On 8/11/2014 11:04 AM, terrygalant.li...@fastest.cc wrote: > Greetings! > > I have 3 servers connected via lan & vpn. > > SERVER-1 is a hosted VM in the cloud > EXTIF eth0 (198.51.100.1, 198.51.100.2, 10.0.1.1) > TUNIF tun1 (192.168.1.1) > > SERVER-2 is my LAN's router/firewall > EXTIF eth0 (203.0.113.1) > TUNIF tun1 (192.168.1.2) > INTIF eth1 (10.0.2.1, 172.16.2.1) > > SERVER-3 is a server on the LAN. Postfix listens/binds on 10.0.2.47 > EXTIF eth0 (10.0.2.47, 172.16.2.47) > > Policy routing + (D)NAT makes sure that outbound mail flows from Postfix on > SERVER-3, through the router on SERVER-2 and over the VPN , and out via > SERVER-1. Likewise, inbound mail flows the opposite direction. > > I've read http://www.postfix.org/postconf.5.html#proxy_interfaces, and, my > postfix config has > > inet_interfaces = 10.0.2.47 > inet_protocols = ipv4 > mydestination = $myhostname, localhost.$mydomain, localhost > mynetworks = 10.0.2.0/24 172.16.2.0/24 127.0.0.0/8 > proxy_interfaces = 198.51.100.1, 198.51.100.2 > smtp_bind_address = 10.0.2.47 > > So, mail's sending/receiving okay. > > But I don't completely understand use "proxy_interfaces" even after > re-reading a couple times. > > With the servers setup like above is the "proxy_interfaces" correct & enough? > Mainly looking to prevent any loops/relays/etc that I haven't found in my > testing so far. > > Just getting verification from someone more experienced would help out! > > Terry >
proxy_interfaces should list any external IPs that *this* postfix is connected to on the other side of a NAT. Any IPs that are not "local" on this box that connect to postfix should be listed here. HTH -- Noel Jones
