locking IP postfix uses
in [Postfix]
|
Prev: Howto install Postfix based on OpenVZ
Next: proxymap(8), number of connections, detecting altered tables
From: Stan Hoeppner on 19 Jun 2010 19:12 Ben Munat put forth on 6/19/2010 5:52 PM: > On 6/19/10 3:33 PM, Stan Hoeppner wrote: >> Ben Munat put forth on 6/19/2010 5:20 PM: >> >>> What am I missing? >> >> You are missing the required evidence that would allow us to help > you. We >> need actual error messages, log entries, postconf -n output, etc. The > list >> welcome message told you what to provide. >> >> Based on what you've provided so far, we can only _speculate_ as to > the cause >> of the problem. We need evidence to actually identify the cause. >> > > Hi, thanks for the quick reply... and good point. > > Here is an example from the mail log: > > Jun 17 20:45:26 munat postfix/smtp[17934]: E533B4432C: > to=<mrodbard(a)metromix.com>, relay=mx1.emailsrvr.com[72.4.117.7]:25, > delay=0.84, delays=0.13/0.19/0.29/0.24, dsn=5.7.1, status=bounced (host > mx1.emailsrvr.com[72.4.117.7] said: 554 5.7.1 ACL dns_rbl; Client host > [64.69.38.45] blocked using pf-ip4tset.blagr.emailsrvr.com=127.22.0.2 > Please visit http://bounce.emailsrvr.com/?a0 for more information on why > this message could not be delivered (in reply to RCPT TO command)) Please provide output of the following shell commands: ifconfig -a iptables -S -- Stan
From: Stan Hoeppner on 19 Jun 2010 19:25 Stan Hoeppner put forth on 6/19/2010 6:12 PM: > Ben Munat put forth on 6/19/2010 5:52 PM: >> On 6/19/10 3:33 PM, Stan Hoeppner wrote: >>> Ben Munat put forth on 6/19/2010 5:20 PM: >>> >>>> What am I missing? >>> >>> You are missing the required evidence that would allow us to help >> you. We >>> need actual error messages, log entries, postconf -n output, etc. The >> list >>> welcome message told you what to provide. >>> >>> Based on what you've provided so far, we can only _speculate_ as to >> the cause >>> of the problem. We need evidence to actually identify the cause. >>> >> >> Hi, thanks for the quick reply... and good point. >> >> Here is an example from the mail log: >> >> Jun 17 20:45:26 munat postfix/smtp[17934]: E533B4432C: >> to=<mrodbard(a)metromix.com>, relay=mx1.emailsrvr.com[72.4.117.7]:25, >> delay=0.84, delays=0.13/0.19/0.29/0.24, dsn=5.7.1, status=bounced (host >> mx1.emailsrvr.com[72.4.117.7] said: 554 5.7.1 ACL dns_rbl; Client host >> [64.69.38.45] blocked using pf-ip4tset.blagr.emailsrvr.com=127.22.0.2 >> Please visit http://bounce.emailsrvr.com/?a0 for more information on why >> this message could not be delivered (in reply to RCPT TO command)) > > Please provide output of the following shell commands: > > ifconfig -a > iptables -S Oh, also, it would be _really_ helpful if you could send me a direct off list test email through the colo Postfix server experiencing the problem, so I can see at the MTA level what IP address the connection comes from. -- Stan
From: Stan Hoeppner on 20 Jun 2010 01:31 Wietse Venema put forth on 6/19/2010 5:51 PM: > Ben Munat: >> main.cf:inet_interfaces = 64.69.38.41,127.0.0.1 >> >> and I hook up the main smtp process in master.cf like this: >> >> master.cf: -o smtp_bind_address=64.69.38.41 > > This works only on the SMTP CLIENT. Not the SMTP SERVER. And apparently it wasn't affecting all smtp client processes. Ben, make sure the entry for -o smtp_bind_address is no longer in master.cf, and add to /etc/postfix/main.cf smtp_bind_address = 64.69.38.41 Now execute /etc/init.d/postfix restart (or whatever script your system uses) Putting this in main.cf will cause it to affect _all_ outbound smtp connections. It would seem your previous setting in master.cf was not configured properly to affect all smtp processes. Or you forgot to restart Postfix after adding the setting to master.cf. Anyway, it's better to set this, in your case, in main.cf. See: http://www.postfix.org/postconf.5.html#smtp_bind_address And the following ifconfig output you provided me explains why outbound smtp connections were occurring on 64.69.38.45. Truth be told, outbound smtp connections were probably occurring on all your configured IPv4 interfaces but you just didn't know it because only those sent out on *.45 are being rejected or bounced: Ben Munat put forth on 6/19/2010 10:56 PM: > The output of ifconfig -a: > > eth0 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 > inet addr:64.69.38.41 Bcast:64.69.38.255 Mask:255.255.255.0 > inet6 addr: fe80::21d:60ff:fec9:541/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:292042797 errors:0 dropped:0 overruns:0 frame:0 > TX packets:28463532 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:26419280120 (26.4 GB) TX bytes:38755682529 (38.7 GB) > Interrupt:17 > > eth0:0 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 > inet addr:64.69.38.42 Bcast:64.69.38.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:17 > > eth0:1 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 > inet addr:64.69.38.43 Bcast:64.69.38.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:17 > > eth0:2 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 > inet addr:64.69.38.44 Bcast:64.69.38.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:17 > > eth0:3 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 > inet addr:64.69.38.45 Bcast:64.69.38.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:17 Keep us posted on your progress. -- Stan
From: Ben Munat on 20 Jun 2010 15:36 On 6/19/10 10:31 PM, Stan Hoeppner wrote: > Wietse Venema put forth on 6/19/2010 5:51 PM: >> Ben Munat: >>> main.cf:inet_interfaces = 64.69.38.41,127.0.0.1 >>> >>> and I hook up the main smtp process in master.cf like this: >>> >>> master.cf: -o smtp_bind_address=64.69.38.41 >> >> This works only on the SMTP CLIENT. Not the SMTP SERVER. > > And apparently it wasn't affecting all smtp client processes. Ben, make sure > the entry for -o smtp_bind_address is no longer in master.cf, and add to > > /etc/postfix/main.cf > smtp_bind_address = 64.69.38.41 > > Now execute /etc/init.d/postfix restart (or whatever script your system uses) Thanks very much Stan. I think that has fixed it... Ben > Putting this in main.cf will cause it to affect _all_ outbound smtp > connections. It would seem your previous setting in master.cf was not > configured properly to affect all smtp processes. Or you forgot to restart > Postfix after adding the setting to master.cf. Anyway, it's better to set > this, in your case, in main.cf. See: > http://www.postfix.org/postconf.5.html#smtp_bind_address > > And the following ifconfig output you provided me explains why outbound smtp > connections were occurring on 64.69.38.45. Truth be told, outbound smtp > connections were probably occurring on all your configured IPv4 interfaces but > you just didn't know it because only those sent out on *.45 are being rejected > or bounced: > > Ben Munat put forth on 6/19/2010 10:56 PM: > >> The output of ifconfig -a: >> >> eth0 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 >> inet addr:64.69.38.41 Bcast:64.69.38.255 Mask:255.255.255.0 >> inet6 addr: fe80::21d:60ff:fec9:541/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:292042797 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:28463532 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:26419280120 (26.4 GB) TX bytes:38755682529 (38.7 GB) >> Interrupt:17 >> >> eth0:0 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 >> inet addr:64.69.38.42 Bcast:64.69.38.255 Mask:255.255.255.0 >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> Interrupt:17 >> >> eth0:1 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 >> inet addr:64.69.38.43 Bcast:64.69.38.255 Mask:255.255.255.0 >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> Interrupt:17 >> >> eth0:2 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 >> inet addr:64.69.38.44 Bcast:64.69.38.255 Mask:255.255.255.0 >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> Interrupt:17 >> >> eth0:3 Link encap:Ethernet HWaddr 00:1d:60:c9:05:41 >> inet addr:64.69.38.45 Bcast:64.69.38.255 Mask:255.255.255.0 >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> Interrupt:17 > > Keep us posted on your progress. >
From: Stan Hoeppner on 21 Jun 2010 00:07 Ben Munat put forth on 6/20/2010 2:36 PM: > On 6/19/10 10:31 PM, Stan Hoeppner wrote: >> Wietse Venema put forth on 6/19/2010 5:51 PM: >>> Ben Munat: >>>> main.cf:inet_interfaces = 64.69.38.41,127.0.0.1 >>>> >>>> and I hook up the main smtp process in master.cf like this: >>>> >>>> master.cf: -o smtp_bind_address=64.69.38.41 >>> >>> This works only on the SMTP CLIENT. Not the SMTP SERVER. >> >> And apparently it wasn't affecting all smtp client processes. Ben, >> make sure >> the entry for -o smtp_bind_address is no longer in master.cf, and add to >> >> /etc/postfix/main.cf >> smtp_bind_address = 64.69.38.41 >> >> Now execute /etc/init.d/postfix restart (or whatever script your >> system uses) > > Thanks very much Stan. I think that has fixed it... > > Ben You're welcome Ben. Glad I was able to help. Sorry I didn't suggest the solution a little sooner, as it probably seems quite simple at this point. I just needed to be sure where 64.69.38.45 was configured. I needed to eliminate the possibility of masquerading. If that had been the case the solution would have been radically different, and out of the scope of Postfix. -- Stan
First
|
Prev
|
Pages: 1 2 Prev: Howto install Postfix based on OpenVZ Next: proxymap(8), number of connections, detecting altered tables |