> Wietse:
> What is the legitimate use case for this kind of policy evasion?
Just to be clear, I'm not a spammer, if anything, I couldn't be more
far from it.
I'm in the business of (strictly subscription-only) "monitoring
stuff". I mean, as soon as an event happens the subscribers who signed
up to that kind of event must be alerted immediately (99.9999% of the
times subscribers get a single email per day). But because we have
grown considerably recently, we needed extra outbound IPs because we
started to hit some ESP's limit of mail sent per hour from a single
source IP.
So I added an extra IP to the existing stack and used iptables to
split the outbound connections using the nat table.
But that created a problem because postfix would picks up the hostname
used in the helo (and other stuff???) from IP 1 and iptables would
route the connection through IP 2, so the client would see the message
headers like this one
Received: from AAAA.mydomain.tld (BBBB.mydomain.tld. [1.1.1.1])
by mta.foreign.tld with ESMTPS id abcdf....
for <f...@foreign.tld>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 27 Mar 2014 ....
See how postfix helo was "AAAA.mydomain.tld" but the message actually
came from "BBBB.mydomain.tld".
And that simple header inconsistency bothers me (OCD)
So instead of splitting smtp using iptables I now use that script I
posted upthread, and the headers now look like this:
Received: from AAAA.mydomain.tld (AAAA.mydomain.tld. [1.1.1.1])
by mta.foreign.tld with ESMTPS id abcdf....
for <f...@foreign.tld>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 27 Mar 2014 ....
Received: from BBBB.mydomain.tld (BBBB.mydomain.tld. [2.2.2.2])
by mta.foreign.tld with ESMTPS id abcdf....
for <f...@foreign.tld>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 27 Mar 2014 ....
Is there a more elegant way achieve this?
