5

I host 2 web domains (domain1.com and domain2.com) on a CentOS 6.6 Linux server with 4 IP addresses.

Postfix 2.6.6 accepts mails to info@domain1.com and info@domain2.com and forwards them to person1@gmail.com and person2@gmail.com. Here excerpts of the config files:

/etc/postfix/main.cf

inet_interfaces = all
inet_protocols = ipv4

virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic

/etc/postfix/virtual

info@domain1.com        person1@gmail.com
info@domain2.com        person2@gmail.com

My problem is that the first person (my father, whose business is since 1990 at the internet) becomes a lot of SPAM mails. I use Spamassassin to reject those mails, but some still come through and when forwarded to person1@gmail.com they cause Google to throttle my server:

DFC32800849 3412 Fri Jan 30 11:40:38 PPQDikzMMZTedKR@hotmail.com (host alt1.gmail-smtp-in.l.google.com[74.125.130.26] said: 421-4.7.0 [144.76.123.123 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. fl14si17784804pdb.81 - gsmtp (in reply to end of DATA command)) person1@gmail.com

This affects the second person, who gets mails to person2@gmail.com after long delays.

My question is if it is please possible to configure Postfix so that it uses different IP addresses (since my server has 4 of them) for forwarding the mails?

Thank you and below is the current "postconf -n" output:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = www.domain1.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 40s
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual

UPDATE:

I have modified my config files as suggested by undefined (thank you!) and then run postmap /etc/postfix/transport and service postfix restart -

/etc/mail/master.cf:

smtp      unix  -       -       n       -       -       smtp
smtp-1    unix  -       -       n       -       -       smtp -o smtp_bind_address=my_ip_3
smtp-2    unix  -       -       n       -       -       smtp -o smtp_bind_address=my_ip_4

/etc/mail/transport:

person1@gmail.com smtp-1:
person2@gmail.com smtp-2:

Unfortunately, I still see the old problematic my_ip_2 in the delivered mail headers.

How can I please verify that the new "transports" are being used?

Here is the log excerpt after the change:

Feb  7 14:56:50 www postfix/postsuper[14206]: Deleted: 92 messages
Feb  7 14:57:06 www postfix/anvil[14172]: statistics: max connection rate 1/60s for (smtp:37.233.142.116) at Feb  7 14:53:45
Feb  7 14:57:06 www postfix/anvil[14172]: statistics: max connection count 1 for (smtp:37.233.142.116) at Feb  7 14:53:45
Feb  7 14:57:06 www postfix/anvil[14172]: statistics: max cache size 1 at Feb  7 14:53:45
Feb  7 14:57:07 www postfix/smtp[14008]: warning: open active 6870A8007E8: No such file or directory
Feb  7 14:57:14 www postfix/smtpd[14213]: connect from mail-ie0-f171.google.com[209.85.223.171]
Feb  7 14:57:14 www postfix/smtpd[14216]: connect from unknown[213.179.214.207]
Feb  7 14:57:14 www postfix/smtpd[14213]: 3EBA0800187: client=mail-ie0-f171.google.com[209.85.223.171]
Feb  7 14:57:14 www postfix/cleanup[14218]: 3EBA0800187: message-id=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>
Feb  7 14:57:14 www postfix/qmgr[12668]: 3EBA0800187: from=<alexander.farber@gmail.com>, size=1707, nrcpt=1 (queue active)
Feb  7 14:57:14 www spamd[1856]: spamd: connection from localhost [127.0.0.1] at port 34152
Feb  7 14:57:14 www spamd[1856]: spamd: setuid to spam succeeded
Feb  7 14:57:14 www spamd[1856]: spamd: processing message <CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com> for spam:502
Feb  7 14:57:14 www spamd[1856]: spamd: clean message (-1.9/5.0) for spam:502 in 0.0 seconds, 1670 bytes.
Feb  7 14:57:14 www spamd[1856]: spamd: result: . -1 - BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,T_DKIM_INVALID scantime=0.0,size=1670,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34152,mid=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>,bayes=0.000000,autolearn=ham
Feb  7 14:57:14 www postfix/smtpd[14216]: 68890800246: client=unknown[213.179.214.207]
Feb  7 14:57:14 www postfix/pipe[14219]: 3EBA0800187: to=<Abram.Farber@gmail.com>, orig_to=<simplex@simplex.ru>, relay=spamassassin, delay=0.18, delays=0.13/0/0/0.05, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb  7 14:57:14 www postfix/qmgr[12668]: 3EBA0800187: removed
Feb  7 14:57:14 www postfix/pickup[14119]: 69FD7800187: uid=502 from=<alexander.farber@gmail.com>
Feb  7 14:57:14 www postfix/cleanup[14223]: 69FD7800187: message-id=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>
Feb  7 14:57:14 www postfix/qmgr[12668]: 69FD7800187: from=<alexander.farber@gmail.com>, size=2042, nrcpt=1 (queue active)
Feb  7 14:57:14 www spamd[1762]: prefork: child states: II
Feb  7 14:57:14 www postfix/smtpd[14213]: disconnect from mail-ie0-f171.google.com[209.85.223.171]
Feb  7 14:57:14 www postfix/cleanup[14218]: 68890800246: message-id=<187523230485881875322129321382@72wdyszvr.meetpeople.gen.in>
Feb  7 14:57:14 www postfix/qmgr[12668]: 68890800246: from=<eHarmonyPartner@meetpeople.gen.in>, size=13993, nrcpt=1 (queue active)
Feb  7 14:57:14 www spamd[1856]: spamd: connection from localhost [127.0.0.1] at port 34153
Feb  7 14:57:14 www spamd[1856]: spamd: setuid to spam succeeded
Feb  7 14:57:14 www spamd[1856]: spamd: processing message <187523230485881875322129321382@72wdyszvr.meetpeople.gen.in> for spam:502
Feb  7 14:57:14 www postfix/smtpd[14216]: disconnect from unknown[213.179.214.207]
Feb  7 14:57:14 www spamd[1856]: spamd: clean message (1.6/5.0) for spam:502 in 0.2 seconds, 13741 bytes.
Feb  7 14:57:14 www spamd[1856]: spamd: result: . 1 - BAYES_50,HTML_MESSAGE,RDNS_NONE,T_REMOTE_IMAGE,UNPARSEABLE_RELAY scantime=0.2,size=13741,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34153,mid=<187523230485881875322129321382@72wdyszvr.meetpeople.gen.in>,bayes=0.484741,autolearn=no
Feb  7 14:57:15 www postfix/pickup[14119]: 00CD6800247: uid=502 from=<eHarmonyPartner@meetpeople.gen.in>
Feb  7 14:57:15 www postfix/cleanup[14223]: 00CD6800247: message-id=<187523230485881875322129321382@72wdyszvr.meetpeople.gen.in>
Feb  7 14:57:15 www postfix/pipe[14219]: 68890800246: to=<Abram.Farber@gmail.com>, orig_to=<simplex@simplex.ru>, relay=spamassassin, delay=0.68, delays=0.43/0/0/0.25, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb  7 14:57:15 www postfix/qmgr[12668]: 68890800246: removed
Feb  7 14:57:15 www postfix/qmgr[12668]: 00CD6800247: from=<eHarmonyPartner@meetpeople.gen.in>, size=14341, nrcpt=1 (queue active)
Feb  7 14:57:15 www spamd[1762]: prefork: child states: II
Feb  7 14:57:47 www postfix/smtp[14008]: warning: open active A6F92801560: No such file or directory

Unfortunately, still the same IP (which is throttled by Google) 144.76.184.154 is seen in the delivered test mail:

Delivered-To: abram.farber@gmail.com
Received: by 10.170.190.67 with SMTP id h64csp2513657yke;
        Sat, 7 Feb 2015 05:59:08 -0800 (PST)
X-Received: by 10.180.89.210 with SMTP id bq18mr14321108wib.45.1423317548028;
        Sat, 07 Feb 2015 05:59:08 -0800 (PST)
Return-Path: <alexander.farber@gmail.com>
Received: from www.afarber.de ([144.76.184.154])
        by mx.google.com with ESMTP id k10si7979060wif.41.2015.02.07.05.59.07
        for <Abram.Farber@gmail.com>;
        Sat, 07 Feb 2015 05:59:08 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning alexander.farber@gmail.com does not designate 144.76.184.154 as permitted sender) client-ip=144.76.184.154;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning alexander.farber@gmail.com does not designate 144.76.184.154 as permitted sender) smtp.mail=alexander.farber@gmail.com;
       dkim=pass header.i=@gmail.com;
       dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: by www.afarber.de (Postfix, from userid 502)
    id 69FD7800187; Sat,  7 Feb 2015 14:57:14 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on www.afarber.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
    HTML_MESSAGE,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mail-ie0-f171.google.com (mail-ie0-f171.google.com [209.85.223.171])
    by www.afarber.de (Postfix) with ESMTP id 3EBA0800187
    for <simplex@simplex.ru>; Sat,  7 Feb 2015 14:57:14 +0100 (CET)

It is not the IP that I have specified for smtp-1 or smtp-2.

UPDATE 2:

I have added "-v" to /etc/postfix/master.cf:

smtp      inet  n - n - - smtpd -o content_filter=spamassassin
....
smtp      unix  - - n - - smtp
smtp-1    unix  - - n - - smtp -o smtp_bind_address=144.76.184.155 -v
smtp-2    unix  - - n - - smtp -o smtp_bind_address=144.76.184.156 -v
....
spamassassin unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

And see now more Spamassassin messages in the /var/log/maillog.

Here is the updated "postconf -n" output (which is unchagned from above):

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = www.afarber.de
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 40s
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
virtual_alias_domains = videoskat.de balkan-preferans.de simplex.ru larissa-farber.de bukvy.de slova.de
virtual_alias_maps = hash:/etc/postfix/virtual
Alexander Farber
  • 714
  • 4
  • 16
  • 38
  • +1 and Thanks for showing actual IP address and domain. It'll useful for other people who troubleshooting it. I'll try to reproduce your case in my VM first. – masegaloeh Feb 07 '15 at 14:39
  • 1
    Hi, I already tried replicate your setup on my VM. Unfortunately, I can't reproduce your problem i.e. in my VM the IP address was changed. In order to troubleshoot further, would you like to share the **updated version** of output from `postconf -n` and `postconf -M`? Also, please enable verbose mode of smtp-1 by adding `-v` at the end of line `smtp-1 unix - - n - - smtp -o smtp_bind_address=my_ip_3 -v` – masegaloeh Feb 08 '15 at 09:13
  • Thank you, I have updated my question. Maybe the difference between your VM and my server is that I use Spamassassin to filter the mail messages. – Alexander Farber Feb 09 '15 at 10:31
  • Should I add `transport_maps = hash:/etc/postfix/transport` to main.cf? – Alexander Farber Feb 09 '15 at 10:36
  • 1
    **Y E S**, you should. See the updated version of undefined answer – masegaloeh Feb 09 '15 at 10:38
  • Now it works, thank you. I see the mails being sent via different IP addresses. I will clean up my question text soon. – Alexander Farber Feb 09 '15 at 10:39

1 Answers1

6

I see two solutions here.

  1. (i did configuration like this many years ago) google use many ip's as MX. You can define in transport map, that first mail is routed via gmail-smtp-in.l.google.com., and second via alt1.gmail-smtp-in.l.google.com. Then - using iptables and nat/POSTROUTING - nat connections to first google MX via first ip, and to second google MX via second ip.

  2. (not tested, but should work) ip used for outgoing mail is defined via smtp_bind_address. you can define second (and next) smtp transport in master.cf like:

smtp-1 unix  -  -   n       -       -       smtp -o smtp_bind_address=firstip
smtp-2 unix  -  -   n       -       -       smtp -o smtp_bind_address=secondip

and then define in transport map something like:

person1@gmail.com smtp-1:
person2@gmail.com smtp-2:

you must specify using transportmap file in main.cf file:

transport_maps = hash:/etc/mail/transport

and run

postmap /etc/mail/transport

to create hash map of it.

undefine
  • 956
  • 8
  • 20
  • 4
    Custom smtp transport in `master.cf` should be `smtp -o` not `smtpd -o` – masegaloeh Feb 01 '15 at 00:19
  • Yes,you're right. thanks :-) Fixed – undefine Feb 01 '15 at 11:53
  • Thanks (+1) for your answer, but how could I test your setup? I have modified master.cf and transport (generated transport.db too) as you suggested, but still see the old IP address mentioned in the delivered mail headers. How can I verify that `smtp-1` is being used? – Alexander Farber Feb 07 '15 at 11:04
  • did you specified to use transport map? I created such configuration on my system and it works fine - in logs of destination mail system i have information that mail is received from ip specified in smtp-1 service. If you havent't access to destination mail service - try to use tcpdump for dumping traffic and check what is source ip of mail. – undefine Feb 07 '15 at 15:45