Following a suggestion from a nice person named @Ward, so here is the how I did to the resolve the issued in question above.
A short answer to my previous question is:
Unfortunately, we cannot limit outgoing messages (smtp) using transport_maps while sender_dependent_default_transport_maps is enabled. (boooo ..., yeah I know). It must be either one of item that is active, even if you did postfix check and found no errors, but it doesn't work like that.
Also, if you feel not wasting more time to read this long answer and wanted to know more how I came up with it, then read the following answer... I know, it's kinda long,but it's worth it. I noted mostly during my trial errors and when found a way I posted it here to motivated my self to keep on going and not giving up on this Postfix setup thing :P.
[UPDATE OCT 27th, 2018] STILL SEEKING HELP FOR THIS ISSUE BUT WITH PROGRESS OF COURSE:
So, I have been following @PeterZhabin suggestion to setup another postfix instance which I did successfully setup a second instance of postfix running.
And before continue, I would like to let you know that I have decided not to use sender_dependent_default_transport_maps. I thought it would not be making any sense to use it again in an environment where multiple instance of postfix are running, where each of the postfix instances could have their own main.cf and master.cf. And therefore, I dropped the option to use sender_dependent_default_transport_maps and use transport_maps for both postfix instance.
Yes, the installation is a success, only a few glitch more I hope...the glitches were because I am using Amavisd too, so, I still need advices from you guys here on how to get this running.
Thank you for keep reading this and continue to help me, I would like you to know that I do really appreciate it.
So, let's continue the process ...
MULTIPLE INSTANCE OF POSTFIX
Below are the configs I changed related to this topic only:
Here is my main.cf in /etc/postfix/main.cf (1st postfix instance):
inet_interfaces = 1.2.3.4.5.11
myhostname = mail.thecompany.com
multi_instance_wrapper = ${command_directory}/postmulti -p --
multi_instance_enable = yes
multi_instance_directories = /etc/postfix-second
And here is my main.cf in /etc/postfix-second/main.cf (2nd postfix instance):
inet_interfaces = localhost, 1.2.3.4.5.22
myhostname = mail2.thecompany.com
syslog_name = postfix-second
#master_service_disable = inet
#authorized_submit_users =
multi_instance_group = postfix
multi_instance_name = postfix-second
multi_instance_enable = yes
smtp_bind_address = 1.2.3.4.5.22
And in /etc/postfix-second/master.cf:
Changed the line so it won't conflict with the 1st postfix instance right on the line where:
127.0.0.1:10025 inet n - - - - smtpd
into
1.2.3.4.5.22:10025 inet n - - - - smtpd
so now, all of this section in /etc/postfix-second/master.cf looks like the following:
#127.0.0.1:10025 inet n - - - - smtpd
1.2.3.4.5.22:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,1.2.3.4.5.22
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
Then I added my second IP to my /etc/amavisd/amavisd.conf, so I won't get Blocked-MTA error:
@inet_acl = qw( 127.0.0.1 [::1] 1.2.3.4.5.22);
UPDATING DNS AND CREATED A REVERSE DNS MATCHING THE mail2.thecompany.com
Next, I restarted Amavisd and Postfix, went to my DNS Panel, and created a new A Record on thecompany.com DNS:
mail2.thecompany.com A 1.2.3.4.5.22
Then, I created a Reverse DNS to match the IP to the mail2.thecompany.com.
ADD A NEW MX RECORD TO DOMAIN5.COM AS INTENDED
Then, go to the DOMAIN5.COM DNS panel and also add another MX Record:
MX 10 mail.thecompany.com
MX 15 mail2.thecompany.com
Once the DNS Resolved, I tested it by starting Postfix and no errors shown in the maillog.
Then in my Email Client (Thunderbird), I setup a mail busythomas@domain5.com using the SMTP & IMAP settings:
IMAP
host: mail2.thecompany.com
username: busythomas@domain5.com
pass: mypass
SMTP
host: mail2.thecompany.com
username: busythomas@domain5.com
pass: mypass
Finally, I sent a test email to my gmail account and saw on the log it came out from postfix-second/smtp, then I thought it's ok, until I figured the next lines came in where it said it was sent from postfix/smtp to gmail :(...Went to my gmail, and saw the email header, and I noticed that the email was sent using the default IP which is 1.2.3.4.5.11 and not 1.2.3.4.5.22.
Oh, the good news is the other 4 domains which they were set to mail.thecompany.com as IMAP and SMTP Settings are working normally, all mails are coming in and sending out :).
My question is now: How to set the domain5.com to be sent using IP 1.2.3.4.5.22 and not from IP 1.2.3.4.5.11?
[UPDATE OCT 28th, 2018] FINALLY, IT'S WORKING!
I would like to confirm that the configuration above on Oct 27th, 2018 was working after I have disabled the content_filtering in the 2nd instance of postfix, like the following:
in /etc/postfix-second/main.cf I commented the line:
#content_filter = smtp-amavis[1.2.3.4.5.22]:10024
and also comment the content_filter in /etc/postfix-second/master.cf
smtp inet n - n - - smtpd
# -o content_filter=smtp-amavis:1.2.3.4.5.22:10024
In order to really test if the second instance is working or not, I stopped all the postfix instances, then only start the 2nd postfix instance using the following command:
postmulti -i postfix-second -p start
And yes, the mail was sent and it also could received :).
Now, to answer my own question: How to set the **domain5.com to be sent using IP 1.2.3.4.5.22 and not from IP 1.2.3.4.5.11?**
I simply just setup the SMTP / OUTGOING SERVER in the Mail Client(Thunderbird) to mail2.thecompany.com. That's it, and it starts sending with the intended IP, and when I want to go back I setup the SMTP Server on Thunderbird to mail.thecompany.com, and still be able to send email.
And the advantage of this approach is when something happen to the mail2.thecompany.com (such as got blacklisted), then even the user himself can change the SMTP Settings to go back to mail.thecompany.com, and the mail will again work.
For those who felt this is enough then you can stop here.
But for me, I still wanted to know about how could I get the 2nd instance of postfix working along with content_filter enabled. But it will be another question.
Wish you luck.
[UPDATE OCT 29th, 2018] CONCLUSION & FINAL UPDATE:
This is my conclusion of this task. All requirements from the management are fulfilled, therefore this is done. Now that the domain5.com could be sent from other IP on the same server when Amavis content filter is BYPASS-ed for INTERNAL networks.
However, I do not feel OK with this approach because the Amavis need to do what it should do to protect both instances of Postfix running on the same machine.
With content filtering set to ON for Amavis, then Amavis would forward the smtp to the first instance of postfix after it has done scanning.
Although amavisd can be configured to listen to multiple TCP Ports, unfortunately it only support a single $notify_method and $forward_method that actually forwarded all mails sent from 2nd instance of postfix back to the 1st instance of postfix. And therefore, the IP changed back to 1.2.3.4.11 (the first IP) when the email was sent from the second instance.
The only way to keep Postfix 1 send from IP 1, Postfix 2 send from IP 2, is to BYPASS Amavis for content_filtering to INTERNAL networks. However, that would also mean, when malwares injected our server we would have no security to at least hold them from sending out emails to other servers, and this is unlikely (at least for me).
Finally, I took Server Virtualization approach, instead of creating postfix into another instance.
Hope this helps someone who have the same issue as mine.
Cheerio!
