On 1/10/2014 9:18 AM, Andy Rowe wrote:
> Hello:
>
> I have a production mail / web server for a couple very low volume
> domains. (CentOS 6.4, apache, postfix) I have a production exchange
> server for another small domain. I want to set the CentOS server up
> to serve mail to its current clients as well as act as a gateway for
> content filtering for the Exchange server. I set up a lab server to
> test configurations and have everything working well. I’ve
> transferred the set up to the production CentOS server and
> everything seems to work.
>
> I have two DSL connections, each with its own router and static IP.
> Each router has a pinhole configured to forward traffic on port 25
> to one of the two servers. While testing, I could change the IP
> address for the pinhole configured on the Exchange server’s router
> to the lab server and mail traffic would flow to the lab server. It
> would serve mail to its own clients as well as except mail for the
> exchange server and relay it after filtering. Now when I try to
> configure the pinholes of both routers to send port 25 to the CentOS
> production server, mail from one router continues to flow but the
> other does not. When I try to telnet into the server through the one
> router’s IP, it times out.
>
> Firewall issues and other non-postfix related trouble aside, is
> there any reason this shouldn’t work?
This isn't a postfix problem. Two DSL routers to a single server
creates a complex routing problem. Basically the server doesn't know
which router a connection comes from, so connections from the
non-default router will always fail.
There are multiple ways to solve this, but AFAIK none are simple,
and some solutions may cause other problems. Ask for more help on a
support list for your operating system.
-- Noel Jones
>
> Inet_interface is set to all. Proxy address is set to the two static IPs
>
> Postconf –n below
>
>
>
> alias_database = hash:/etc/aliases
>
> alias_maps = hash:/etc/aliases
>
> broken_sasl_auth_clients = yes
>
> command_directory = /usr/sbin
>
> config_directory = /etc/postfix
>
> daemon_directory = /usr/libexec/postfix
>
> data_directory = /var/lib/postfix
>
> debug_peer_level = 2
>
> home_mailbox = Maildir/
>
> html_directory = no
>
> inet_interfaces = all
>
> inet_protocols = all
>
> mail_owner = postfix
>
> mailbox_size_limit = 0
>
> mailq_path = /usr/bin/mailq.postfix
>
> manpage_directory = /usr/share/man
>
> message_size_limit = 0
>
> mydestination =
>
> mydomain = smila.net
>
> myhostname = mail.smila.net
>
> mynetworks = 127.0.0.0/8, 192.168.0.0/24
>
> myorigin = $myhostname
>
> newaliases_path = /usr/bin/newaliases.postfix
>
> proxy_interfaces = 74.169.65.249, 68.153.211.65
>
> queue_directory = /var/spool/postfix
>
> readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
>
> relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
>
> relay_recipient_maps = hash:/etc/postfix/relay_recipients
>
> relayhost = 192.168.0.5:25
>
> sample_directory = /usr/share/doc/postfix-2.6.6/samples
>
> sendmail_path = /usr/sbin/sendmail.postfix
>
> setgid_group = postdrop
>
> smtp_enforce_tls = no
>
> smtp_tls_security_level = may
>
> smtp_use_tls = yes
>
> smtpd_client_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_pipelining,
> reject_rbl_client sbl-xbl.spamhaus.org permit
>
> smtpd_delay_reject = yes
>
> smtpd_enforce_tls = no
>
> smtpd_helo_required = yes
>
> smtpd_helo_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_pipelining, permit
>
> smtpd_recipient_restrictions = reject_non_fqdn_recipient,
> permit_auth_destination, reject_unauth_destination,
> reject_unknown_recipient_domain, reject
>
> smtpd_sasl_auth_enable = yes
>
> smtpd_sasl_path = private/auth
>
> smtpd_sasl_security_options = noplaintext, noanonymous
>
> smtpd_sasl_type = dovecot
>
> smtpd_sender_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_non_fqdn_sender,
> reject_unknown_sender_domain, permit
>
> smtpd_tls_cert_file = /etc/postfix/certs/cert.pem
>
> smtpd_tls_key_file = /etc/postfix/certs/key.pem
>
> smtpd_tls_security_level = may
>
> smtpd_use_tls = yes
>
> tls_random_source = dev:/dev/urandom
>
> unknown_local_recipient_reject_code = 550
>
> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
>
> virtual_gid_maps = static:5000
>
> virtual_mailbox_base = /var/vmail
>
> virtual_mailbox_domains =
> mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
>
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
>
> virtual_transport = dovecot
>
> virtual_uid_maps = static:5000
>
>
>
> master.conf
>
> smtp inet n - n - 20 smtpd
>
> -o smtpd_proxy_filter=127.0.0.1:10024
>
> -o smtpd_client_connection_count_limit=10
>
> -o smtpd_proxy_timeout=300s
>
> -o smtpd_proxy_options=speed_adjust
>
> submission inet n - n - - smtpd
>
> -o smtpd_tls_security_level=encrypt
>
> -o smtpd_sasl_auth_enable=yes
>
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> -o milter_macro_daemon_name=ORIGINATING
>
> smtps inet n - n - - smtpd
>
> -o smtpd_tls_wrappermode=yes
>
> -o smtpd_sasl_auth_enable=yes
>
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> -o milter_macro_daemon_name=ORIGINATING
>
> 127.0.0.1:10025 inet n - n - - smtpd
>
> -o content_filter=
>
> -o local_recipient_maps=
>
> -o relay_recipient_maps=
>
> -o smtpd_restriction_classes=
>
> -o smtpd_client_restrictions=
>
> -o smtpd_helo_restrictions=
>
> -o smtpd_sender_restrictions=
>
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
>
> -o mynetworks=127.0.0.0/8
>
> -o strict_rfc821_envelopes=yes
>
> -o smtpd_error_sleep_time=0
>
> -o smtpd_soft_error_limit=1001
>
> -o smtpd_hard_error_limit=1000
>
> dovecot unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d
> ${recipient}
>
> #
>
