Jan 022010
Recently there have been requests for sending mail with source IP addresses that depend on the envelope sender, it’s very usefull to protect IP-based domain reputations of different customers.
New Feature in postfix postfix-2.7-20091209 is sender_dependent_default_transport_maps
sender_dependent_default_transport_maps (default: empty)
A sender-dependent override for the global default_transport parameter setting.
The tables are searched by the envelope sender address and @domain.
A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting.
This information is overruled with the transport(5) table.
Note: this overrides default_transport, not transport_maps, and therefore the expected syntax is that of default_transport.
This feature does not support the transport_maps syntax for null transport, null nexthop, or null email addresses.
For safety reasons, this feature does not allow $number substitutions in regular expression maps.
This feature is available in Postfix 2.7 and later.
Create file called sdd_transport_maps.regexp:
/@customer1-dom\.tld$/ customer1: /@customer2-dom\.tld$/ customer2: /@customer3-dom\.tld$/ customer3: ..... next .....
In master.cf create special transport called customer1, customer2, customer3….and so on
customer1 unix - - n - - smtp -o smtp_bind_address=1.1.1.1 -o smtp_helo_name=customer1-dom.tld -o syslog_name=postfix-customer1 customer2 unix - - n - - smtp -o smtp_bind_address=1.1.1.2 -o smtp_helo_name=customer2-dom.tld -o syslog_name=postfix-customer2 customer3 unix - - n - - smtp -o smtp_bind_address=1.1.1.3 -o smtp_helo_name=customer3-dom.tld -o syslog_name=postfix-customer3 ..... next .....
In main.cf add sender_dependent_default_transport_maps line:
sender_dependent_default_transport_maps = regexp:/etc/postfix/sdd_transport_maps.regexp
Don’t forget to create ip aliasing for each ip address in smtp_bind_address
reload postfix
# postfix reload
You may also want to read these posts:
- Postfix Bind Sender Outgoing IP, Based On GeoIP Location
- Postfix Changing Outgoing IP By Time Interval Using TCP_TABLE And Perl
- Postfix Randomizing Outgoing IP Using TCP_TABLE And Perl
- block squirrelmail sender address spoofing
- Postfix Rotating Outgoing IP Using TCP_TABLE And Perl
- postfix 2.8-20100213 postscreen
- Postfix Create Blackhole For Authenticated User’s Outgoing Submission
- Postfix IPv6 + SPF (sender policy framework)
- Postfix Create Blackhole For Authenticated User’s Outgoing Submission (revised)
- postfix-2.9.20110501 SRC RPM With sqlite3 Support
31 Responses to “Postfix Bind Sender Domain To Dedicated Outgoing IP Address”
Comments (31)
Hi there,
Thanks for this article, it seems to be the ONLY solution to defining domain specific outbound address in postfix.
However, I do not understand the line “Don’t forget to create ip aliasing for each ip address in smtp_bind_address”
IP aliasing is to create aliases for network interface eth0 e.g. eth0:1 -> x.x.x.1, eth0:2 -> x.x.x.2 etc which is working fine (tested apache virtual hosts). But then what would be the value for the smtp_bind_address parameter in main.cf?
Should it be smtp_bind_address = {IP Address of eth0}?
when you bind an address using smtp_bind_address without real/alias address postfix would be happily throw errors
the purpose is when user@customer1-dom.tld send an email, it will be routed to customer1: and statically bound to ip address 1.1.1.1
hope that’s help
Exactly what I needed. It worked perfectly first try. Thanks!!
Does this means that it will generate a specific outbound queue for those transports?
no, in order to make multiple queue you must use multiple instances
Unfortunately i’m not having as much luck as others, though i’m doing exactly what’s shown here and other sites.
My postfix version 2.9.5 on CentOS 6.3 blatantly refuses to bind IPs based on these headers. It will always use the eth0 IP and not the eth0:1, eth0:2, etc.
I’ve tried using regexp and shown in this example as well as hash table but same result.
master.cf (eth0 = 1.1.1.1, eth0:1 = 1.1.1.2, eth0:2 = 1.1.1.3)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
one unix - - n - - smtp
-o smtp_bind_address=1.1.1.2
-o smtp_helo_name=mail1.one.com
two unix - - n - - smtp
-o smtp_bind_address=1.1.1.3
-o smtp_helo_name=mail1.one.com
main.cf
sender_dependent_default_transport_maps = regexp:/etc/postfix/sdd_transport_maps.regexp
sdd_transport_maps.regexp
/@one\.com$/ one:
/@two\.com$/ two:
Yeah, i’ve postmapped all these files, reloaded postfix, even restarted it and then restarted the server. my postfix also indeed supports regexp.
Is there any debugging i can enable to figure this out?
there’s nothing to do with postfix map, does your ip aliasing really up?show me postfix errors | warning log