Yes, and I also told you how I didn't know what most of the results from tcpdump meant.
K > Sent: Tuesday, May 02, 2023 at 4:21 pm > From: "Wietse Venema via Postfix-users" <postfix-users@postfix.org> > To: "Kolusion K" <kolus...@post.com> > Cc: postfix-users@postfix.org > Subject: [pfx] Re: Contradicting Postfix documentation > > Kolusion K via Postfix-users: > Yesterday you sent a tcpdump trace where Postfix fails to make a > connection from 192.168.2.2: > > 23:11:38.333669 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags > [S], seq 3300139944, win 65280, options [mss 1360,sackOK,TS val > 912086021 ecr 0,nop,wscale 7], length 0 > > Today you claim that Postfix does NOT USE THAT IP ADDRESS. > > I have specified Postfix to use a certain interface in 'main.cf': > > inet_interfaces = 192.168.2.2 > > The problem is, Postfix is not using this interface and is > instead using another interface to send e-mail. > > In fact it does use the IP address, but there is no route from > 192.168.2.2 to the remote destination. > > According to the inet_interfaces manpage, EMPHASIS ADDED FOR CLARITY: > > When inet_interfaces specifies just one IPv4 and/or IPv6 address that > is not a loopback address, the Postfix SMTP client will use this ad? > dress as the IP source address for outbound mail. Support for IPv6 is > available in Postfix version 2.2 and later. > > On a multi-homed firewall with separate Postfix instances listening on > the "inside" and "outside" interfaces, THIS CAN PREVENT EACH INSTANCE > FROM BEING ABLE TO REACH REMOTE SMTP SERVERS ON THE "OTHER SIDE" OF THE > FIREWALL. Setting smtp_bind_address to 0.0.0.0 avoids the potential > problem for IPv4, and setting smtp_bind_address6 to :: solves the prob- > lem for IPv6. > > A better solution for multi-homed firewalls is to leave inet_interfaces > at the default value and instead use explicit IP addresses in the mas- > ter.cf SMTP server definitions. This preserves the Postfix SMTP > client's loop detection, by ensuring that each side of the firewall > knows that the other IP address is still the same host. Setting > $inet_interfaces to a single IPv4 and/or IPV6 address is primarily use- > ful with virtual hosting of domains on secondary IP addresses, when > each IP address serves a different domain (and has a different $myhost- > name setting). > > Your complex network configuration makes it a multi-homed host, and it is > subject to the same problems as described above. > > Wietse > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
