How to use specific *local* IPv4 address for outbound depending on sender domain?

Sun, 25 Sep 2016 14:13:46 -0700 

Hello,

I have a single postfix server servicing my company’s domain and several 
customer domains. All outbound mail is first received by postfix,  then sent to 
the same barracuda email service to go on to it’s final destination.


I want Postfix to use a specific local IPv4 address when it connects to the 
barracuda relay, depending on which domain the email is from.  This will 
ultimately show up in the email headers for the recipient, and I need to 
separate my company from the customers. 


If the mail is from mycompany.com ,  use local IP address (eth0) 10.50.55.16  
when connecting to the barracuda service to send the mail.

All other domains (our customers),  use 10.50.55.17 (eth0:1)

These local IPs ultimately NAT to different public IPv4 on different subnets 
and different reverse DNS names, etc.



I have already configured postfix to listen on both IP address, and even to use 
different TLS certificates for them via the master.cf and I verified this is 
working.  But even connecting to the second IP via SMTP, authenticating and 
sending a mail,  the first IP is used when connecting to the relay host, as 
seen in the headers of the email.



My configuration is slightly broken right now, but I don’t know how to proceed 
to accomplish what I am trying to do.


Thanks for any help,

- Kevin



my /etc/postfix/transport (I know this isn’t working .. )

mycompany.com smtp:[10.50.55.16]:587
customer1.com smtp:[10.50.55.17]:587
customer2.com smtp:[10.50.55.17]:587


postconfig -nf:

postconf: warning: /etc/postfix/main.cf: unused parameter: 
sender_based_routing=yes


alias_maps =
append_dot_mydomain = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_protocols = ipv4
local_transport = error:Local Transport Disabled
mydestination = localhost.$mydomain localhost
mydomain = mailsystem.com
myhostname = mailsystem.com
mynetworks = 127.0.0.0/8
postscreen_greet_action = enforce
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_new_tls_session_rate_limit = 10
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/drop.cidr
smtpd_data_restrictions = reject_multi_recipient_bounce
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks check_helo_access
    pcre:/etc/postfix/identitycheck.pcre reject_invalid_hostname
smtpd_recipient_restrictions = reject_non_fqdn_recipient
    reject_unknown_recipient_domain permit_sasl_authenticated permit_mynetworks
    reject_unauth_destination check_sender_ns_access cidr:/etc/postfix/drop.cidr
    check_sender_mx_access cidr:/etc/postfix/drop.cidr reject_rbl_client
    ix.dnsbl.manitu.net permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain
smtpd_tls_dh1024_param_file = ${config_directory}/certs/dh_1024.pem
smtpd_tls_dh512_param_file = ${config_directory}/certs/dh_512.pem
smtpd_tls_exclude_ciphers = EXP EDH-RSA-DES-CBC-SHA ADH-DES-CBC-SHA DES-CBC-SHA
    SEED-SHA
smtpd_tls_loglevel = 2
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf
virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf
    hash:/etc/postfix/transport
virtual_transport = dovecot



postconf -Mf:


dovecot    unix  -       n       n       -       -       pipe flags=ODRhu
    user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f ${sender} -d
    ${recipient}
10.50.55.16- unix -      n       n       -       -       smtp
    -o smtp_bind_address=10.50.55.16
    -o smtp_bind_address6=
    -o smtp_address_preference=ipv4
10.50.55.17- unix -      n       n       -       -       smtp
    -o smtp_bind_address=10.50.55.17
    -o smtp_bind_address6=
    -o smtp_address_preference=ipv4
10.50.55.16:smtp inet n  -       n       -       -       smtpd
    -o smtpd_tls_cert_file=/etc/ssl/certs/mail.mycompany.com-chain.crt
    -o smtpd_tls_key_file=/etc/ssl/private/mail.mycompany.com.key
10.50.55.16:smtps inet n -       n       -       -       smtpd
    -o smtpd_tls_wrappermode=yes
    -o smtpd_tls_cert_file=/etc/ssl/certs/mail.mycompany.com-chain.crt
    -o smtpd_tls_key_file=/etc/ssl/private/mail.mycompany.com.key
10.50.55.16:submission inet n -  n       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=
    -o smtpd_tls_cert_file=/etc/postfix/cert1.pem
    -o smtpd_tls_key_file=/etc/postfix/cert1.pem
10.50.55.17:smtp inet n  -       n       -       -       smtpd
    -o 
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.customerservers.com/fullchain.pem
    -o 
smtpd_tls_key_file=/etc/letsencrypt/live/mail.customerservers.com/privkey.pem
10.50.55.17:smtps inet n -       n       -       -       smtpd
    -o smtpd_tls_wrappermode=yes
    -o 
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.customerservers.com/fullchain.pem
    -o 
smtpd_tls_key_file=/etc/letsencrypt/live/mail.customerservers.com/privkey.pem
10.50.55.17:submission inet n -  n       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=
    -o smtpd_tls_cert_file=/etc/postfix/cert2.pem
    -o smtpd_tls_key_file=/etc/postfix/cert2.pem
pickup     unix  n       -       -       60      1       pickup
cleanup    unix  n       -       -       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       -       1000?   1       tlsmgr
rewrite    unix  -       -       -       -       -       trivial-rewrite
bounce     unix  -       -       -       -       0       bounce
defer      unix  -       -       -       -       0       bounce
trace      unix  -       -       -       -       0       bounce
verify     unix  -       -       -       -       1       verify
flush      unix  n       -       -       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       -       -       -       smtp
relay      unix  -       -       -       -       -       smtp
showq      unix  n       -       -       -       -       showq
error      unix  -       -       -       -       -       error
retry      unix  -       -       -       -       -       error
discard    unix  -       -       -       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       -       -       -       lmtp
anvil      unix  -       -       -       -       1       anvil
scache     unix  -       -       -       -       1       scache
maildrop   unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu
    user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn
    argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
    user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R
    user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
    ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR
    user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
    ${user}

Reply via email to