Jan 022010
 

Recently there have been requests for sending mail with source IP addresses that depend on the envelope sender, it’s very usefull to protect IP-based domain reputations of different customers.

New Feature in postfix postfix-2.7-20091209 is sender_dependent_default_transport_maps

sender_dependent_default_transport_maps (default: empty)

    A sender-dependent override for the global default_transport parameter setting.
    The tables are searched by the envelope sender address and @domain.
    A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting.
    This information is overruled with the transport(5) table.

    Note: this overrides default_transport, not transport_maps, and therefore the expected syntax is that of default_transport.
          This feature does not support the transport_maps syntax for null transport, null nexthop, or null email addresses.

    For safety reasons, this feature does not allow $number substitutions in regular expression maps.

    This feature is available in Postfix 2.7 and later.

Create file called sdd_transport_maps.regexp:

/@customer1-dom\.tld$/		customer1:
/@customer2-dom\.tld$/		customer2:
/@customer3-dom\.tld$/		customer3:
..... next .....

In master.cf create special transport called customer1, customer2, customer3….and so on

customer1  unix -       -       n       -       -       smtp
   -o smtp_bind_address=1.1.1.1
   -o smtp_helo_name=customer1-dom.tld
   -o syslog_name=postfix-customer1

customer2  unix -       -       n       -       -       smtp
   -o smtp_bind_address=1.1.1.2
   -o smtp_helo_name=customer2-dom.tld
   -o syslog_name=postfix-customer2

customer3  unix -       -       n       -       -       smtp
   -o smtp_bind_address=1.1.1.3
   -o smtp_helo_name=customer3-dom.tld
   -o syslog_name=postfix-customer3

..... next .....

In main.cf add sender_dependent_default_transport_maps line:

sender_dependent_default_transport_maps = regexp:/etc/postfix/sdd_transport_maps.regexp

Don’t forget to create ip aliasing for each ip address in smtp_bind_address

reload postfix

# postfix reload

  51 Responses to “Postfix Bind Sender Domain To Dedicated Outgoing IP Address”

Comments (51)
  1. Great this!

    But I would dedicated outgoing IP address based on source client IP instead of domain envelope sender.
    How can I achieve this?
    Thanks a lot
    Marco

  2. main.cf

    smtpd_recipient_restrictions =
    ...
    ...
    check_client_access hash:/etc/postfix/client_ip
    ....
    

    client_ip

    1.2.3.4	FILTER	ip-client-1:
    4.3.2.1	FILTER	ip-client-2:
    ...
    ...
    

    master.cf

    ip-client-1  unix -       -       n       -       -       smtp
       -o smtp_bind_address=1.2.3.4
       -o smtp_helo_name=ip-client-1-dom.tld
       -o syslog_name=postfix-ip-client-1
     
    ip-client-2  unix -       -       n       -       -       smtp
       -o smtp_bind_address=4.3.2.1
       -o smtp_helo_name=ip-client-2-dom.tld
       -o syslog_name=postfix-ip-client-2
    
  3. Great article and it might do what I want for some stuff.
    I am also interested in a way to have a single machine that a client can send mail thru based on the IP address they are told to mail to. For Instance if a client is told the mailserver is on 192.168.10.10 I want them to connect and auth using their creds they have on the box and then mail to be sent from 192.168.10.10. I don’t want to challenge the client for any more info than the creds needed to send mail.
    I want then to setup a second client and have them send to the same server but on 192.168.10.11 and have their mail delivered from 192.168.10.11.
    The reason being is that I offer SMTP outbound for a few clients just to help them out so their network devices etc can phone home. They were all sharing the same smtp server and then someone got hacked and spammed the world. This got my SMTP server blacklisted so i want to swap over to each client having their own ip so they can’t blacklist other clients.
    This is the closest and best Article I have found so far. Do you have any hints? Advice on doing this or know if a howto that describes it? My google fu is failing me today πŸ™

    Thanks
    Ja

  4. Hi there,

    Thanks for this article, it seems to be the ONLY solution to defining domain specific outbound address in postfix.

    However, I do not understand the line “Don’t forget to create ip aliasing for each ip address in smtp_bind_address”

    IP aliasing is to create aliases for network interface eth0 e.g. eth0:1 -> x.x.x.1, eth0:2 -> x.x.x.2 etc which is working fine (tested apache virtual hosts). But then what would be the value for the smtp_bind_address parameter in main.cf?

    Should it be smtp_bind_address = {IP Address of eth0}?

  5. when you bind an address using smtp_bind_address without real/alias address postfix would be happily throw errors πŸ˜€
    the purpose is when user@customer1-dom.tld send an email, it will be routed to customer1: and statically bound to ip address 1.1.1.1

    customer1  unix -       -       n       -       -       smtp
       -o smtp_bind_address=1.1.1.1
    

    hope that’s help πŸ™‚

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*