[SOLVED] How do I send from rondom ip addresses?

H.c.K

Active Member
Oct 16, 2019
68
3
28
32
Hi,
I want to get rondom ip addresses of mails coming out over pmg.
I have done a lot of research but I have not been successful. I try: https://shami.blog/2016/04/randomize-source-ip-addresses-with-postfix/ Mail is still delivered from the server ip address.

I have not made any settings except the following settings.
my /etc/postfix/main.cf:
Code:
# auto-generated by proxmox

compatibility_level = 2
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix

# appending .domain is the MUA's job.
append_dot_mydomain = yes

smtpd_banner = $myhostname ESMTP Proxmox
biff = no


delay_warning_time = 4h


best_mx_transport = local
message_size_limit = 10485760
mailbox_size_limit = 51200000

mydomain = abc.com
myhostname = pmg3.abc.com

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname
mynetworks = 127.0.0.0/8 [::1]/128 1.1.1.0/24 1.1.1.0/24 1.1.1.2/32 1.1.1.2/32 1.1.1.2/32

relay_domains = hash:/etc/pmg/domains

transport_maps = hash:/etc/pmg/transport



relay_transport = smtp:1.1.1.2:587





content_filter=scan:127.0.0.1:10024

mail_name = Proxmox


smtpd_helo_restrictions =


postscreen_access_list =
        permit_mynetworks,
        cidr:/etc/postfix/postscreen_access


postscreen_dnsbl_sites = bl.rbl-dns.com,b.barracudacentral.org,zen.spamhaus.org,bl.spamcop.net
postscreen_dnsbl_threshold = 1


postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce

smtpd_sender_restrictions =
        permit_mynetworks
        reject_non_fqdn_sender
        check_client_access     cidr:/etc/postfix/clientaccess
        check_sender_access     regexp:/etc/postfix/senderaccess
        check_recipient_access  regexp:/etc/postfix/rcptaccess

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_recipient_access  regexp:/etc/postfix/rcptaccess check_sender_access  regexp:/etc/postfix/senderaccess check_client_access  cidr:/etc/postfix/clientaccess check_policy_service inet:127.0.0.1:10022



smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_message_rate_limit = 0



smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache




default_destination_concurrency_limit = 40
lmtp_destination_concurrency_limit = 20
relay_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 20
virtual_destination_concurrency_limit = 20

recipient_delimiter = +

sender_dependent_default_transport_maps = randmap:{relay1,relay2,relay3,relay4,relay5}
smtp_connection_cache_on_demand=no

my /etc/postfix/master.cf:
Code:
#
# Postfix master process configuration file.  Each logical line


scan      unix  -       -       n       -       38      lmtp
  -o lmtp_send_xforward_command=yes
  -o lmtp_connection_cache_on_demand=no
  -o disable_dns_lookups=yes

587       inet  n -       -       -       100      smtpd
  -o content_filter=scan:127.0.0.1:10023
  -o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=

25       inet  n -       -       -       1 postscreen

smtpd       pass  - -       -       -       100      smtpd
  -o content_filter=scan:127.0.0.1:10024
  -o receive_override_options=no_address_mappings
  -o smtpd_discard_ehlo_keywords=silent-discard,dsn
  -o mynetworks=127.0.0.0/8,1.1.1.1

127.0.0.1:10025 inet  n       -       n       -       -      smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_restriction_classes=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o smtpd_tls_security_level=none
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o message_size_limit=20971520

relay1     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.39
  -o smtp_helo_name=pmg3.abc.com
  -o syslog_name=relay1
relay2     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.40
  -o smtp_helo_name=pmg3.abc.com
  -o syslog_name=relay2
relay3     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.41
  -o smtp_helo_name=pmg4.abc.com
  -o syslog_name=relay3
relay4     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.42
  -o smtp_helo_name=pmg4.abc.com
  -o syslog_name=relay4
relay5     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=1.1.1.43
  -o smtp_helo_name=pmg4.abc.com
  -o syslog_name=relay5



pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
  -o message_size_limit=20971520

qmgr      fifo  n       -       -       300     1       qmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
verify    unix  -       -       -       -       1       verify
trace     unix  -       -       n       -       0       bounce
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
discard   unix  -       -       -       -       -       discard
retry     unix  -       -       -       -       -       error
dnsblog   unix  -       -       -       -       0       dnsblog
tlsproxy  unix  -       -       -       -       0       tlsproxy

and service postfix restart
But the mailer still surrenders at 1.1.1.1

I've reviewed the articles in your department.
https://forum.proxmox.com/threads/postfix-mail-rotate-outgoing.53584/
https://forum.proxmox.com/threads/pmg-different-outgoing-ip-for-different-trusted-server.54903/
https://shami.blog/2016/04/randomize-source-ip-addresses-with-postfix/
 
syslog: warning: smtp_connect_addr: bind 1.1.1.42: Cannot assign requested address
pmg3 relay3/smtp[1265]: warning: smtp_connect_addr: bind 1.1.1.41: Cannot assign requested address
pmg3 relay3/smtp[1331]: warning: smtp_connect_addr: bind 1.1.1.41: Cannot assign requested address
relay1/smtp[1379]: warning: smtp_connect_addr: bind 1.1.1.39: Cannot assign requested address

Do I need to add these ip addresses somewhere on pmg?
 
Last edited:
Do I need to add these ip addresses somewhere on pmg?
Yes every of the ips configured in postfix must be configured on the system (by adding them as aliases) in '/etc/network/interfaces'

I hope this helps!
 
Yes every of the ips configured in postfix must be configured on the system (by adding them as aliases) in '/etc/network/interfaces'

I hope this helps!

Hi Stoiko,
I tried to add it via GUI, but I guess it didn't work. How can I do that? Can you show me a structure that's right for me?

cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 1.1.1.1
netmask 255.255.255.0
gateway 1.1.1.1

auto bond0
iface bond0 inet static
address 1.1.1.39
netmask 32
bond-slaves none
bond-miimon 100
bond-mode balance-rr

auto bond1
iface bond1 inet static
address 1.1.1.40
netmask 32
bond-slaves none
bond-miimon 100
bond-mode balance-rr

auto bond2
iface bond2 inet static
address 1.1.1.41
netmask 32
bond-slaves none
bond-miimon 100
bond-mode balance-rr

auto bond3
iface bond3 inet static
address 1.1.1.42
netmask 32
bond-slaves none
bond-miimon 100
bond-mode balance-rr

auto bond4
iface bond4 inet static
address 1.1.1.43
netmask 32
bond-slaves none
bond-miimon 100
bond-mode balance-rr
 
Hi, my top configurations are correct. I just didn't add ip addresses to /etc/network/ interfaces.
I solved it like this:

my /etc/network/interfaces:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 1.1.1.1
netmask 255.255.255.0
gateway 1.1.1.1

auto eth0:1
iface eth0:1 inet static
address 1.1.1.39
netmask 255.255.255.0
gateway 1.1.1.1

auto eth0:2
iface eth0:2 inet static
address 1.1.1.40
netmask 255.255.255.0
gateway 1.1.1.1

auto eth0:3
iface eth0:3 inet static
address 1.1.1.41
netmask 255.255.255.0
gateway 1.1.1.1

auto eth0:4
iface eth0:4 inet static
address 1.1.1.42
netmask 255.255.255.0
gateway 1.1.1.1

auto eth0:5
iface eth0:5 inet static
address 1.1.1.43
netmask 255.255.255.0
gateway 1.1.1.1

@Stoiko Ivanov Thank you so much for helping me.
 
Sounds about right - great that you resolved your issue!
 
  • Like
Reactions: H.c.K

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!