >> Wietse >> > > Also, correct psuedo code is: (Wrote "C" instead of header L3 in line 5) > > > 1. If header is L1 or L2, REJECT (done via milter_header_checks) > 2. If internal domains *(even that have header L3)* > 3. then deliver it to our storage servers *(through lmtp, as > explained above, it's done via transport_maps) * > 4. else if external domains > 5. If the header value is L3 > > 6. deliver via postfix-INT (Because I don't care much about the > IP bound in postfix-INT) > 7. else > 8. relay mails to Postfix-EXT. > ( * record in transport_maps. Note that this comes after the lmtp > delivery part and is the last entry there) > > -- > Regards, > Abhijeet Rastogi (shadyabhi) > http://blog.abhijeetr.com > -- Regards, Abhijeet Rastogi (shadyabhi) http://blog.abhijeetr.com
