postfix nat + multiple mail hostnames

Discussion in 'Installation/Configuration' started by rvarkevisser, Jan 21, 2009.

  1. rvarkevisser

    rvarkevisser New Member

    Hi there,

    I've got a strange problem.
    We have got 3 ISPConfig servers running in VM behind a nat firewall.

    We use postfix on our server and want to create an MX record for every domain with the hostname mail.domain.com.
    The problem is that every ispconfig vmguest (even the vmware server) cannot connect to mail.domain.com over port 25, even
    when the domain is hosted on the same server.

    telnet: Unable to connect to remote host: Connection refused
    -
    But when I try to connect to mail.domain.com from outside (like at home), it works great.

    The strange thing is, I CAN connect to every ispconfig vmguest using the localhost or hostname of the server, but not the mail.domain.com

    In local-host-names I've got mail.domain.com, etc.etc.

    I've looked at the NAT translations, but cannot find anything.
    Also when I do a telnet on port 80 (www) from a vmguest to a different vmquest, using the public ip adres, it works!!! So It's not a NAT problem or routing problem.

    It's not a resolving problem, because DNS works perfectly and I can resolve mail.domain.com from every vm server.

    It's postfix that gives this problem for the vmguests and vmware server. Outside the network everything works the way it should.

    When I add the record mail.domain.com to /etc/resolv.conf and let it resolve to the local ip of the server or another vmguest, it works also! So you could say it's a NAT problem, but why is
    www or ftp or dns working through NAT?

    I've tried the following setting in main.cf
    mynetworks = 0.0.0.0/0
    inet_interfaces = all




    I need help.... big time!
     
    Last edited: Jan 21, 2009
  2. till

    till Super Moderator

    Postfix does not rely on the domain name. As long as postfix listens on the IP address that you ponted the domain name to, it will work. Please chacek that mail.domain.com really ahs the correct DNS A-Record that points to the external IP address of the server (router) and that you forwarded port 25 from the router to the internal IP of the server.
     
  3. rvarkevisser

    rvarkevisser New Member

    iptables problem

    I found the application which causes the problem. It's iptables.

    When I want to connect (telnet) to the public IP address through port 25, it gives an "Unable to connect" error.

    I use the same NAT rule for http, but with a different public ip address. The strange thing is, I can connect to port 80 when telnetting to this public ip over port 80.

    It's only port 25 that gives the problem. The rules are exactly the same, only one is with http and the other with smtp. I use fwbuilder to maintain the rules, so there could be a bug in it. I will try version 3.0.

    GR.
    Remon
     

Share This Page