round robin map with ipv4 and ipv6

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

round robin map with ipv4 and ipv6

Emanuel
Hello.!

I update the version of my postfix server:

[root@vps-1713830-x /etc/postfix] # postconf mail_version
mail_version = 3.4.7

I set a round-robin map in the main.cf and enable ipv6 support:

[root@vps-1713830-x /etc/postfix] # postconf -d|grep inet_protocols
inet_protocols = all
lmtp_balance_inet_protocols = yes
smtp_balance_inet_protocols = yes

In the master.cf i set this:

smht38-165<---->unix  -       -       n       - -       smtp
     -o smtp_bind_address=IPv4
     -o smtp_helo_name=smht-relay01.hostname.tld
     -o syslog_name=smht-relay01
relayipv6<----->unix  -       -       n       - -       smtp
     -o smtp_bind_address=IPv6
     -o smtp_helo_name=relayipv6.hostname.tld
     -o syslog_name=relayipv6

When I send an email, the ipv4 address where the ipv6 interface is
configured appears in the received header, and I see this message

2020-02-11 12:05:06 1j1X5y-0000BS-SQ <= [hidden email]
H=hostnameipv4.hostname.tld (relayipv6.hostname.tld) [ipv4] P=esmtps
X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=1513
id=[hidden email]

"warning: smtp_connect_addr: bind 2800:6c0:3::xxxx Address family not
supported by protocol"

Another question, is it possible to configure several round-robin maps
for different IP addresses?

Example:

smtpd_sender_restrictions  = check_client_access
hash:/etc/postfix/client_ip hash:/etc/postfix/client_ip2

client_ip ==> round-robin map massive

cliente_ip2 ==> round-robin map transactional

This is to divide those users who send bulk with transactional emails.

Regards!!

--
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Wietse Venema
Emanuel:
> "warning: smtp_connect_addr: bind 2800:6c0:3::xxxx Address family not
> supported by protocol"

Fix that.

> Another question, is it possible to configure several round-robin maps
> for different IP addresses?

Postfix randomizes IPv4 and IPv6 by default, so that messages don't
get stuck. It also prevents silly behavior when a site lists very
different numbers of IPv4 and IPv6 MX addresses.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Emanuel
Thanks for the reply.

I think I expressed myself badly. i explain my escenary again. It's
possible set two round-robin maps?

sender_dependent_default_transport_maps =

randmap1:{relay1,relay2}

randmap2:{relay3,relay4}

smtp_connection_cache_on_demand=no

# main.cf

check_client_access hash:/etc/postfix/client_ip

200.58.x.x  relay:randmap1

200.58.x.x relay:randmap2

In the the file client_ip i set a relay to a randmap1 or randmap2, it is
understood?

with regard to the error " Address family not supported by protocol" any
ideas? the config is fine.

# master.cf

relayipv6<----->unix  -       -       n       - -       smtp
     -o smtp_bind_address=2800:6c0:3::58e
     -o smtp_helo_name=relayipv6.domain.tld
     -o syslog_name=relayipv6

# [root@vps-1713830-x /etc/postfix] # postconf -d|grep inet_protocols
inet_protocols = all
lmtp_balance_inet_protocols = yes
smtp_balance_inet_protocols = yes

The support for IPv6 is enable.

El 11/2/20 a las 21:03, Wietse Venema escribió:

> Emanuel:
>> "warning: smtp_connect_addr: bind 2800:6c0:3::xxxx Address family not
>> supported by protocol"
> Fix that.
>
>> Another question, is it possible to configure several round-robin maps
>> for different IP addresses?
> Postfix randomizes IPv4 and IPv6 by default, so that messages don't
> get stuck. It also prevents silly behavior when a site lists very
> different numbers of IPv4 and IPv6 MX addresses.
>
> Wietse
--
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Wietse Venema
Emanuel:
> Thanks for the reply.
>
> I think I expressed myself badly. i explain my escenary again. It's
> possible set two round-robin maps?
>
> sender_dependent_default_transport_maps =
>  randmap1:{relay1,relay2}
>  randmap2:{relay3,relay4}

This queries randmap1, and ONLY IF NO RESULT IS FOUND,
this will query randmap2.

> smtp_connection_cache_on_demand=no
>
> # main.cf
>
> check_client_access hash:/etc/postfix/client_ip
>  200.58.x.x relay:randmap1
>  200.58.x.x relay:randmap2

That is incorrect. check_client_access expects an ACTION such as
permit, reject, and so on.

        Wietyse

Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Emanuel


El 12/2/20 a las 14:29, Wietse Venema escribió:
Emanuel:
Thanks for the reply.

I think I expressed myself badly. i explain my escenary again. It's 
possible set two round-robin maps?

sender_dependent_default_transport_maps =
 randmap1:{relay1,relay2}
 randmap2:{relay3,relay4}
This queries randmap1, and ONLY IF NO RESULT IS FOUND,
this will query randmap2.

smtp_connection_cache_on_demand=no

# main.cf

check_client_access hash:/etc/postfix/client_ip
 200.58.x.x relay:randmap1
 200.58.x.x relay:randmap2

I know it's wrong, that's why I ask if it's possible to configure something similar.

Is it possible to create different files with different IP addresses so that when sending an email they are sent from different round maps?


        
That is incorrect. check_client_access expects an ACTION such as
permit, reject, and so on.

	Wietyse

--
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Emanuel
In reply to this post by Wietse Venema
with regard to the error " Address family not supported by protocol" any
ideas? the config is fine.

# master.cf

relayipv6    unix  -       -       n       - -       smtp
     -o smtp_bind_address=2800:6c0:3::58e
     -o smtp_helo_name=relayipv6.domain.tld
     -o syslog_name=relayipv6

# [root@vps-1713830-x /etc/postfix] # postconf -d|grep inet_protocols
inet_protocols = all
lmtp_balance_inet_protocols = yes
smtp_balance_inet_protocols = yes

The support for IPv6 is enable.

Regards,

El 12/2/20 a las 14:29, Wietse Venema escribió:

> Emanuel:
>> Thanks for the reply.
>>
>> I think I expressed myself badly. i explain my escenary again. It's
>> possible set two round-robin maps?
>>
>> sender_dependent_default_transport_maps =
>>   randmap1:{relay1,relay2}
>>   randmap2:{relay3,relay4}
> This queries randmap1, and ONLY IF NO RESULT IS FOUND,
> this will query randmap2.
>
>> smtp_connection_cache_on_demand=no
>>
>> # main.cf
>>
>> check_client_access hash:/etc/postfix/client_ip
>>   200.58.x.x relay:randmap1
>>   200.58.x.x relay:randmap2
> That is incorrect. check_client_access expects an ACTION such as
> permit, reject, and so on.
>
> Wietyse
>
--
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Wietse Venema
In reply to this post by Emanuel
Emanuel:
> Is it possible to create different files with different IP addresses so
> that when sending an email they are sent from different round maps?

You would use master.cf entries with different smtp_bind_address or
smtp_bind_address6 settings, and select one with a filter command.

With master.cf entries

/etc/postfix/master.cf:
    relay-1     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.1
    relay-2     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.2
    relay-3     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.3
    relay-4     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.4

Then you need a nested table which requires a restriction class.

/etc/postfix/main.cf:
    smtpd_client_restrictions = check_client_access
        inline:{
           { 200.58.x.x = class1 }
           { 200.58.x.y = class2 }
        }

    restriction_classes = class1, class2
    class1 = check_client_access randmap:{filter relay-1:, filter relay-2:}
    class2 = check_client_access randmap:{filter relay-3:, filter relay-4:}

Instead of inline:{}, a hash or pcre table would work too.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Wietse Venema
In reply to this post by Emanuel
Emanuel:
> with regard to the error " Address family not supported by protocol" any
> ideas? the config is fine.
>
> # master.cf
>
> relayipv6    unix  -       -       n       - -       smtp
>      -o smtp_bind_address=2800:6c0:3::58e

smtp_bind_address (default: empty)
       An  optional  numerical  network  address  that the Postfix SMTP client
       should bind to when making an IPv4 connection.

smtp_bind_address6 (default: empty)
       An  optional  numerical  network  address  that the Postfix SMTP client
       should bind to when making an IPv6 connection.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Benny Pedersen-2
In reply to this post by Emanuel
Emanuel skrev den 2020-02-12 23:36:

> # [root@vps-1713830-x /etc/postfix] # postconf -d|grep inet_protocols
> inet_protocols = all
> lmtp_balance_inet_protocols = yes
> smtp_balance_inet_protocols = yes

postconf -d is default settings, maybe you like to use postconf -n ?
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Emanuel
In reply to this post by Wietse Venema


El 12/2/20 a las 20:14, Wietse Venema escribió:
Emanuel:
Is it possible to create different files with different IP addresses so 
that when sending an email they are sent from different round maps?
You would use master.cf entries with different smtp_bind_address or
smtp_bind_address6 settings, and select one with a filter command.

With master.cf entries

/etc/postfix/master.cf:
    relay-1     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.1
    relay-2     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.2
    relay-3     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.3
    relay-4     unix  -       -       n       -       -       smtp
        -o smtp_bind_address=1.2.3.4

Then you need a nested table which requires a restriction class.

/etc/postfix/main.cf:
    smtpd_client_restrictions = check_client_access
	inline:{
	   { 200.58.x.x = class1 }
	   { 200.58.x.y = class2 }
	}

    restriction_classes = class1, class2
    class1 = check_client_access randmap:{filter relay-1:, filter relay-2:}
    class2 = check_client_access randmap:{filter relay-3:, filter relay-4:}

Instead of inline:{}, a hash or pcre table would work too. 

YES.! i need this!

so I can call a file and indicate the class, this is very useful?

/etc/postfix/main.cf:
    smtpd_client_restrictions = check_client_access
    inline:{
       { hash:/etc/postfix/bad_client = class1 }
       { hash:/etc/postfix/bad_client = class2 }
    }

Thanks so much, for your help.


	Wietse
--
envialosimple.com
Emanuel Gonzalez
IT / Departamento Emails
[hidden email]
www.envialosimple.com
by donweb
 
Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son confidenciales, de uso exclusivo para el destinatario del mismo. La divulgación y/o uso del mismo sin autorización por parte de DonWeb.com queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited by DonWeb.com.
DonWeb.com shall not be liable  for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais ela foi endereçada, por favor destrua-a e a todos os seus eventuais anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, retornando-a para o autor.
 
Reply | Threaded
Open this post in threaded view
|

Re: round robin map with ipv4 and ipv6

Wietse Venema
Emanuel:
[ Charset windows-1252 converted... ]

>
> El 12/2/20 a las 20:14, Wietse Venema escribi?:
> > Emanuel:
> >> Is it possible to create different files with different IP addresses so
> >> that when sending an email they are sent from different round maps?
> > You would use master.cf entries with different smtp_bind_address or
> > smtp_bind_address6 settings, and select one with a filter command.
> >
> > With master.cf entries
> >
> > /etc/postfix/master.cf:
> >      relay-1     unix  -       -       n       -       -       smtp
> >          -o smtp_bind_address=1.2.3.1
> >      relay-2     unix  -       -       n       -       -       smtp
> >          -o smtp_bind_address=1.2.3.2
> >      relay-3     unix  -       -       n       -       -       smtp
> >          -o smtp_bind_address=1.2.3.3
> >      relay-4     unix  -       -       n       -       -       smtp
> >          -o smtp_bind_address=1.2.3.4
> >
> > Then you need a nested table which requires a restriction class.
> >
> > /etc/postfix/main.cf:
> >      smtpd_client_restrictions = check_client_access
> > inline:{
> >   { 200.58.x.x = class1 }
> >   { 200.58.x.y = class2 }
> > }
> >
> >      restriction_classes = class1, class2
> >      class1 = check_client_access randmap:{filter relay-1:, filter relay-2:}
> >      class2 = check_client_access randmap:{filter relay-3:, filter relay-4:}
> >
> > Instead of inline:{}, a hash or pcre table would work too.
>
> YES.! i need this!
>
> so I can call a file and indicate the class, this is very useful?
>
> /etc/postfix/main.cf:
>      smtpd_client_restrictions = check_client_access
>      inline:{
>         { hash:/etc/postfix/bad_client = class1 }
>         { hash:/etc/postfix/bad_client = class2 }
>      }

No, I wrote INSTEAD OF inline:{}, a hash or pcre table would work.

        Wietse