Re: Question about inet_interfaces/smtp_bind_address

From: mouss (no email)
Date: Fri Aug 24 2007 - 12:26:21 EDT

  • Next message: mouss: "Re: Require all local IP to only send to local IP and Restrict local.domain.com to local.domain.com"

    Peter Rabbitson wrote:
    > mouss wrote:
    >> Peter Rabbitson wrote:
    >>>
    >>> My problem is 2) . I am not really sure what will Postfix do if it
    >>> has to connect to 5.6.7.8 and I have:
    >>>
    >>> inet_interfaces = 1.0.0.1 2.0.0.1 10.0.0.1
    >>> smtp_bind_address =
    >>
    >> why not
    >>
    >> smtp_bind_address = 0.0.0.0
    >>
    >> so that your ip stuff handles the rest?
    >>
    >
    > Because the explanation at
    > http://www.postfix.org/postconf.5.html#inet_interfaces confuses me. I am
    > left with the impression that this is a bad thing to do, as right next
    > to it a sentence says "A better solution for multi-homed firewalls...".
    >
    >

    It says that if you use inet_interfaces to limit the IPs on which smtpd
    listens, then this also applies to the smtp client. so you need to use
    smtp_bind_address=0.0.0.0 so that the smtp client uses 0.0.0.0 as its
    IP, and 0.0.0.0 (INADDR_ANY) means the kernel will chose the IP based on
    where the packet goes.

    The alternative is to not use inet_interfaces and put explicit IPs in
    smtpd lines in master.cf. However, inet_interfaces is used in other
    places (header rewrite, ...) so you'd better check that you don't need
    it there before making a decision.


  • Next message: mouss: "Re: Require all local IP to only send to local IP and Restrict local.domain.com to local.domain.com"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD