Jan 022010
 

Recently there have been requests for sending mail with source IP addresses that depend on the envelope sender, it’s very usefull to protect IP-based domain reputations of different customers.

New Feature in postfix postfix-2.7-20091209 is sender_dependent_default_transport_maps

sender_dependent_default_transport_maps (default: empty)

    A sender-dependent override for the global default_transport parameter setting.
    The tables are searched by the envelope sender address and @domain.
    A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting.
    This information is overruled with the transport(5) table.

    Note: this overrides default_transport, not transport_maps, and therefore the expected syntax is that of default_transport.
          This feature does not support the transport_maps syntax for null transport, null nexthop, or null email addresses.

    For safety reasons, this feature does not allow $number substitutions in regular expression maps.

    This feature is available in Postfix 2.7 and later.

Create file called sdd_transport_maps.regexp:

/@customer1-dom\.tld$/		customer1:
/@customer2-dom\.tld$/		customer2:
/@customer3-dom\.tld$/		customer3:
..... next .....

In master.cf create special transport called customer1, customer2, customer3….and so on

customer1  unix -       -       n       -       -       smtp
   -o smtp_bind_address=1.1.1.1
   -o smtp_helo_name=customer1-dom.tld
   -o syslog_name=postfix-customer1

customer2  unix -       -       n       -       -       smtp
   -o smtp_bind_address=1.1.1.2
   -o smtp_helo_name=customer2-dom.tld
   -o syslog_name=postfix-customer2

customer3  unix -       -       n       -       -       smtp
   -o smtp_bind_address=1.1.1.3
   -o smtp_helo_name=customer3-dom.tld
   -o syslog_name=postfix-customer3

..... next .....

In main.cf add sender_dependent_default_transport_maps line:

sender_dependent_default_transport_maps = regexp:/etc/postfix/sdd_transport_maps.regexp

Don’t forget to create ip aliasing for each ip address in smtp_bind_address

reload postfix

# postfix reload
Share

  38 Responses to “Postfix Bind Sender Domain To Dedicated Outgoing IP Address”

Comments (38)
  1. Didn’t get the email to confirm. I apologize if you already have this.

    I wound up using this instead of ip rotation. It works well, but I was wondering if there was anyway to change the header too? I’m interested in switching out the Received by part that has news.iam222.com. I’d like it to be news.iam.com which is the domain routing I set up. Anyway to make it happen?

    Delivered-To: matt@iam.com
    Received: by 10.31.48.17 with SMTP id w17csp201264vkw;
    Fri, 26 Feb 2016 19:12:19 -0800 (PST)
    X-Received: by 10.55.26.195 with SMTP id l64mr5949188qkh.103.1456542739730;
    Fri, 26 Feb 2016 19:12:19 -0800 (PST)
    Return-Path:
    Received: from news.iam.com ([96.xxx.xxx.xxx])
    by mx.google.com with ESMTPS id 39si16151758qku.93.2016.02.4.32.22.22
    for
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Fri, 26 Feb 2016 19:12:19 -0800 (PST)
    Received-SPF: neutral (google.com: 96.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of info@iam.com) client-ip=xxx.xxx.xxx.xxx;
    Authentication-Results: mx.google.com;
    spf=neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of info@iam.com) smtp.mailfrom=info@iam.com
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by news.iam2222.com (Postfix) with ESMTP id D5F9C3381D12
    for ; Fri, 26 Feb 2016 22:12:18 -0500 (EST)
    X-Virus-Scanned: Debian amavisd-new at news.iam.com

  2. maybe some header check would do it, but i’ve never tested it. but according to documentation header check only implemented on cleanup service not on smtpd. maybe external content filter/proxy or milter should do it.

  3. smtpd/cleanup for each customer and run separate header checks

    #customer1
    1.1.1.1:25  inet  n     -       n       -       -       smtpd
    	-o cleanup_service_name=cleanup-customer1
    
    #customer2	
    1.1.1.2:25  inet  n     -       n       -       -       smtpd
    	-o cleanup_service_name=cleanup-customer2
    
    #customer3	
    1.1.1.3:25  inet  n     -       n       -       -       smtpd
    	-o cleanup_service_name=cleanup-customer3
    	
    cleanup-customer1   unix  n       -       n       -       0       cleanup
       -o syslog_name=postfix/cleanup-customer1
       -o header_checks=pcre:/etc/postfix/customer1_header_checks.pcre
       
    cleanup-customer2   unix  n       -       n       -       0       cleanup
       -o syslog_name=postfix/cleanup-customer2
       -o header_checks=pcre:/etc/postfix/customer2_header_checks.pcre
       
    cleanup-customer3   unix  n       -       n       -       0       cleanup
       -o syslog_name=postfix/cleanup-customer3
       -o header_checks=pcre:/etc/postfix/customer3_header_checks.pcre
    

    this is untested, things might be gone wrong 😀

Leave a Reply

%d bloggers like this: