use smtp_bind_address or defer

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

use smtp_bind_address or defer

Sven Strickroth
Hi,

I've a server with multiple ip addresses (all dial-in). But only one
static ip-address. So if the static ip line is down postfix prints out
"warning: smtp_connect_addr: bind x.x.x.x: Cannot assign requested
address" and uses the other (dynamic) ip for sending.

Is it possible to tell postfix not to send mails if the
smtp_bind_address is not available?

--
Best regards,
 Sven                              mailto:[hidden email]
 ClamAV, a GPL anti-virus toolkit   http://www.clamav.net

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Stan Hoeppner
Sven Strickroth put forth on 9/25/2009 7:43 PM:
> Hi,
>
> I've a server with multiple ip addresses (all dial-in). But only one
> static ip-address. So if the static ip line is down postfix prints out
> "warning: smtp_connect_addr: bind x.x.x.x: Cannot assign requested
> address" and uses the other (dynamic) ip for sending.
>
> Is it possible to tell postfix not to send mails if the
> smtp_bind_address is not available?

http://www.postfix.org/postconf.5.html#smtp_bind_address

smtp_bind_address (default: empty)

    An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.

    This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client, for
example:

        /etc/postfix/master.cf:
            smtp ... smtp -o smtp_bind_address=11.22.33.44

    Note 1: when inet_interfaces specifies no more than one IPv4
address, and that address is a non-loopback address, it is automatically
used as the smtp_bind_address. This supports virtual IP hosting, but can
be a problem on multi-homed firewalls. See the inet_interfaces
documentation for more detail.

    Note 2: address information may be enclosed inside [], but this form
is not required here.


Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Sven Strickroth
Am 26.09.2009 03:40 schrieb Stan Hoeppner:
>> Is it possible to tell postfix not to send mails if the
>> smtp_bind_address is not available?
>
> http://www.postfix.org/postconf.5.html#smtp_bind_address

You only pasted the docs here, but my problem isn't described there (or
I don't get it).

My system is configured so that it correctly uses the smtp_bind_address,
but when the specified smtp_bind_address is not available postfix binds
to some other ip to send mail (instead of keeping it until the ip is
available again).

--
Best regards,
 Sven                              mailto:[hidden email]
 ClamAV, a GPL anti-virus toolkit   http://www.clamav.net

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Stan Hoeppner
Sven Strickroth put forth on 9/25/2009 8:49 PM:

> Am 26.09.2009 03:40 schrieb Stan Hoeppner:
>>> Is it possible to tell postfix not to send mails if the
>>> smtp_bind_address is not available?
>> http://www.postfix.org/postconf.5.html#smtp_bind_address
>
> You only pasted the docs here, but my problem isn't described there (or
> I don't get it).
>
> My system is configured so that it correctly uses the smtp_bind_address,
> but when the specified smtp_bind_address is not available postfix binds
> to some other ip to send mail (instead of keeping it until the ip is
> available again).

Provide 'postconf -d' output please.

--
Stan



Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Victor Duchovni
In reply to this post by Sven Strickroth
On Sat, Sep 26, 2009 at 02:43:35AM +0200, Sven Strickroth wrote:

> Is it possible to tell postfix not to send mails if the
> smtp_bind_address is not available?

Not without source code changes:

    src/smtp/smtp_connect.c:smtp_connect_addr()
        ...
        if (bind(sock, res0->ai_addr, res0->ai_addrlen) < 0)
            msg_warn("%s: bind %s: %m", myname, bind_addr);

so failure to bind the requested address is logged, but is not fatal.
Why does the address get de-configured? You should be able to bind
it provided the interface is administratively up, even if it is not
working.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Victor Duchovni
In reply to this post by Stan Hoeppner
On Fri, Sep 25, 2009 at 09:35:39PM -0500, Stan Hoeppner wrote:

> Provide 'postconf -d' output please.

Best to not provide answers when you are not more expert than the person
asking the questions.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

@lbutlr
In reply to this post by Stan Hoeppner
On 25-Sep-2009, at 20:35, Stan Hoeppner wrote:
> Provide 'postconf -d' output please.

How is that going to help?

from man postfconf:

        -d     Print default parameter settings instead of actual  
settings.

--
"Master, what is the difference between a humanistic, monastic
        system of belief in which wisdom is sought by means of an
        apparently nonsensical system of questions and answers, and a
        lot of mystic gibberish made up on the spur of the moment?" Wen
        considered this for some time, and a last said: "A fish!"

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Stan Hoeppner
In reply to this post by Victor Duchovni
Victor Duchovni put forth on 9/25/2009 9:37 PM:

> Why does the address get de-configured? You should be able to bind
> it provided the interface is administratively up, even if it is not
> working.

Ahh, that's the part I missed.  Sounds like his flavor of *nix (and/or a
driver) is automatically de-configuring the interface upon link
failure/call hang-up/etc.

Sven, are you using a multi-line ISDN or analog dial card?  Or separate
modems (serial or USB)?  Or, is this actually a multi-line aDSL/cable
setup, with the physical server connections being ethernet?  You said
"all dial-in" but some folks use "dial-in" interchangeably with "dynamic
IP aDSL/cable".  I'm just trying to get on the exact same page so we can
help you solve this.

--
Stan

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Sven Strickroth
In reply to this post by Victor Duchovni
Hi,

Am 26.09.2009 04:37 schrieb Victor Duchovni:
> Not without source code changes:

I thought that...

> Why does the address get de-configured? You should be able to bind
> it provided the interface is administratively up, even if it is not
> working.

I've two DSL lines and use RP-PPPoE. The IP is static but I receive it
using PPP (like DHCP) and if the DSL line is down, the pppX-device
"vanishes" -> that's why no process can bind to the ip.

--
Best regards,
 Sven                              mailto:[hidden email]
 ClamAV, a GPL anti-virus toolkit   http://www.clamav.net

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Wietse Venema
In reply to this post by Sven Strickroth
Sven Strickroth:
> Hi,
>
> I've a server with multiple ip addresses (all dial-in). But only one
> static ip-address. So if the static ip line is down postfix prints out
> "warning: smtp_connect_addr: bind x.x.x.x: Cannot assign requested
> address" and uses the other (dynamic) ip for sending.
>
> Is it possible to tell postfix not to send mails if the
> smtp_bind_address is not available?

I never need to use smtp_bind_address when my own mailhost needs
to fall back to dialup (which is fortunately rarely).

All reasonable TCP/IP stacks will automatically use the right source
IP address when sending out mail over the dialup link or over the
local network.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Sven Strickroth
Hi,

Am 26.09.2009 15:04 schrieb Wietse Venema:
>> Is it possible to tell postfix not to send mails if the
>> smtp_bind_address is not available?

> All reasonable TCP/IP stacks will automatically use the right source
> IP address when sending out mail over the dialup link or over the
> local network.

I've two dial-up lines and no other internet-connection. But if the
static-ip connection is down, the TCP/IP-STACK uses the other connection
with a dynamic ip. With the smtp_bind_address I need to force postfix to
use the static ip, instead of using the dynamic ip for sending.

Using the dynamic IP has lots of disadvantages: Higher spam cores,
bounces and so on.

--
Best regards,
 Sven                              mailto:[hidden email]
 ClamAV, a GPL anti-virus toolkit   http://www.clamav.net

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Wietse Venema
Sven Strickroth:

> Hi,
>
> Am 26.09.2009 15:04 schrieb Wietse Venema:
> >> Is it possible to tell postfix not to send mails if the
> >> smtp_bind_address is not available?
>
> > All reasonable TCP/IP stacks will automatically use the right source
> > IP address when sending out mail over the dialup link or over the
> > local network.
>
> I've two dial-up lines and no other internet-connection. But if the
> static-ip connection is down, the TCP/IP-STACK uses the other connection
> with a dynamic ip. With the smtp_bind_address I need to force postfix to
> use the static ip, instead of using the dynamic ip for sending.

OK, so you send out IP packets with your static IP source address
out over the dynamic interface.

How do the return packets from remote sites (with destination your
source IP address) know that they have to travel via your dynamic
interface?

What routing arrangements have you made with your dynamic provider
to make that work?

        Wietse

> Using the dynamic IP has lots of disadvantages: Higher spam cores,
> bounces and so on.
>
> --
> Best regards,
>  Sven                              mailto:[hidden email]
>  ClamAV, a GPL anti-virus toolkit   http://www.clamav.net
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Sven Strickroth
Am 26.09.2009 16:18 schrieb Wietse Venema:
> OK, so you send out IP packets with your static IP source address
> out over the dynamic interface.

no, and there's the problem. if the static-ip connection is down,
postfix reports "warning: smtp_connect_addr: bind x.x.x.x: Cannot assign
requested address" and then it binds to the dynamic ip and uses that.

Why not add an option so that if the binding to the smtp_bind_address
fails that postfix refuses to send mail.

--
Best regards,
 Sven                              mailto:[hidden email]
 ClamAV, a GPL anti-virus toolkit   http://www.clamav.net

Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Victor Duchovni
On Sat, Sep 26, 2009 at 05:36:30PM +0200, Sven Strickroth wrote:

> Am 26.09.2009 16:18 schrieb Wietse Venema:
> > OK, so you send out IP packets with your static IP source address
> > out over the dynamic interface.
>
> no, and there's the problem. if the static-ip connection is down,
> postfix reports "warning: smtp_connect_addr: bind x.x.x.x: Cannot assign
> requested address" and then it binds to the dynamic ip and uses that.
>
> Why not add an option so that if the binding to the smtp_bind_address
> fails that postfix refuses to send mail.

Add filters to block outbound port 25 on the dynamic interface. Pretend
your ISP has already done that for you (as many do).

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Stan Hoeppner
Victor Duchovni put forth on 9/26/2009 1:36 PM:

> On Sat, Sep 26, 2009 at 05:36:30PM +0200, Sven Strickroth wrote:
>
>> Am 26.09.2009 16:18 schrieb Wietse Venema:
>>> OK, so you send out IP packets with your static IP source address
>>> out over the dynamic interface.
>> no, and there's the problem. if the static-ip connection is down,
>> postfix reports "warning: smtp_connect_addr: bind x.x.x.x: Cannot assign
>> requested address" and then it binds to the dynamic ip and uses that.
>>
>> Why not add an option so that if the binding to the smtp_bind_address
>> fails that postfix refuses to send mail.
>
> Add filters to block outbound port 25 on the dynamic interface. Pretend
> your ISP has already done that for you (as many do).

Or...

Might it be possible, via transport_maps or something, to relay via SASL
auth to your dynamic IP DSL provider's submission/outbound SMTP relay
server, either on TCP 25 or 587 (whichever they support), whenever your
static IP interface is down?  This will definitely help to mitigate some
delivery issues you mentioned WRT receivers' anti spam measures.  I ran
this way for almost 4 years on an SBC/AT&T PPPoE dynamic IP DSL
connection with great success, although it was a single line setup.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: use smtp_bind_address or defer

Wietse Venema
Stan Hoeppner:

> Victor Duchovni put forth on 9/26/2009 1:36 PM:
> > On Sat, Sep 26, 2009 at 05:36:30PM +0200, Sven Strickroth wrote:
> >
> >> Am 26.09.2009 16:18 schrieb Wietse Venema:
> >>> OK, so you send out IP packets with your static IP source address
> >>> out over the dynamic interface.
> >> no, and there's the problem. if the static-ip connection is down,
> >> postfix reports "warning: smtp_connect_addr: bind x.x.x.x: Cannot assign
> >> requested address" and then it binds to the dynamic ip and uses that.
> >>
> >> Why not add an option so that if the binding to the smtp_bind_address
> >> fails that postfix refuses to send mail.
> >
> > Add filters to block outbound port 25 on the dynamic interface. Pretend
> > your ISP has already done that for you (as many do).
>
> Or...
>
> Might it be possible, via transport_maps or something, to relay via SASL
> auth to your dynamic IP DSL provider's submission/outbound SMTP relay
> server, either on TCP 25 or 587 (whichever they support), whenever your
> static IP interface is down?  This will definitely help to mitigate some
> delivery issues you mentioned WRT receivers' anti spam measures.  I ran
> this way for almost 4 years on an SBC/AT&T PPPoE dynamic IP DSL
> connection with great success, although it was a single line setup.

Postfix supports smtp_fallback_relay (set it to the dynamic ISP);
and Postfix SASL passwords are always tied to specific SMTP servers.

        Wietse