Query regarding ip alias and postfix

[nitin]

Hi friends,

I have a simple small desktop PC that I runs my Postfix mail server on FreeBSD 13.0. It was all good until I needed to add another domain to Postfix.

So I am trying to use a single NIC for both domains by creating an additional ip alias and configuring two Postfix instances using postmulti. Postfix starts up fine with the two instances, but I am unable to telnet to the alias at port 25 to test SMTP.

The NIC I am using is an Intel onboard NIC based on the em driver... yes its a rather old PC motherboard. I think the "em" driver had some issues in the past and perhaps its that which is causing me trouble... not sure though. I tried configuring Postfix with a different port for the alias instance as well, but no luck.

Has anyone done something like this before? Is this a workable idea or do I need to have physical NICs for each domain? I am not a networking expert so this might seem like too basic a question for the experts... so please be kind

Thanks in advance.

Nitin

 

[SirDice]

So I am trying to use a single NIC for both domains by creating an additional ip alias and configuring two Postfix instances using postmulti.

Why do you think you need to do this? You know you can have a single mailserver handle many domains, right?

 

[nitin]

Yes I know that and it was all done and working fine except that I was getting SMTP banner of primary domain for second domain. I just wanted to fix that. So I was advised to use postmulti instead of making changes in master.cf for each domain.

 

[SirDice]

except that I was getting SMTP banner of primary domain for second domain. I just wanted to fix that.

Why do you think this needs fixing?

 

[nitin]

Well, I was seeing my mails suddenly going to Spam folder of Google despite having SPF, DKIM and DMarc setup perfectly fine as well as not being blacklisted in DNS Block lists. So I was testing my mail domains using mxtools and I got this as an issue for the second domain apart from slow response times which could be due to tarpitting and postscreen. I was wondering if these 3 issues were causing my mails to go to Spam folder.

 

[drhowarddrfine]

nitin Google, and other services, happily throw everything that isn't a well-known mail service into the spam folder.

 

[nitin]

drhowarddrfine ok, but my mails used to go straight into inbox. Also we do not spam. So I was just trying to figure out what might just be causing this and eliminating all possibilities. Hence this adventure Not sure if I am hitting my head on a wall... lol

 

[hardworkingnewbie]

Well, I was seeing my mails suddenly going to Spam folder of Google despite having SPF, DKIM and DMarc setup perfectly fine as well as not being blacklisted in DNS Block lists. So I was testing my mail domains using mxtools and I got this as an issue for the second domain apart from slow response times which could be due to tarpitting and postscreen. I was wondering if these 3 issues were causing my mails to go to Spam folder.

Gmail like Hotmail/Outlook is using its own awesome secret sauce[tm] to filter spam. Just following their "best practices" in order to get through is no guarantee that you'll ever get through. And you will not be able to ever get in touch with any postmaster from their side.

So - if you are using these providers for email, then you're on your own. This is why I always try to get friends away from them, because in the end this behaviour is really bad.

 

[drhowarddrfine]

we do not spam

It doesn't matter.

 

[nitin]

because in the end this behaviour is really bad

Totally agree my dear friend hardworkingnewbie
I suspect some AI stuff gone bad at Google's end Good guys have to pay for misdeeds of the bad guys
Having said that, I think its alright to get the SMTP banner showing up correctly for each domain. Have written to Postfix support as well. Lets see what they have to say.

 

[covacat]

you can set the same MX for both domains then the banner will be ok (if it really matters for anybody)
ip blocks declared by your ISP as 'residential' will be problematic with various mail providers
msft used to block me until I completed some form on their site
something like https://www.spamhaus.org/pbl/

 

[nitin]

you can set the same MX for both domains then the banner will be ok (if it really matters for anybody)

Can pls elaborate with example?

ip blocks declared by your ISP as 'residential' will be problematic with various mail providers

I can confirm the ips are not 'residential'

 

[covacat]

foo.com..
in mx 10 mx.foo.com.
bar.com
in mx 10 mx.foo.com.

as opposed to
foo.com in mx 10 mx.foo.com.
bar.com in mx 10 mx.bar.com.
mx.bar.com in a 1.2.3.4
mx.foo.coom in a 1.2.3.4

 

[covacat]

there are thousands of domains with mx

ALT1.ASPMX.L.GOOGLE.COM.
ASPMX.L.GOOGLE.COM.

 

[nitin]

To be honest, I haven't understood what you are trying to suggest. Perhaps, its my lack of networking know how...
But I thought its postfix that responds with the SMTP banner based on its configuration. So I think its an application level issue rather than with the DNS.

 

[SirDice]

But I thought its postfix that responds with the SMTP banner based on its configuration.

Yes, but it doesn't matter what the server responds with. It's totally irrelevant.

 

[facedebouc]

First rule to avoid mail rejected is to have a matching reverse DNS lookup with your mail server host name.

 

[nitin]

First rule to avoid mail rejected is to have a matching reverse DNS lookup with your mail server host name.

Thanks facedebouc I already have that done and works perfectly. I do not have any issues with DNS.

Yes, but it doesn't matter what the server responds with. It's totally irrelevant.

SirDice I am beginning to sway towards what you say as its getting quite crazy... I am going to give it one last shot before I switch back to how things were...

 

[sko]

Well, I was seeing my mails suddenly going to Spam folder of Google despite having SPF, DKIM and DMarc setup perfectly fine as well as not being blacklisted in DNS Block lists.

It's very likely NOT the SMTP banner thats causing this, but the missing reverse DNS record for your host. This is one of the easiest and earliest checks most mailservers do to detect spam, as "residential" IPs usually only have some generic "not-assigned-<IP>.myisp.com" reverse record which can't be changed. So you can easily block all those infested windows boxes running on residential connections with a single DNS lookup.

The SMTP banner is usually ignored and there are even hosts out there from BIG mail-ISPs that have riddles, song lyrics or other random stuff in their SMTP banner. It can be set to anything, so it is worthless to use it for any kind of "validation". What matters is the hostname and IP and if the DNS records are matching in both directions.
As already pointed out by covacat: just use the same MX for all your domains. It doesn't matter if the maildomain matches the MX domain - in fact this doesn't match for most maildomains out there. Just set your SPF records accordingly and you are done.

 

[nitin]

Glad to inform that my SMTP banner issues has been resolved once I have had my postmulti working properly. I had missed one setting in main.cf that was pointed out by the very kind and helpful Postfix support team. Thanks covacat I checked my DNS its exactly how you have explained. Thanks everyone. Consider this closed.