I host 2 web domains (domain1.com and domain2.com) on a CentOS 6.6 Linux server with 4 IP addresses.
Postfix 2.6.6 accepts mails to [email protected] and [email protected] and forwards them to [email protected] and [email protected]. Here excerpts of the config files:
/etc/postfix/main.cf
inet_interfaces = all
inet_protocols = ipv4
virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/virtual
[email protected] [email protected]
[email protected] [email protected]
My problem is that the first person (my father, whose business is since 1990 at the internet) becomes a lot of SPAM mails. I use Spamassassin to reject those mails, but some still come through and when forwarded to [email protected] they cause Google to throttle my server:
DFC32800849 3412 Fri Jan 30 11:40:38 [email protected] (host alt1.gmail-smtp-in.l.google.com[74.125.130.26] said: 421-4.7.0 [144.76.123.123 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. fl14si17784804pdb.81 - gsmtp (in reply to end of DATA command)) [email protected]
This affects the second person, who gets mails to [email protected] after long delays.
My question is if it is please possible to configure Postfix so that it uses different IP addresses (since my server has 4 of them) for forwarding the mails?
Thank you and below is the current "postconf -n" output:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = www.domain1.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 40s
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual
UPDATE:
I have modified my config files as suggested by undefined (thank you!) and then run postmap /etc/postfix/transport
and service postfix restart
-
/etc/mail/master.cf:
smtp unix - - n - - smtp
smtp-1 unix - - n - - smtp -o smtp_bind_address=my_ip_3
smtp-2 unix - - n - - smtp -o smtp_bind_address=my_ip_4
/etc/mail/transport:
[email protected] smtp-1:
[email protected] smtp-2:
Unfortunately, I still see the old problematic my_ip_2 in the delivered mail headers.
How can I please verify that the new "transports" are being used?
Here is the log excerpt after the change:
Feb 7 14:56:50 www postfix/postsuper[14206]: Deleted: 92 messages
Feb 7 14:57:06 www postfix/anvil[14172]: statistics: max connection rate 1/60s for (smtp:37.233.142.116) at Feb 7 14:53:45
Feb 7 14:57:06 www postfix/anvil[14172]: statistics: max connection count 1 for (smtp:37.233.142.116) at Feb 7 14:53:45
Feb 7 14:57:06 www postfix/anvil[14172]: statistics: max cache size 1 at Feb 7 14:53:45
Feb 7 14:57:07 www postfix/smtp[14008]: warning: open active 6870A8007E8: No such file or directory
Feb 7 14:57:14 www postfix/smtpd[14213]: connect from mail-ie0-f171.google.com[209.85.223.171]
Feb 7 14:57:14 www postfix/smtpd[14216]: connect from unknown[213.179.214.207]
Feb 7 14:57:14 www postfix/smtpd[14213]: 3EBA0800187: client=mail-ie0-f171.google.com[209.85.223.171]
Feb 7 14:57:14 www postfix/cleanup[14218]: 3EBA0800187: message-id=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>
Feb 7 14:57:14 www postfix/qmgr[12668]: 3EBA0800187: from=<[email protected]>, size=1707, nrcpt=1 (queue active)
Feb 7 14:57:14 www spamd[1856]: spamd: connection from localhost [127.0.0.1] at port 34152
Feb 7 14:57:14 www spamd[1856]: spamd: setuid to spam succeeded
Feb 7 14:57:14 www spamd[1856]: spamd: processing message <CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com> for spam:502
Feb 7 14:57:14 www spamd[1856]: spamd: clean message (-1.9/5.0) for spam:502 in 0.0 seconds, 1670 bytes.
Feb 7 14:57:14 www spamd[1856]: spamd: result: . -1 - BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,T_DKIM_INVALID scantime=0.0,size=1670,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34152,mid=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>,bayes=0.000000,autolearn=ham
Feb 7 14:57:14 www postfix/smtpd[14216]: 68890800246: client=unknown[213.179.214.207]
Feb 7 14:57:14 www postfix/pipe[14219]: 3EBA0800187: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=0.18, delays=0.13/0/0/0.05, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb 7 14:57:14 www postfix/qmgr[12668]: 3EBA0800187: removed
Feb 7 14:57:14 www postfix/pickup[14119]: 69FD7800187: uid=502 from=<[email protected]>
Feb 7 14:57:14 www postfix/cleanup[14223]: 69FD7800187: message-id=<CAADeyWgtCh21w-_AbKaPrq_kj2A=YjRi7OXHyjjruL01MR6sqw@mail.gmail.com>
Feb 7 14:57:14 www postfix/qmgr[12668]: 69FD7800187: from=<[email protected]>, size=2042, nrcpt=1 (queue active)
Feb 7 14:57:14 www spamd[1762]: prefork: child states: II
Feb 7 14:57:14 www postfix/smtpd[14213]: disconnect from mail-ie0-f171.google.com[209.85.223.171]
Feb 7 14:57:14 www postfix/cleanup[14218]: 68890800246: message-id=<[email protected]>
Feb 7 14:57:14 www postfix/qmgr[12668]: 68890800246: from=<[email protected]>, size=13993, nrcpt=1 (queue active)
Feb 7 14:57:14 www spamd[1856]: spamd: connection from localhost [127.0.0.1] at port 34153
Feb 7 14:57:14 www spamd[1856]: spamd: setuid to spam succeeded
Feb 7 14:57:14 www spamd[1856]: spamd: processing message <[email protected]> for spam:502
Feb 7 14:57:14 www postfix/smtpd[14216]: disconnect from unknown[213.179.214.207]
Feb 7 14:57:14 www spamd[1856]: spamd: clean message (1.6/5.0) for spam:502 in 0.2 seconds, 13741 bytes.
Feb 7 14:57:14 www spamd[1856]: spamd: result: . 1 - BAYES_50,HTML_MESSAGE,RDNS_NONE,T_REMOTE_IMAGE,UNPARSEABLE_RELAY scantime=0.2,size=13741,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34153,mid=<[email protected]>,bayes=0.484741,autolearn=no
Feb 7 14:57:15 www postfix/pickup[14119]: 00CD6800247: uid=502 from=<[email protected]>
Feb 7 14:57:15 www postfix/cleanup[14223]: 00CD6800247: message-id=<[email protected]>
Feb 7 14:57:15 www postfix/pipe[14219]: 68890800246: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=0.68, delays=0.43/0/0/0.25, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb 7 14:57:15 www postfix/qmgr[12668]: 68890800246: removed
Feb 7 14:57:15 www postfix/qmgr[12668]: 00CD6800247: from=<[email protected]>, size=14341, nrcpt=1 (queue active)
Feb 7 14:57:15 www spamd[1762]: prefork: child states: II
Feb 7 14:57:47 www postfix/smtp[14008]: warning: open active A6F92801560: No such file or directory
Unfortunately, still the same IP (which is throttled by Google) 144.76.184.154 is seen in the delivered test mail:
Delivered-To: [email protected]
Received: by 10.170.190.67 with SMTP id h64csp2513657yke;
Sat, 7 Feb 2015 05:59:08 -0800 (PST)
X-Received: by 10.180.89.210 with SMTP id bq18mr14321108wib.45.1423317548028;
Sat, 07 Feb 2015 05:59:08 -0800 (PST)
Return-Path: <[email protected]>
Received: from www.afarber.de ([144.76.184.154])
by mx.google.com with ESMTP id k10si7979060wif.41.2015.02.07.05.59.07
for <[email protected]>;
Sat, 07 Feb 2015 05:59:08 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 144.76.184.154 as permitted sender) client-ip=144.76.184.154;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 144.76.184.154 as permitted sender) [email protected];
dkim=pass [email protected];
dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: by www.afarber.de (Postfix, from userid 502)
id 69FD7800187; Sat, 7 Feb 2015 14:57:14 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on www.afarber.de
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
HTML_MESSAGE,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mail-ie0-f171.google.com (mail-ie0-f171.google.com [209.85.223.171])
by www.afarber.de (Postfix) with ESMTP id 3EBA0800187
for <[email protected]>; Sat, 7 Feb 2015 14:57:14 +0100 (CET)
It is not the IP that I have specified for smtp-1 or smtp-2.
UPDATE 2:
I have added "-v" to /etc/postfix/master.cf:
smtp inet n - n - - smtpd -o content_filter=spamassassin
....
smtp unix - - n - - smtp
smtp-1 unix - - n - - smtp -o smtp_bind_address=144.76.184.155 -v
smtp-2 unix - - n - - smtp -o smtp_bind_address=144.76.184.156 -v
....
spamassassin unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
And see now more Spamassassin messages in the /var/log/maillog.
Here is the updated "postconf -n" output (which is unchagned from above):
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = www.afarber.de
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 40s
smtp_generic_maps = hash:/etc/postfix/generic
unknown_local_recipient_reject_code = 550
virtual_alias_domains = videoskat.de balkan-preferans.de simplex.ru larissa-farber.de bukvy.de slova.de
virtual_alias_maps = hash:/etc/postfix/virtual
I see two solutions here.
(i did configuration like this many years ago) google use many ip's as MX. You can define in transport map, that first mail is routed via gmail-smtp-in.l.google.com., and second via alt1.gmail-smtp-in.l.google.com. Then - using iptables and nat/POSTROUTING - nat connections to first google MX via first ip, and to second google MX via second ip.
(not tested, but should work) ip used for outgoing mail is defined via smtp_bind_address. you can define second (and next) smtp transport in master.cf like:
and then define in transport map something like:
you must specify using transportmap file in main.cf file:
and run
to create hash map of it.