Some postfix questions/issues.



  • Running:
    2.2.6-RELEASE (amd64)
    built on Mon Dec 21 14:50:08 CST 2015
    FreeBSD 10.1-RELEASE-p25

    With Postfix package 2.4.6
    and mailscanner 0.2.13 8 (not enabled)

    got a few questions - OK - lets start with this one

    warning: not owned by root: /var/spool/postfix - something I need to care about?

    2.
    Messages from "internet" - arrives at the postfix server perfectly ok and are queued up - but then it fails to route it inwards, - outgoing mails route just fine.

    Sep 9 09:25:53 postfix/qmgr[41741]: 59E8CB111A: from=somone@external.com, size=18858, nrcpt=1 (queue active)
    postfix/smtp[63074]: connect to 192.168.1.171[192.168.1.171]:25: Operation timed out
    postfix/smtp[63074]: C79A4B1190: to=me@some-interally-hosted-domain.com, relay=none, delay=35, delays=5.4/0.01/30/0, dsn=4.4.1, status=deferred (connect to 192.168.1.171[192.168.1.171]:25: Operation timed out)

    Test port results are;
    From LAN to internal SMTP server - OK
    from 192.168.1.5 to internal SMTP server - OK
    from loopback to internal SMTP server - FAIL
    from WAN to internal SMTP - FAIL (should fail :-))

    postfix has the WAN,LAN, and loopback selected and looks like this in main.cf; (public ip masked)
    inet_interfaces = 192.168.1.5,88.88.88.115,127.0.0.1

    192.168.1.5 is a LAN CARP ip,  and is the one receiving outgoing mails from internal SMTP
    88.88.88.115 is a WAN CARP, ans is the one used for "smtp_bind_address =" and where the MX record is pointing.

    I suspect postfix uses WAN interface trying to reach the internal server, need assistance to fix or debug the problem

    thanks in advance :-)/me@some-interally-hosted-domain.com/somone@external.com



  • ok issue #2 workaround (not fix in IMO)

    1. was to set postfix to listen on LAN address only (192.168.1.5) a CARP address
    2. NAT the external IP port 25 to the LAN IP

    tried to set postfix to listen on 127.0.0.1 only and NAT both the LAN and WAN ip's to it - but
    then i still could not route the mails to LAN.