Issue smtp directly from gateway



  • Hello,

    I'm strange issue .

    I've 5 server which will send mails.

    one mail server which will be sending and receiving mails. all other 5 server to send SMTP request to my mail server and that mail server will forward it.

    Servers LAN-IPs. 10.10.1-5

    Mail Server with 2 NIC :

    WAN Public : x.x.x.x <== set with MX / SPF / DKIM / PTR / DMARC DNS entries LAN-IP : 10.10.10.1

    Currently I've installed postfix to 5 server and added relayhos= [10.10.10.1] and mynetwork=10.10.1.0/24 on each server .

    But when I sent email from any server it shows following logs

    Nov 29 10:55:53 localhost postfix/master[13244]: daemon started -- version 2.6.6, configuration /etc/postfix
    Nov 29 11:12:41 localhost postfix/postfix-script[13735]: stopping the Postfix mail system Nov 29 11:12:41 localhost postfix/master[13244]: terminating on signal 15 Nov 29 11:12:41 localhost postfix/postfix-script[13807]: starting the Postfix mail system Nov 29 11:12:41 localhost postfix/master[13808]: daemon started -- version 2.6.6, configuration /etc/postfix Nov 29 11:14:12 localhost postfix/pickup[13810]: C66952006DA: uid=0 from= Nov 29 11:14:12 localhost postfix/cleanup[13825]: C66952006DA: message-id=20181129061412.C66952006DA@localhost.localdomain Nov 29 11:14:12 localhost postfix/qmgr[13811]: C66952006DA: from=, size=498, nrcpt=1 (queue active) Nov 29 11:14:13 localhost postfix/smtp[13827]: C66952006DA: to=, relay=10.10.10.1[10.10.10.1]:25, delay=1.1, delays=0.1/0.01/0/0.94, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 12D4F8917E) Nov 29 11:14:13 localhost postfix/qmgr[13811]: C66952006DA: removed

    But when I received mail and check source header found my gateway Public IP instead of mail Public IP.

    One of my server configuration :

    ponstconf -n

    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    html_directory = no
    inet_interfaces = loopback-only
    inet_protocols = all
    mail_owner = postfix
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 10.10.1.0/24, 127.0.0.0/8
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    relayhost = [10.10.10.1]
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    unknown_local_recipient_reject_code = 550

    I dont get it why my gateway IP being used to send email instead of mail server. I've created virtual interface for mail server wan.

    Regards



  • @scorpoin said in Issue smtp directly from gateway:

    Servers LAN-IPs. 10.10.1-5
    Mail Server with 2 NIC :
    WAN Public : x.x.x.x <== set with MX / SPF / DKIM / PTR / DMARC DNS entries LAN-IP : 10.10.10.1
    ....
    I've created virtual interface for mail server wan.
    ....

    Your mail servers are multi homed ? If not : great : no one will make anything out of it. A network graph will be much appreciated. Btw : Do not expect to find "postfix" help on a "pfsense" forum.


  • Rebel Alliance Global Moderator

    Yeah really confused how pfsense comes into play here.. Your not running any sort of postfix forwarder package or anything on pfsense?

    Your mail server is behind a nat.. If you want it to "present" its public IP vs is actual local IP that is on the configuration of the MTA.

    As to what IP pfsense actually uses for source for outbound nat - well that would be in your outbound nat settings.



  • @johnpoz Thanks

    Could you guide me a bit to create out bount/

    Let say
    Interface = WAN
    Source = any
    source port = 25

    Destination : Type = network
    Address = (my-public-ip-mail-server)
    source port = 25

    correct me if im making a wrong rule for outbound NAT


  • Rebel Alliance Global Moderator

    source port would not be 25... And out of the box its going to use your WAN for the nat anyway..

    If you want it to use some VIP you would have to call that out..

    And NO it would not be address your public IP mail server..

    What exactly are you trying to do??? You have 5 servers behind pfsense??? You have 4 servers outside pfsense and 1 behind?

    But when I received mail and check source header found my gateway Public IP instead of mail Public IP.

    So you have what on the WAN of pfsense for IPs.. Its normal IP and then some VIPs you setup??



  • Let me check and will get back to you .

    Thanks