2 IP for postfix with IP alias

Hi,

I am working for a company which needs to send mass-mailing to its thousands of customers (newsletter). For now, we send mails from only one IP xx.xx.xx.xx and we wish to separate mails between 2 IP:
one IP (xx.xx.xx.xx) reserved for mass-mailing and another IP (yy.yy.yy.yy) for other mails. We have only one mail server running with Postfix.
The server have 1 network interface card eth3 with IP 10.0.0.5, so I was thinking about using IP aliasing to add another IP to this interface (IP 10.0.0.7) in order to connect to the server by both IP.
The problem is that when we access to the server by IP 10.0.0.5 to send mail then the server sends it with the good IP 10.0.0.5 but when we access to the server by the second IP 10.0.0.7 then the server sends the mail with the IP 10.0.0.5 instead of 10.0.0.7.

Do you have any idea of what can I do?

Thanks in advance.
Regards.

I believe you would have to run two instances of postfix for this, each having their own smtp_bind_address. You can then use them separately as the outgoing relay. Postfix also has support for multi-instance management do a search for that but you would have to roll it yourself.

I heven’t had to do anything like this so take this info with a grain of salt.

However it’s unclear to me why you care which interface the mail goes out on as they are physically the same interface, so ethernet traffic cannot be a consideration. Only reason I can think of is you have different routing based on the source address, and your mass mailing is going out on a different upstream link. If not, and you are behind a NAT firewall, as you seem to be, then all mail is going out with your one external address anyway. Only a close examination of the mail headers would show which interface was used, and nobody really cares what internal IP was recorded in the Received: lines.

One thing to investigate though, and it’s unlikely as you say are a mass mailer so you would not be using upstream relayhosts. But if you are, you can do sender_dependent routing with one postfix instance. So you could route mail with a From: of the newletter to a different relayhost.

Thx for your answer.

Yes, i am behind a NAT firewall and for now it redirects incoming IP 10.0.0.5 to a public IP in xx.xx.xx.5. We can see in mail headers that mails came from xx.xx.xx.5.
I have added another rule so incoming IP 10.0.0.7 is redirected to a public IP xx.xx.xx.7. This way mass mailing would be sent with a different (clean reputation) IP to avoid my newsletter to go into SPAM. But when I connect either in 10.0.0.5 or 10.0.0.7 on my server, it always leave in 10.0.0.5 and so with the NAT configuration in xx.xx.xx.5. I was trying to find a solution to solve this using only one Postfix.

Your idea to use 2 instances of Postfix seems to be another good solution. So if I understand, I create 2 postfix with “inet_interface=” different to access the postfix I want, then on 1 Postfix I put smtp_bind_address=10.0.0.5 -> redirected in xx.xx.xx.5 and on the other Postfix smtp_bind_address=10.0.0.7 -> redirected in xx.xx.xx.7

That means i also have to add another MX record on the dns (ex: smtp2.domaine) in xx.xx.xx.7 and also the reverse. I don’t know how to fix the priority since I still want my incoming mails to go through my first MX.

Am I right? I don’t know if this can work.

Eikichi65 wrote:

> Yes, i am behind a NAT firewall and for now it redirects incoming IP
> 10.0.0.5 to a public IP in xx.xx.xx.5. We can see in mail headers that
> mails came from xx.xx.xx.5.
> I have added another rule so incoming IP 10.0.0.7 is redirected to a
> public IP xx.xx.xx.7. This way mass mailing would be sent with a
> different (clean reputation) IP to avoid my newsletter to go into SPAM.
> But when I connect either in 10.0.0.5 or 10.0.0.7 on my server, it
> always leave in 10.0.0.5 and so with the NAT configuration in
> xx.xx.xx.5. I was trying to find a solution to solve this using only one
> Postfix.

Sorry for the noise O:-)

Shouldn’t binding to both ip addresses “inet_interfaces = 10.0.0.5,
10.0.0.7” and “rcpostfix restart” do the trick here? :-?

Greetings,


Camaleón

Just set it to a higher number for the second postfix’s MX so that it will always prefer the first MX. Also you do not actually have to open incoming port 25 so that you will never get incoming email from outside on that postfix. You just need the MX record so that some spam prevention measures will not say aha, your source address isn’t listed as a MX for the domain you are sending for, so I will declare you as spam.

Ok, i configured the dns with a second MX, it’s ok but my new problem is that i can’t launch a second instance of postfix. I copied the directory /etc/postfix to /etc/postfix2, i changed all the configuration in both main.cf and master.cf from each instance but my second instance is not running.
I used the command: “postfix -c /etc/postfix2 start” to launch but then when I verify with “netstat -ln | grep :25” only the first instance appear so the second is not running.

I have postfix 2.5 so I can’t use postmulti command to manage multiple instances. Maybe this is something to change in the file “postfix-scripts” of the second instance but I don’ know what :s

I would actually recommend making a copy of /etc/init.d/postfix, editing it to change everything to suit the second instance, files, directories, variables, etc and then installing it with insserv postfix2.

Also make sure that the first instance is bound to only one IP address, if the output of netstat shows *:25, it’s bound to all interfaces.

My first instance is well bound to only one IP 10.0.0.5.
I changed the script “/etc/init.d/postfix2” (copy of /etc/init.d/postfix) and then used the command “insserv postfix2” but i got this:

insserv: script postfix2: service sendmail already provided!
insserv: exiting now!

Here is my /etc/init.d/postfix2:

#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# Copyright (c) 2002 SuSE Linux AG
# Copyright (c) 2005 SUSE LINUX Products GmbH
#
# Author: Carsten Hoeger
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/postfix2
#
### BEGIN INIT INFO
# Provides:       sendmail postfix
# Required-Start: $network $named $syslog $time
# Should-Start: cyrus ldap ypbind openslp
# Required-Stop:
# Default-Start:  3 5
# Default-Stop:
# Description:    start the Postfix MTA
### END INIT INFO

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

MASTER_BIN=/usr/lib/postfix/master
PIDFILE=/var/spool/postfix2/pid/master.pid
POSTFIX_BIN=/usr/sbin/postfix
POSTCONF=/usr/sbin/postconf
OPENSLP_BIN=/usr/bin/slptool
test -x $POSTFIX_BIN || exit 5
test -x $MASTER_BIN || exit 5
test -f /etc/sysconfig/postfix && . /etc/sysconfig/postfix

cond_slp() {
    cmd=$1
    PIFACES=$($POSTCONF -h inet_interfaces|sed -e 's/\(127.0.0.1\|::1\|:space:]]\)//g')
    PSERVICES=$(grep -E '^smtp.*smtpd' /etc/postfix2/master.cf| cut -d" " -f1)
    if  -n "${POSTFIX_REGISTER_SLP/[yY][Ee][Ss]/}" ]; then
        return
    fi
    if  -x $OPENSLP_BIN -a -n "$PIFACES" ]; then
        FQHN=$($POSTCONF -h myhostname)
        for srv in $PSERVICES; do
            sport=$(sed -ne "/^$srv/Is/^$srv:space:]]\+\([0-9]\+\)\/tcp.*/\1/gp" /etc/services)
            if  -n "$sport" ]; then
                $OPENSLP_BIN $cmd service:$srv://$FQHN:$sport > /dev/null 2>&1
            fi
        done 
    fi
}   


# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num><num>
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status
. /etc/rc.status
    
# First reset status of this service
rc_reset
        
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.

case "$1" in
    start)
        echo -n "Starting mail service (Postfix2)"
        ## Start daemon with startproc(8). If this fails
        ## the echo return value is set appropriate.

        if ! checkproc -p $PIDFILE $MASTER_BIN; then
                $POSTFIX_BIN start > /dev/null 2>&1
        else
                rc_reset
        fi
        
        # Remember status and be verbose
        rc_status -v

        ( i=60
        # waiting for qmgr
        while  -z "$(pidof qmgr)" -a $i -gt 0 ]; do
            i=$(( $i - 1 ))   
            sleep 1
        done
        $POSTFIX_BIN flush ) > /dev/null 2>&1 &
        cond_slp "register" &
        ;;
    stop)
        echo -n "Shutting down mail service (Postfix2)"
        ## Stop daemon with killproc(8) and if this fails
        ## set echo the echo return value.
/sbin/killproc -p $PIDFILE -TERM $MASTER_BIN
        
        # Remember status and be verbose
        cond_slp "deregister" &
        rc_status -v
        ;;
    try-restart)
        ## Stop the service and if this succeeds (i.e. the
        ## service was running before), start it again.
        ## Note: try-restart is not (yet) part of LSB (as of 0.7.5)
        $0 status >/dev/null &&  $0 restart
        
        # Remember status and be quiet
        rc_status
        ;;
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start
        
        # Remember status and be quiet
        rc_status
        ;;
    force-reload)
        ## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
        ## If it does not support it, restart.
        
        echo -n "Reload mail service (Postfix)"
        # if it supports it:   
        /sbin/killproc -p $PIDFILE -HUP $MASTER_BIN
        #touch /var/run/FOO.pid
        rc_status -v
        POSTFIX_BIN flush > /dev/null 2>&1
        
        ## Otherwise:
        #$0 stop  &&  $0 start
        #rc_status
        ;;
    reload)
        echo -n "Reload mail service (Postfix)"
    
        # If it supports signalling:
        /sbin/killproc -p $PIDFILE -HUP $MASTER_BIN
        #touch /var/run/FOO.pid
        rc_status -v
        $POSTFIX_BIN flush > /dev/null 2>&1
        
        ## Otherwise if it does not support reload:
        #rc_failed 3
        #rc_status -v
        ;;
status)
        echo -n "Checking for service Postfix: "
        ## Check status with checkproc(8), if process is running
        ## checkproc will return with exit status 0.

        # Status has a slightly different for the status command:
        # 0 - service running  
        # 1 - service dead, but /var/run/  pid  file exists
        # 2 - service dead, but /var/lock/ lock file exists
        # 3 - service not running
        
        # NOTE: checkproc returns LSB compliant status values.
        /sbin/checkproc -p $PIDFILE $MASTER_BIN
        rc_status -v
        ;; 
    *)
        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
        exit 1
        ;;
esac
rc_exit

There must be other variable to change because when i do “/etc/init.d/postfix2 status”, it tells me that it s currently running but there is no PID in the processus list coresponding to the PID in the file /var/spool/postfix2/pid/master.pid

Remove the words in Provides, since this is already provided by the main postfix. You might also want to review the Should-start and Should-stop and make it depend on the main postfix running before it can run. Then insserv will schedule it after the main postfix.

There is a convention for where the script looks for the pid file, you’ll have to read up on the checkproc helper and figure out how to work around it.

I upgraded my postfix from 2.5 to 2.6 so now I can use postmulti for simple double instance configuration. But I still have the problem to run both instances at the same time. I can run just instance1 alone or instance2 alone.
When I restart to run those 2 instances, it tells me that they are launched with succes

postfix start
postfix/postfix-script: starting the Postfix mail system
postfix-2/postfix-script: starting the Postfix mail system

But only one instance is actually running

postfix reload
postfix/postfix-script: refreshing the Postfix mail system
postfix-2/postfix-script: fatal: the Postfix mail is not running 

or

postfix start
postfix/postfix-script: fatal: the Postfix mail system is already running
postfix-2/postfix-script: starting the Postfix mail system

This is confirmed with “netstat -ln | grep :25”, we can see that just one instance is running.
I don’t know where the problem come from since with postmulti, both scripts should be working fine. I followed all the Howto.

Sorry, I’ve never used postmulti so you are on your own here. Some things you can try to debug:

  1. Run scripts using:

sh -x script arg1 arg2

instead of

script arg1 arg2

That will show you what is being executed.

  1. Check log files for error messages.

  2. Check if there are any lock files that prevent the second instance from starting up.

Ok, I’ll try that.

Thank you for all your answer, that helped me very much.
I’ll post the solution if i find it. :wink:

I have solved my problem to run 2 instances of postfix. (both were listenning on 127.0.0.1:25 so the first process run but the second was aborted because of that)

So now when i try to send mails, they never reach their destination and are lost somewhere I don’t know. They are not in the mailq.

what I have changed:

postfix instance1

main.cf
inet_interfaces = 10.0.0.5, localhost

master.cf
10.0.0.5:smtp ......  smtpd
     -o content_filter = dksign:[127.0.0.1]:10027
127.0.0.1:smtp ......  smtpd 
     -o content_filter = dksign:[127.0.0.1]:10027
smtp ..... smtp
     -o smtp_bind_address = 10.0.0.5

postfix instance2

main.cf
inet_interfaces = 10.0.0.7

master.cf
10.0.0.7:smtp ......  smtpd
smtp ..... smtp
   -o smtp_bind_address = 10.0.0.7

Mails are well sent when only the first instance is running with this parameters:

main.cf
inet_interfaces = all

master.cf
smtp ..... smtpd
     -o content_filter = dksign:[127.0.0.1]:10027
smtp ..... smtp

Your content filter may be trying to feed the filtered mail back using 127.0.0.1. You may have to change the postfix daemons to listen to some other address in 127.0.0.0/8 for that.

Yes, thank you, all is working fine now. I can send mails with 2 differents IP. I’ll have to find a way to sign DKIM for both instances but this is another problem.

Thank you again for all your help.

I’ve done everything mentioned here but still cannot get both my postfix (2.5) instances to run simultaneously.

I can start each one separately but not both. The second service will not answer to telnet.

I confirmed they are both running on different IP addresses by using telnet.

One thing that puzzles me is that I could not get the cloned startup script in this thread to work correctly. The second instance would always use the configuration in the first instance’s directory. I believe that is because postfix uses the -c switch to specific a configuration file. When I added a specfic -c postfix2 to the startup command in rcpostfix2, it used the 2nd instance’s main.cf

$POSTFIXBIN -c /etc/postfix2

I tried setting up the master.cf files as you suggest but it did not make a difference. Another article on the postfix.org site says that I only need to change the main.cf file and specify inet_interfaces and smtp_bind_address. This seems to remove the need for changing master.cf.

This is the article they suggest at postfix.org:

Adding a second postfix instance

What is the next step in diagnosing the problem?

I have checked mail.log, mail.err, mail.info and mail.warn.

One error I see in mail.warn is:

Sep 22 21:20:23 LSLSMTP01 postfix/postfix-script[8462]: warning: not owned by postfix: /var/lib/postfix2/.

The fix in my case is to create a new data_directory and insure it has the correct permission.

In main.cf

data_direcotry = /var/lib/postfix2

The permissions are set by:

chown postfix.postfix -R /var/lib/postfix

This article describes the issue:
PostFix says it’s started but never runs - HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

I’m sure all of this is unnecessary if I just upgrade to 2.6 with postmulti, but in my case that’s not easily done just now.