DevHeads.net

problem with sending emails from second IP

I have ovh public cloud server. There is main IP 145.239.29.218 which
belongs to class 145.239.29.0/24 which regularly get listed on blacklists.
So I bought failover IP and configured it on server in /etc/hosts, dns zone
for biodermagame.pl I set spf record (each dns record points to this new
ip):
v=spf1 mx a ip4:54.38.202.128 ~all

Earlier was this ip 145.239.29.218 configured in spf record.All the same I
have a problem with below message when I send email from
<a href="mailto: ... at biodermagame dot pl"> ... at biodermagame dot pl</a> to gmail account:

spf=softfail (google.com: domain of transitioning <a href="mailto: ... at biodermagame dot pl"> ... at biodermagame dot pl</a>
does not designate 145.239.29.218 as permitted sender)

I tried change in /etc/postfix/main.cf:
inet_interfaces = 54.38.202.128 --> mails do not outbound
inet_interfaces = 54.38.202.128, 127.0.0.1 --> mails works but still error
message from google posted above

After this I tried change in /etc/postfix/master.cf:
-o smtp_bind_address=127.0.0.1:10025 inet n - n - - smtpd //this is default
-o smtp_bind_address= 54.38.202.128,127.0.0.1:10025 inet n - n - - smtpd
--> not working
-o smtp_bind_address= 54.38.202.128:10025,127.0.0.1:10025 inet n - n - -
smtpd --> also not working

What I should do to provide sending emails using IP failover. I have
Postfix 3.1.0.

Comments

Re: problem with sending emails from second IP

By Wietse Venema at 04/12/2018 - 05:56

Please define "not working".

Wietse

Re: problem with sending emails from second IP

By Poliman - Serwis at 04/12/2018 - 06:11

main ip - 145.239.29.218
failover ip - 54.38.202.128
Not working means mails do not outbound. This same as for line
inet_interfaces = 54.38.202.128.

2018-04-12 12:56 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Wietse Venema at 04/12/2018 - 08:39

2018-04-12 12:56 GMT+02:00 Wietse Venema < ... at porcupine dot org>:
Poliman - Serwis:
As documented in <a href="http://www.postfix.org/postconf.5.html#inet_interfaces" title="http://www.postfix.org/postconf.5.html#inet_interfaces">http://www.postfix.org/postconf.5.html#inet_interfaces</a>,
on a multi-homed host DO NOT restrict inet_interfaces, instead:
- specify the server IP address in master.cf.
- specify the client IP address with smtp_bind_address.

No further support without error messages.

Wietse

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/12/2018 - 08:45

Thank you for answer. In logs I have this same line which I pasted. I can
attach log file but probably this won't help anybody. ;)
What attribute should be used to specify the server IP address in master.cf?

2018-04-12 15:39 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Wietse Venema at 04/12/2018 - 09:29

2018-04-12 15:39 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Poliman - Serwis:
Please do not ask me to go read the whole thread.

What is the POSTFIX error message for the configuration cited above?

How does POSTFIX know that it should send mail from the main IP address?

How does POSTFIX know that it should send mail from the failover IP address?

Wietse

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/13/2018 - 06:25

Strange thing. Google says "spf=pass", mailing works but in mail.err file I
have:

Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: smtp_connect_addr: bad
smtp_bind_address parameter: 54.38.202.128,: Name or service not known
Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: smtp_connect_addr: bad
smtp_bind_address parameter: 54.38.202.128:10025,: Name or service not
known

As I mentioned in earlier message I set smtp_bind_address = 54.38.202.128
in /etc/postfix/main.cf.

2018-04-12 16:29 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Viktor Dukhovni at 04/13/2018 - 08:54

That "," there looks like it does not belong. Something's wrong with your smtp_bind_address syntax.

Ditto.

Re: problem with sending emails from second IP'

By Wietse Venema at 04/13/2018 - 14:46

Viktor Dukhovni:
Good job. smtp_bind_address needs an IP address, no
commas, no TCP ports.

Wietse

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/16/2018 - 00:23

Yea, that's right. Unbeliveable that there is no comma. :D Now I have
smtp_bind_address in main.cf and master.cf. :)

2018-04-13 21:46 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By dev rob0 at 04/16/2018 - 09:28

On Mon, Apr 16, 2018 at 07:23:34AM +0200, Poliman - Serwis wrote:
After being here awhile you'll get that Postfix is all about the
Principle of Least Astonishment. Names of postconf(5) settings
suggest what will be accepted there.

In the case of an "*_address" setting, you would expect to see an
address. For an "_address6" setting, that would take an ipv6
address. Note also that it's in singular form, "address", as opposed
to plural, "addresses".

Commas, as described in the leading part of the postconf(5) manual,
the part on general syntax, are a form of whitespace. Also, commas
are not part of normal ipv4 nor ipv6 address syntax.

Therefore it should be quite believable that a comma would have no
place in smtp_bind_address.

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/17/2018 - 00:19

Thank you for answer. You understand me wrong. I can't believe that I made
a typo there and left comma. I know that comma is a form of whitespace. ;)
But I am curious why set smtp_bind_address=X.X.X.X in master.cf like docs
say didn't work in my case. I added it to main.cf then it works.

2018-04-16 16:28 GMT+02:00 /dev/rob0 < ... at gmx dot co.uk>:

Re: problem with sending emails from second IP'

By Wietse Venema at 04/17/2018 - 06:06

Poliman - Serwis:
Your logs say otherwise:

Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal:
smtp_connect_addr: bad smtp_bind_address parameter:
54.38.202.128,: Name or service not known

Here, you specified "54.38.202.128," including the comma.

Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal:
smtp_connect_addr: bad smtp_bind_address parameter:
54.38.202.128:10025,: Name or service not known

Here, you specified "54.38.202.128:10025," including the
port :10025 and comma.

Wietse

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/17/2018 - 06:26

Yes, you have right but this is already fixed. In postfix's config files is
clear and setting works nice. But I am curious why set
smtp_bind_address=X.X.X.X in master.cf like docs say didn't work in my
case. I added it to main.cf then it works.

2018-04-17 13:06 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Wietse Venema at 04/17/2018 - 09:24

Poliman - Serwis:
There is no difference. You made a mistake when editing master.cf.

Wietse

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/18/2018 - 02:05

Now is ok but I would like to know where this setting should be set
according to rules - master.cf or main.cf?

2018-04-17 16:24 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Wietse Venema at 04/18/2018 - 05:57

Poliman - Serwis:
smtp_bind_address, smtp_bind_address6

In main.cf if this setting applies to the majority of SMTP clients.

In master.cf if this setting applies to a minority of SMTP clients.

Wietse

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/18/2018 - 06:27

Thank you for answer. How to detect that some is major or minor smtp client?

2018-04-18 12:57 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Matus UHLAR - f... at 04/17/2018 - 06:33

On 17.04.18 13:26, Poliman - Serwis wrote:
according to you original post, at the begin you have only set inet_interfaces in
your main.cf, not smtp_bind_address.
You have only set smtp_bind_address in master.cf, with invalid syntax.

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/17/2018 - 06:39

Now all works fine. I have to add smtp_bind_address in main.cf, because any
modification of original smtp_bind_address from master.cf did not work at
all (thus in logs which I put you can see combinations like this one from
port and comma). Based on documentation I thought I should modify
smtp_bind_address from master.cf but no.

2018-04-17 13:33 GMT+02:00 Matus UHLAR - fantomas < ... at fantomas dot sk>:

Re: problem with sending emails from second IP'

By dev rob0 at 04/17/2018 - 08:52

On Tue, Apr 17, 2018 at 01:39:45PM +0200, Poliman - Serwis wrote:
You didn't show us how you did it ("postconf -Mf"), so we can't say
what was wrong about it. My guess is that you did something wrong.

Re: problem with sending emails from second IP'

By Wietse Venema at 04/13/2018 - 08:37

Poliman - Serwis:
1) You need to 'ifconfig' 54.38.202.128 on your network interface,
otherwise how would your network stack know how to deliver packets
for that IP address?

2) You made a mistake when setting the IP address in master.cf, but
you failed to show us what you did, so no-one can help with that.

Wietse

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/13/2018 - 08:53

Thank you for answer.
About 1st:
root@s1:/tmp/roundcubemail-1.3.6# ifconfig
ens3 Link encap:Ethernet HWaddr fa:16:3e:21:c7:80
inet addr:145.239.29.218 Bcast:145.239.29.218
Mask:255.255.255.255
inet6 addr: fe80::f816:3eff:fe21:c780/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6751087 errors:0 dropped:0 overruns:0 frame:0
TX packets:6952810 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1144198503 (1.1 GB) TX bytes:14201583464 (14.2 GB)

ens3:0 Link encap:Ethernet HWaddr fa:16:3e:21:c7:80
inet addr:54.38.202.128 Bcast:54.38.202.128 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:79544422 errors:0 dropped:0 overruns:0 frame:0
TX packets:79544422 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:69690489045 (69.6 GB) TX bytes:69690489045 (69.6 GB)

I have changes dns for the hostname of the server: reverse and a records in
dns and modify /etc/hosts file. I can ping anything using this interface:
root@s1:/usr/share/roundcube/config# ping -I 54.38.202.128 google.com
PING google.com (172.217.18.206) from 54.38.202.128 : 56(84) bytes of data.
64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=1 ttl=49
time=28.8 ms
64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=2 ttl=49
time=28.8 ms
64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=3 ttl=49
time=28.8 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 28.819/28.820/28.823/0.196 ms

About 2nd:
For Postfix I have added in main.cf the line smtp_bind_address like below:
inet_interfaces = all
smtp_bind_address = 54.38.202.128
inet_protocols = all

In master.cf I tried add above line but it didn't work or I did something
wrong. In my case - Postfix 3.1.0 - part with smtp_bind_address (which is
there by default) looks like below:
amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
* -o smtp_bind_address=*
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10027 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o milter_default_action=accept
-o milter_macro_daemon_name=ORIGINATING
-o disable_dns_lookups=yes

I tried add after equal sign the ip address:

* -o smtp_bind_address=54.38.202.128 *

but without success, so I decided to try in main.cf.

2018-04-13 15:37 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/13/2018 - 00:18

Here is this line from message header and from log file:

spf=softfail (google.com: domain of transitioning <a href="mailto: ... at biodermagame dot pl"> ... at biodermagame dot pl</a>
does not designate 145.239.29.218 as permitted sender)

I fixed this problem. Below is needed result:

spf=pass (google.com: domain of <a href="mailto: ... at biodermagame dot pl"> ... at biodermagame dot pl</a> designates
54.38.202.128 as permitted sender) smtp.mailfrom= ... at biodermagame dot pl

In /etc/postfix/main.cf configured (fixed version):
inet_interfaces = all
smtp_bind_address = ip_failover //added this line, I tried in master.cf but
did not work

2018-04-12 16:29 GMT+02:00 Wietse Venema < ... at porcupine dot org>:

Re: problem with sending emails from second IP'

By Poliman - Serwis at 04/13/2018 - 00:19

Thank you and appreciate your help and disposition to investigate the
problem. ;)

2018-04-13 7:18 GMT+02:00 Poliman - Serwis < ... at poliman dot pl>:

Re: problem with sending emails from second IP

By Poliman - Serwis at 04/12/2018 - 06:14

Of course afteer each changes in settings I did service postfix restart and
it gone well each time. I use roundcube and I log into this mailbox -
<a href="mailto: ... at biodermagame dot pl"> ... at biodermagame dot pl</a> - and try send email to gmail account. Looks like
email is sent but it does not come to gmail account. On default postfix
settings I have message mentioned in first post:

spf=softfail (google.com: domain of transitioning <a href="mailto: ... at biodermagame dot pl"> ... at biodermagame dot pl</a>
does not designate 145.239.29.218 as permitted sender)

but mails reach the gmail account due to softfail.

2018-04-12 13:11 GMT+02:00 Poliman - Serwis < ... at poliman dot pl>:

Re: problem with sending emails from second IP

By Durga Prasad Malyala at 04/12/2018 - 07:29

Hi,
This is an SPF error actually. Pls check your SPF TXT record.

Rgds/DP

Sent from my iPhone. Pls excuse brevity and typos if any.

Re: problem with sending emails from second IP

By Poliman - Serwis at 04/12/2018 - 07:33

Unfortunately it isn't. In domain dns zone is record with added address ip
failover:
v=spf1 mx a ip4:54.38.202.128 ~all
This is secondary - failover - IP. Main IP is 145.239.29.218. And postfix
still reads main IP. I need postfix read ip failover.

2018-04-12 14:29 GMT+02:00 Durga Prasad Malyala <dp. ... at gmail dot com>:

Re: problem with sending emails from second IP

By Matus UHLAR - f... at 04/12/2018 - 09:18

On 12.04.18 14:33, Poliman - Serwis wrote:
what do you mean "ip failover"?
Do you want to re-send every ougoing message from your failover IP when it
gets rejected on primary IP?

Re: problem with sending emails from second IP

By Poliman - Serwis at 04/13/2018 - 00:14

I have two interfaces:
main ip - 145.239.29.218
failover ip - 54.38.202.128
Main is in class 145.239.29.0/24 which is regularly banned on blacklists.
This particular address is clear but not class and I get hit by ricochet. I
want send emails only from failover, because of listing main ip.

2018-04-12 16:18 GMT+02:00 Matus UHLAR - fantomas < ... at fantomas dot sk>:

Re: problem with sending emails from second IP

By Poliman - Serwis at 04/12/2018 - 07:55

I fixed this annoying problem guys:

spf=pass (google.com: domain of <a href="mailto: ... at biodermagame dot pl"> ... at biodermagame dot pl</a> designates
54.38.202.128 as permitted sender) smtp.mailfrom= ... at biodermagame dot pl

What I've done? In /etc/postfix/ configured:
inet_interfaces = ip_failover, 127.0.0.1
smtp_bind_address = ip_failover

With spaces around '=' and on left side address 127.0.0.1

2018-04-12 14:33 GMT+02:00 Poliman - Serwis < ... at poliman dot pl>:

Re: problem with sending emails from second IP

By Poliman - Serwis at 04/12/2018 - 05:38

One more information:
OVH is my registrar. There is set reverse for both addresses points to
s1.poliman.net. In this case I am not sure it's important.

2018-04-12 12:05 GMT+02:00 Poliman - Serwis < ... at poliman dot pl>:

Re: problem with sending emails from second IP

By ahsan2011 at 04/12/2018 - 05:56

Which Is your failover IP , you need to have that information in SPF
record as well.

Ahsan