Hi,
on FreeBSD, I successfully set up a jail host with some jails (via
ezjail) in it. On the host I have 3 network interfaces: re0, lo0, and
lo1. The jails get IP addresses on re0 (IPv6) and lo1 (IPV4), some only
on lo1. I use PF to NAT from lo1 to re0. Hence, all of the jails are
connected to the WWW via an IPv4 but some also have a public IPv6
address to interact with the WWW.
I use postfix for the mail system. There is one "central" instance in
one jail and one "smaller" instance in every other jail each.
The "central" mail.something.tld has address 127.0.2.1. The "smaller"
instances are configured to only send local administration mails
relaying these over the "central" postfix instance and have addresses
such as 127.0.2.X. They do not receive any mail and are configured as
follows:
> inet_interfaces = loopback-only
> inet_protocols = ipv4
> mynetworks_style = host
>
> mydestination =
> relay_domains =
>
> alias_database = hash:/etc/aliases
> alias_maps = $alias_database
>
> relayhost = 127.0.2.1
Since I want the postfix systems to only interact with each other on the
lo1 device I specified that only IPv4 may be used and refer to the relay
host mail.something.tld with its IPv4 address on the loopback device. I
share this configuration with every jail to make maintenance easier.
The configuration works in every jail perfectly. There is just one
thing: I also use this configuration on the jail host which I call
tank.something.tld. Of course, this machine has access to every network
device and every IP address. There, the configuration does _not_ work
giving me the following error message when I try to send mail from it:
> ... status=deferred (mail for 127.0.2.1 loops back to myself)
If I specify
> relayhost = mail.something.tld
and set
> inet_protocols = all
the message is sent successfully using the re0 interface and
mail.something.tld's IPv6 address.
Though, I would like to share the same configuration file on all of
these "smaller" instances (including the "smaller" instance on the
jail's host tank.something.tld) and also make the "smaller" instance
on tank.something.tld to use the lo1 device to deliver emails to the
"central" instance mail.something.tld (127.0.2.1).
Initially, I thought this is a misconfiguration of my (jail's) network
but from tank.something.tld I can telnet to 127.0.2.1 successfully _not_
looping back to myself with
telnet 127.0.2.1 25
and postfix on mail.something.tld greets me happily. :)
Why do I get this error message and how can I achieve that tank also
relays mail via lo1 not "looping back to itself"?
Previously, I configured IP addresses on lo1 with 10.X.X.X and did not
get this error. I am now using 127.X.X.X though because otherwise
postfix does not regonise the loopback device and I cannot use the
`loopback-only` configuration.
I also thought about using
> relayhost = mail.something.tld
and set
> 127.0.2.1 mail mail.something.tld
in each jail's and the tank's `/etc/hosts` with `smtp_host_lookup =
native, dns` but this still resulted in the jail's so resolve
mail.something.tld via its IPv6 address -- which works in those jails
that have an IPv6 address but in those that do not have one it does not
work. Additionally, the mail is not send via the lo1 device which is
actually intended.
Any help is very much appreciated.
Best,
--
Niklaas
