1

I am running a Debian 12 server with two additional IP addresses that I want to use for sending emails through my SMTP server.

The main IP address of the server works perfectly for sending and receiving emails, and according to Mail-Tester, everything is set up correctly.

I’ve spent hours trying to configure the master.cf file accordingly, but it just doesn't work.

 #submission inet n - y - - smtpd # Diesen allgemeinen Submission Eintrag ersetzen wir # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_tls_auth_only=yes # -o smtpd_enforce_tls=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_sender_restrictions=reject_sender_login_mismatch # -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination #smtps inet n - y - - smtpd # Diesen allgemeinen SMTPS Eintrag ersetzen wir # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes smtp unix - - n - - smtp smtp inet n - y - - smtpd # Submission service for IP 192.0.2.1 192.0.2.1:587 inet n - y - - smtpd -o syslog_name=postfix/192.0.2.1-submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch # oder was du hier brauchst -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre # Stellt sicher, dass der User die Absenderadresse nutzen darf -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o smtp_bind_address=192.0.2.1 # Wichtig: Ausgehende IP für diesen Service -o smtp_helo_name=smtp1.example.com # Optional, aber gut: HELO Name passend zur IP/PTR # -o myhostname=smtp1.example.com # Optional: Wenn der Hostname pro Service anders sein soll # SMTPS service for IP 192.0.2.1 (Port 465, SSL/TLS wrapper mode) 192.0.2.1:465 inet n - y - - smtpd -o syslog_name=postfix/192.0.2.1-smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o smtp_bind_address=192.0.2.1 -o smtp_helo_name=smtp1.example.com # -o myhostname=smtp1.example.com # Submission service for IP 192.0.2.2 192.0.2.2:587 inet n - y - - smtpd -o syslog_name=postfix/192.0.2.2-submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o smtp_bind_address=192.0.2.2 -o smtp_helo_name=smtp2.example.com # -o myhostname=smtp2.example.com # SMTPS service for IP 192.0.2.2 192.0.2.2:465 inet n - y - - smtpd -o syslog_name=postfix/192.0.2.2-smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o smtp_bind_address=192.0.2.2 -o smtp_helo_name=smtp2.example.com # -o myhostname=smtp2.example.com # Submission service for IP 192.0.2.3 192.0.2.3:587 inet n - y - - smtpd -o syslog_name=postfix/192.0.2.3-submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o smtp_bind_address=192.0.2.3 -o smtp_helo_name=smtp3.example.com # -o myhostname=smtp3.example.com # SMTPS service for IP 192.0.2.3 192.0.2.3:465 inet n - y - - smtpd -o syslog_name=postfix/192.0.2.3-smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o smtp_bind_address=192.0.2.3 -o smtp_helo_name=smtp3.example.com # -o myhostname=smtp3.example.com -o content_filter=spamassassin #submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_tls_auth_only=yes # -o smtpd_enforce_tls=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_sender_restrictions=reject_sender_login_mismatch # -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination #smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes

I also commented out the section for the main IP address (192.0.2.1) in master.cf and only kept IPs 2 and 3 in main.cf, but it was still sending emails using IP 1.

Only after I added the following to master.cf:

smtp-ip2 unix - - n - - smtp -o smtp_bind_address=192.0.2.2 -o smtp_helo_name=smtp2.example.com

and this in main.cf:

# default_transport = smtp # This is usually the default default_transport = smtp-ip2

did it start sending emails from IP 2.

What I want is that when I configure Thunderbird to use 192.0.2.2 as the SMTP server, the emails are actually sent from that IP. Similarly, if I set it to 192.0.2.3, the emails should be sent from IP 192.0.2.3.

Improve this question

1 Answer 1

Reset to default
1

This cannot be done using a single Postfix with master.cf instances

Please take a look at the Postfix Architecture Overview. The smtpd receiving the mail and the smtp delivering it are different components, and the components do not inherit settings from each other. The master.cf controls the many services and their possibly multiple instances and can override the global settings configured in main.cf.

The problem with your attempt is that you try to configure how the smtp instance operates via the smtpd instance used for implicit TLS for SMTP submission (RFC 8314, 3.3) on port 465, but it does not pass the override configuration via all the different services components all the way to the smtp instance.

Neither does configuring the smtp_bind_address directly at the smtp instance help, because the default_transport setting affects mail delivery from the queue, not the handling of mail at the smtpd level. Example of this closer but still non-working configuration could be:

192.0.2.2:465 inet n - y - - smtpd -o syslog_name=postfix/smtps2 -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre -o smtpd_recipient_restrictions=reject_unauth_destination -o default_transport=smtp2 smtp2 unix - - y - - smtp -o syslog_name=postfix/smtp2 -o smtp_bind_address=192.0.2.2 -o smtp_helo_name=smtp2.example.com

Here, using default_transport=smtp2 inside a specific smtpd service in master.cf does not directly guarantee that messages received by that smtpd instance will use smtp2 for delivery. Postfix queues messages and chooses transport independently unless explicitly mapped via transport maps or other logic, and transport maps configures the transport based on sender or recipient, but not the instance used for receiving the message.

You can manage multiple Postfix instances on a single host

Postfix's documentation has an article on Managing multiple Postfix instances on a single host. This way, you have multiple instances of the entire Postfix stack with all its components, which guarantees the message is added to a queue that is processed using an instance of smtp bind to the correct address.

Let's walk this through with two additional instances.

Instance IP Hostname syslog_name
default 192.0.2.1 smtp1.example.com postfix
smtps2 192.0.2.2 smtp2.example.com postfix2
smtps3 192.0.2.3 smtp3.example.com postfix3

  1. Create separate directories to hold configs for each instance:

    sudo mkdir -p /etc/postfix-instances/smtps2 sudo mkdir -p /etc/postfix-instances/smtps3

  2. Copy the main Postfix config to both (use defaults as the base, not your current situation):

    sudo cp -r /etc/postfix/* /etc/postfix-instances/smtps2/ sudo cp -r /etc/postfix/* /etc/postfix-instances/smtps3/

  3. Edit each instance's main config, e.g., /etc/postfix-instances/smtps2/main.cf:

    myhostname = smtp2.example.com syslog_name = postfix2 inet_interfaces = 192.0.2.2 smtp_bind_address = 192.0.2.2

  4. Edit each instance's master config, e.g., /etc/postfix-instances/smtps2/master.cf:

    smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_sender_login_maps=pcre:/etc/postfix/login_maps.pcre -o smtpd_recipient_restrictions=reject_unauth_destination

    (You can comment out the smtpd on port 25 on the instances you don't use for inbound mail.)

  5. Postfix needs separate queues for each instance, with correct permissions:

    sudo mkdir -p /var/spool/postfix-smtps2 sudo mkdir -p /var/spool/postfix-smtps3 sudo chown -R postfix:postfix /var/spool/postfix-smtps2 sudo chown -R postfix:postfix /var/spool/postfix-smtps3

  6. Enable multi-instance support with the postmulti tool.

    sudo postconf -e multi_instance_enable=yes

  7. Register the new instances, point them to their config directories and start them:

    sudo postmulti -I smtps2 -e create sudo postmulti -I smtps3 -e create sudo postmulti -i smtps2 -e config_directory=/etc/postfix-instances/smtps2 sudo postmulti -i smtps3 -e config_directory=/etc/postfix-instances/smtps3 sudo postmulti -i smtps2 -p start sudo postmulti -i smtps3 -p start
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.