IP in headers and spam detection

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

IP in headers and spam detection

Julian Pilfold-Bagwell
Hi List,

I have a question regarding running Postfix in a DMZ.  I have a UTM with
a single IP address on it's red interface but our ISP provides a range
of 15 IPs for hosting websites, mail, etc..

I have an external IP allocated and forwarded to the mail server, but
when remote servers perform a reverse lookup, the header contain the red
interface IP.  I tried setting proxy_interfaces = and smtp_bind_address
= to the external IP but it still came out as the red interface.  Is
there a way of pushing Postfix into using the external IP or do I have
to mess with DNS.

Thanks,

Jools

Reply | Threaded
Open this post in threaded view
|

Re: IP in headers and spam detection

Wietse Venema
Julian Pilfold-Bagwell:

> Hi List,
>
> I have a question regarding running Postfix in a DMZ.  I have a UTM with
> a single IP address on it's red interface but our ISP provides a range
> of 15 IPs for hosting websites, mail, etc..
>
> I have an external IP allocated and forwarded to the mail server, but
> when remote servers perform a reverse lookup, the header contain the red
> interface IP.  I tried setting proxy_interfaces = and smtp_bind_address
> = to the external IP but it still came out as the red interface.  Is
> there a way of pushing Postfix into using the external IP or do I have
> to mess with DNS.

As documented the Postfix SMTP CLIENT uses the source IP address
that is specified with smtp_bind_address.

If that does not work then you made a mistake. What mistake?
See the mailing list instructions below.

        Wietse

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.
Reply | Threaded
Open this post in threaded view
|

Re: IP in headers and spam detection

mouss-4
In reply to this post by Julian Pilfold-Bagwell
Le 14/04/2013 20:08, Julian Pilfold-Bagwell a écrit :

> Hi List,
>
> I have a question regarding running Postfix in a DMZ.  I have a UTM
> with a single IP address on it's red interface but our ISP provides a
> range of 15 IPs for hosting websites, mail, etc..
>
> I have an external IP allocated and forwarded to the mail server, but
> when remote servers perform a reverse lookup, the header contain the
> red interface IP.  I tried setting proxy_interfaces = and
> smtp_bind_address = to the external IP but it still came out as the
> red interface.  Is there a way of pushing Postfix into using the
> external IP or do I have to mess with DNS.


I guess your UTM performs NAT. if so, it is the piece to configure so
that traffic out of postfix gets the right IP.


Reply | Threaded
Open this post in threaded view
|

[SOLVED] Re: IP in headers and spam detection

Julian Pilfold-Bagwell
Hiya,


Thanks for the replies, turns out that NATing was the answer and, as I
came here first, I thought I'd post instructions for anyone else with
the same problem whose searching even though it's not a postfix problem.
The UTM is Endian, here's the solution:

1, You don't need to set the external IPs in postfix main.cf

2, Set the external IP |(the one your ISP gave you for mail) as an
additional IP/CIDR in the red settings on Endian.

3, Got to Port Forwarding/NAT in the firewall section, click "source
NAT" and  set the source IP to the IP of the mail server in the DMZ, the
destination to "Uplink main (Red)", service/port to 25 and NAT to the
external mail server IP (not the physical address of the red interface)
on uplink main.

That's it basically. Other Router/UTMs should be a variation on the theme.

Thanks again and keep up the good work,


Julian

On 14/04/13 19:29, mouss wrote:

> Le 14/04/2013 20:08, Julian Pilfold-Bagwell a écrit :
>> Hi List,
>>
>> I have a question regarding running Postfix in a DMZ.  I have a UTM
>> with a single IP address on it's red interface but our ISP provides a
>> range of 15 IPs for hosting websites, mail, etc..
>>
>> I have an external IP allocated and forwarded to the mail server, but
>> when remote servers perform a reverse lookup, the header contain the
>> red interface IP.  I tried setting proxy_interfaces = and
>> smtp_bind_address = to the external IP but it still came out as the
>> red interface.  Is there a way of pushing Postfix into using the
>> external IP or do I have to mess with DNS.
>
> I guess your UTM performs NAT. if so, it is the piece to configure so
> that traffic out of postfix gets the right IP.
>
>
>


--
Borden Grammar School,
Avenue of Remembrance,
Sittingbourne,
Kent,
ME10 4DB.

Tel: 01795 424192

****************************************************************************
This e-mail is from Borden Grammar School Trust.

This e-mail, together with any files transmitted with it, are confidential, and are intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised dissemination or
copying of this e-mail or its attachments, and any use or disclosure of any information contained in them, is strictly prohibited, and may also be illegal. If you are not the intended recipient you must not use, disclose,
distribute, copy, print or relay this e-mail.

Please note that any views expressed by an individual within this e-mail, do not necessarily reflect the views of the Borden Grammar School Trust. Borden Grammar School Trust has taken reasonable precautions to ensure no
viruses are present in this e-mail, the Academy cannot accept responsibility for any loss or damage arising from the use of this e-mail and/or files attached.

Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB

Registered in England: 07827591