(9.3-RELEASE-p22)
I have two jails on lo1: sharedserver for apache24 and mailin running sendmail for incoming mail. I use simple PF rules to route incoming http connections to sharedserver and incoming smtp connections to mailin. Outgoing connections from the local network are routed to the external interface, em0.
Incoming mail and mail originating from mailin is sent as expected, using the addresses in virtusertable. However, mail originating from sharedserver seems to ignore its virtusertable and is deferred instead with "Connection refused by mx.xxxxx.org" where the MX record points to em0's IP address. (I presume this means em0 cannot act as a loopback when an outgoing packet is addressed to it.)
I see from pf.conf(5) that PF cannot "reflect packets back through the interface they arrive on" which seems to rule out writing a rule to redirect the packets to mailin since whether I intercept them at em0 or lo1 they would be required to go in and out on the same interface at once.
I have tried both sendmail_enable="YES" and sendmail_submit_enable="YES" in sharedserver's /etc/rc.conf. It seems to make no difference. The current set-up is:
Any help in troubleshooting would be appreciated.
I have two jails on lo1: sharedserver for apache24 and mailin running sendmail for incoming mail. I use simple PF rules to route incoming http connections to sharedserver and incoming smtp connections to mailin. Outgoing connections from the local network are routed to the external interface, em0.
Incoming mail and mail originating from mailin is sent as expected, using the addresses in virtusertable. However, mail originating from sharedserver seems to ignore its virtusertable and is deferred instead with "Connection refused by mx.xxxxx.org" where the MX record points to em0's IP address. (I presume this means em0 cannot act as a loopback when an outgoing packet is addressed to it.)
I see from pf.conf(5) that PF cannot "reflect packets back through the interface they arrive on" which seems to rule out writing a rule to redirect the packets to mailin since whether I intercept them at em0 or lo1 they would be required to go in and out on the same interface at once.
I have tried both sendmail_enable="YES" and sendmail_submit_enable="YES" in sharedserver's /etc/rc.conf. It seems to make no difference. The current set-up is:
Code:
root@mailin:~ # service sendmail status
sendmail is running as pid 19482.
sendmail_clientmqueue is running as pid 19485.
Code:
root@sharedserver:~ # service sendmail status
sendmail is running as pid 20240.
sendmail_clientmqueue is running as pid 20243.
Any help in troubleshooting would be appreciated.