Nov 302009
This is the scheme
e.g:
I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.
First we need creating Interface aliases for those 5 public IPs.
In my system, using fedora:
# cd /etc/sysconfig/network-scripts/ # cp ifcfg-eth0 ifcfg-eth0:1
Edit ifcfg-eth0:1
# vi ifcfg-eth0\:1 DEVICE=eth0 <-- default device HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.2 <-- default eth0 IP address PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX
Change DEVICE and IPADDR parameters
DEVICE=eth0:1 <-- device alias #1 HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.3 <-- IP alias #1 PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX
We can continue with next interfaces for IP aliases same way as mention above.
when we were done, bring those IP aliases up.
#ifup eth0:1 #ifup eth0:2 #ifup eth0:3 #ifup eth0:4 ...... next interfaces
Check if interfaces is up
#ifconfig
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.2 Bcast:202.XXX.XX.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb0:e91/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:598678 errors:0 dropped:0 overruns:0 frame:0
TX packets:26348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:49088016 (46.8 MiB) TX bytes:7707579 (7.3 MiB)
eth0:1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.3 Bcast:202.XXX.XX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.4 Bcast:202.XXX.XX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:3 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.5 Bcast:202.XXX.XX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
......
and so on
There’s no particular configuration need to adjust in postfix.
Now the iptables part.make sure your iptables support for statistic match module.
# iptables -m statistic -h ...... ...... ...... statistic match options: --mode mode Match mode (random, nth) random mode: --probability p Probability nth mode: --every n Match every nth packet --packet p Initial counter value (0 <= p <= n-1, default 0)
Next continue with iptables rule for rotating source IP addresses.
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.2 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.3 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.4 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.5 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.6
done
note: this guide based on someone’s post on postfix-users mailing list
50 Responses to “Postfix Smtp Outgoing IP Rotator using iptables”
Comments (50)
you’re welcome buddy
I have tested “–every n”. With same “n”, packets aren’t evenly distributed.
N should be like N, N-1, N-2 ….
not even and packet drop
5 276 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
4 232 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
3 152 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
2 100 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
2 104 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
5 256 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
evenly
29 1608 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
29 1524 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 4
28 1488 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 3
28 1440 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 2
28 1460 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 1
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
Hi friend,
I want to ask you is it possible to send emails from proxy ip’s and get inboxing.
Hi leenoux,
Can you install this on my server? I need ip rotation so I can send unlimeted mails.
Your post is nice but i want ip rotation in postfix such that ip’s are rotated every hour how can i achieve this.
i dunno, maybe this is what you want
http://www.kutukupret.com/2011/11/15/postfix-changing-outgoing-ip-by-time-interval-using-tcp_table-and-perl/
http://www.kutukupret.com/2010/12/06/postfix-randomizing-outgoing-ip-using-tcp_table-and-perl/
This is a post i see in reference of ip rotation with per hour changing ip’s of outgoing mails in postfix is it right if i follow this post to achieve my goal.
http://www.kutukupret.com/2011/11/15/postfix-changing-outgoing-ip-by-time-interval-using-tcp_table-and-perl/
I have 2 question and please answer me
1-
Is it possible to configure VPS for IPV6 for ip rotation ?
how is it possible?
2-is it possible assign IPV6 for vmware for VPS
1. technicaly, yes. just figure out how to setup ipv6 aliasing at your VPS (lots of tutorial/howto out there).
2. yes. i’ve been running my ipv6 on my VPS for years.