Postfix using wrong ip

Discussion in 'Installation/Configuration' started by Taxick, May 23, 2009.

  1. Taxick

    Taxick New Member

    Hallo

    My server have thees to ips added to the server:

    87.*.126.*
    87.*.127.*

    But i can see postfix use both ips... And this is not so good..

    So is there a way, so i can make postfix to only using 87.*.126.* ?????

    I have use this guide du set my server op: LINK

    Thanks

    \\ Taxick
     
  2. edge

    edge Active Member Moderator

    Add the folowing to /etc/postfix/main.cf

    Make sure that you restart postfix after this.

    Held og lykke!
     
    Last edited: May 23, 2009
  3. Taxick

    Taxick New Member

    Thanks it do the job :) You the man :)

    Held og lykke! -> Are you danish???
     
  4. edge

    edge Active Member Moderator

    No.. Dutch, but I know some Danish words. (long long time ago ex-girlfriend)
     
  5. Taxick

    Taxick New Member

    he he okay :)

    Tak for din hjælp.
     
  6. edge

    edge Active Member Moderator

    Selv tak :)
     
  7. Taxick

    Taxick New Member

    Hmm... There is still some problem...

    Here is some info from the mailq

    Code:
    [QUOTE]35160C4609A      615 Sun May 24 00:25:01  [email protected]
    (delivery temporarily suspended: lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
                                            [email protected]
    
    3D5A0C4609C     3936 Sun May 24 00:30:19  [email protected]
    (delivery temporarily suspended: lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
                                             [email protected]
    
    40E93C46094      615 Sun May 24 00:15:01  [email protected]
    (delivery temporarily suspended: lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
                                             ******@******wub.nu
    
    46F43C46098     3957 Sun May 24 00:22:29  [email protected]
    (delivery temporarily suspended: lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
                                            [email protected]
    EDIT SOME MORE INFO:

    Code:
    May 24 00:38:47 server postfix/qmgr[5924]: 35160C4609A: from=, size=615, nrcpt=1 (queue active)
    May 24 00:38:47 server postfix/qmgr[5924]: 3D5A0C4609C: from=, size=3936, nrcpt=1 (queue active)
    May 24 00:38:47 server postfix/qmgr[5924]: 06226C46099: from=, size=3502, nrcpt=1 (queue active)
    May 24 00:38:47 server amavis[5284]: (!)DENIED ACCESS from IP 87.*.126.*, policy bank ''
    May 24 00:38:47 server amavis[5284]: (!)DENIED ACCESS from IP 87.*.126.*, policy bank ''
    May 24 00:38:47 server postfix/smtp[6230]: EF8E7C4609B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=526, delays=526/0.01/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
    May 24 00:38:47 server postfix/smtp[6231]: 35160C4609A: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=827, delays=827/0.01/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
    May 24 00:38:47 server amavis[5284]: (!)DENIED ACCESS from IP 87.*.126.*, policy bank ''
    May 24 00:38:47 server amavis[4157]: (!)DENIED ACCESS from IP 87.*.126.*, policy bank ''
    May 24 00:38:47 server postfix/smtp[6231]: 06226C46099: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=520, delays=520/0.03/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
    May 24 00:38:47 server postfix/smtp[6230]: 3D5A0C4609C: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=509, delays=509/0.03/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
    May 24 00:39:15 server pop3d: Connection, ip=[::ffff:90.*.106.128]
    May 24 00:39:15 server pop3d: LOGIN, [email protected], ip=[::ffff:90.185.106.128], port=[14234]
    May 24 00:39:15 server pop3d: LOGOUT, [email protected], ip=[::ffff:90.185.106.128], port=[14234], top=0, retr=0, rcvd=12, sent=39, time=0
    May 24 00:39:15 server pop3d: Connection, ip=[::ffff:90.*.106.128]
    May 24 00:39:15 server pop3d: LOGIN, [email protected], ip=[::ffff:90.185.106.128], port=[14236]
    May 24 00:39:16 server pop3d: LOGOUT, [email protected], ip=[::ffff:90.185.106.128], port=[14236], top=0, retr=0, rcvd=12, sent=39, time=1
    May 24 00:39:16 server pop3d: Connection, ip=[::ffff:90.*.106.128]
     
    Last edited: May 24, 2009
  8. falko

    falko Super Moderator ISPConfig Developer

    What's in your main.cf?
     
  9. Taxick

    Taxick New Member

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = server.wub.nu
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = server.wub.nu, localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    smtp_bind_address = 87.*.126.*
    
    ## ANTISPAM ##
    
    smtpd_helo_required = yes
    disable_vrfy_command = yes
    strict_rfc821_envelopes = yes
    invalid_hostname_reject_code = 554
    multi_recipient_bounce_reject_code = 554
    non_fqdn_reject_code = 554
    relay_domains_reject_code = 554
    unknown_address_reject_code = 554
    unknown_client_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_local_recipient_reject_code = 554
    unknown_relay_recipient_reject_code = 554
    unknown_sender_reject_code = 554
    unknown_virtual_alias_reject_code = 554
    unknown_virtual_mailbox_reject_code = 554
    unverified_recipient_reject_code = 554
    unverified_sender_reject_code = 554
    
    smtpd_recipient_restrictions =
                reject_invalid_hostname,
                reject_unknown_recipient_domain,
                reject_unauth_pipelining,
                permit_mynetworks,
                permit_sasl_authenticated,
                reject_unauth_destination,
                reject_rbl_client bl.spamcop.net,
                reject_rbl_client dnsbl.sorbs.net,
                reject_rbl_client cbl.abuseat.org,
    	    reject_rbl_client rabl.nuclearelephant.com,
    	    reject_rbl_client combined.rbl.msrbl.net,
                permit
    
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Can you comment out or remove the following part...

    Code:
    ## ANTISPAM ##
    
    smtpd_helo_required = yes
    disable_vrfy_command = yes
    strict_rfc821_envelopes = yes
    invalid_hostname_reject_code = 554
    multi_recipient_bounce_reject_code = 554
    non_fqdn_reject_code = 554
    relay_domains_reject_code = 554
    unknown_address_reject_code = 554
    unknown_client_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_local_recipient_reject_code = 554
    unknown_relay_recipient_reject_code = 554
    unknown_sender_reject_code = 554
    unknown_virtual_alias_reject_code = 554
    unknown_virtual_mailbox_reject_code = 554
    unverified_recipient_reject_code = 554
    unverified_sender_reject_code = 554
    ... and try again?
     
  11. Taxick

    Taxick New Member

    Sorry for the late answer agian...

    It dit not work.. :(
     
  12. deadbattery

    deadbattery New Member

    I guess you've probably solved this by now, or given up, but in case anyone else comes across this like I did here's how I got this working.

    You need postfix to be able to use both a specific external ip address to send to the world and the loopback address to send to amavis so remove the following from main.cf...
    Code:
    smtp_bind_address = 87.*.126.* 
    ...and edit the inet_interfaces param so it's like this:
    Code:
    inet_interfaces = 87.*.126.*, 127.0.0.1
     
  13. Ovidiu

    Ovidiu Active Member

    similar problem here and found this on faqforge: http://www.faqforge.com/tag/smtp_bind_address/

    I have 2 IPs and want to have SMTP sending out via 1 IP only.

    I tried:

    Code:
    inet_interfaces = 1stIP, 127.0.0.1
    smtp_bind_address = 1stIP
    seemed fine at first but then I realized postfix seemed unable to talk to amavis anymore since smtp_bind_address needed 127.0.0.1 too.

    Unfortunately I can't seem to find any info if the smtp_bind_address directive takes 2 IPs just like inet_interfaces does.

    If it does, would this be the right configuration on an ISPCFG3 system to send only via 1stIP and not any other IPs?

    Code:
    inet_interfaces = 1stIP, 127.0.0.1
    smtp_bind_address = 1stIP, 127.0.0.1
     

Share This Page