Asai:
> Greetings,
>
> We're in the process of migrating our server to a new IP address block
> but we're running into issues where reverse DNS checks are causing some
> problems.? I will outline in brief here:
>
> * We're moving our email server to a new router with a new IP block
> * In order to do this in a gradual manner, we're moving services one
> at a time to the new IP block, which entails forwarding traffic from
> the new router and new IP block to the old router. This is so we can
> test our firewall and NAT rules and ensure all services are working
> before making a final switchover.
> * This method works for HTTPs services, but for email it's a problem
> because the email service sees all traffic as coming from a single
> IP (static route from the new router) and breaks reverse DNS lookup
> for incoming mail.
>
> Does anybody know of a method whereby we could get around this
> limitation?? Is reverse DNS lookup essential?? Or is there another way?
If you can't do this without losing the remote SMTP client IP
address, your options are:
- Install HAproxy on the "router", configure HaProxy to forward
mail to Postfix, and configure Postfix to use
"smtpd_upstream_proxy_protocol = haproxy".
With this, Postfix CANNOT receive direct SMTP mail. It is not
guessing if a connection is made directly or through HAproxy.
- Install nginx on the "router", configure nginx to send XCLIENT
commands to Postfix. and enable Postfix XCLIENT for the router's
IP address with "smtpd_authorized_xclient_hosts = 1.2.3.4".
With this, Postfix can still receive direct SMTP mail.
Wietse
