I'm tring to correctly setup a postfix server for our products for a couple of days. The server is running correctly but some emails sended to gmail are delivered to spam box.
The server is configured like this:
/etc/postfix/main.cf
mydomain = example.com
myhostname = example.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, example.com, example.org, example.net
virtual_alias_domains = example.org, example.net
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/master.cf
587 inet n - n - - smtpd -v
smtp inet n - n - - smtpd -v
/etc/postfix/virtual
user1@example.com user1
user2@example.com user2
user3@example.com user3
user1@example.net user1
user2@example.net user2
user3@example.net user3
user4@example.net user4
user2@example.org user2
My working SPF rule is 10.0.0.1 is a fake IP for example.com, and it is applied to example.com, example.net and example.org:
v=spf1 mx ip4:10.0.0.1 ~all
I've configured the MX DNS, rDNS, SPF and everything was fine and working. And only authenticated users can send e-mail through this server.
So, here is the problem, if a send an e-mail from user1@example.com (the same as mydomain and myhostname) the e-mail is delivered to inbox. If I send the email from user1@example.net the e-mail is delivered to spam box.
Looking at the e-mail's headers the diference is:
the one which arrives at spam box
Received: from example.com (mail.example.com. [10.0.0.1])
by mx.google.com with ESMTP id e69si1483476yhm.50.2013.03.07.06.42.23;
Thu, 07 Mar 2013 06:42:23 -0800 (PST)
Received-SPF: pass (google.com: domain of user3@example.net designates 10.0.0.1 as permitted sender) client-ip=10.0.0.1;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of user3@example.net designates 10.0.0.1 as permitted sender) smtp.mail=user3@example.net
Received: from new-host-5.home (177.205.99.64.dynamic.adsl.gvt.net.br [177.205.99.64])
by example.com (Postfix) with ESMTP id 7EAB2D186F
for <maykelsb@gmail.com>; Thu, 7 Mar 2013 09:42:22 -0500 (EST)
From: User3 <user3@example.net>
the one which arrives at in box
Received: from example.com (mail.example.com. [10.0.0.1])
by mx.google.com with ESMTP id a30si1434990yhm.294.2013.03.07.06.45.39;
Thu, 07 Mar 2013 06:45:39 -0800 (PST)
Received-SPF: pass (google.com: domain of user3@example.com designates 10.0.0.1 as permitted sender) client-ip=10.0.0.1;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of user3@example.com designates 10.0.0.1 as permitted sender) smtp.mail=user3@example.com
Received: from new-host-5.home (177.205.99.64.dynamic.adsl.gvt.net.br [177.205.99.64])
by example.com (Postfix) with ESMTP id A55BCD186F
for <maykelsb@gmail.com>; Thu, 7 Mar 2013 09:45:38 -0500 (EST)
From: User3 <user3@example.com>
I tryed to use transport to change the oubound e-mail to send eachone through its ip, but without luck. Here is my transport settings (tried with name and ip also):
example.com smtp:10.0.0.1:25
example.net smtp:10.0.0.2:25
example.org smtp:10.0.0.3:25
Someone have any ideas in how to solve this? I think that if I could set the outbound of user3@example.net throught mail.example.net and not mail.example.com this problem will be solved.
Thank you.
The DNS configuration of the 3 IPs are much like each other, as you can see bellow:
example.com A 10.0.0.2
example.com MX 10 mail.example.com
example.com TXT v=spf1 mx ip4:10.0.0.1 ~all
mail.example.com A 10.0.0.1
mail.example.com MX 1 mail.example.com
mail.example.com TXT v=spf1 mx ip4:10.0.0.1 ~all
example.net A 10.0.0.1
example.net MX 10 mail.example.net
example.net TXT v=spf1 mx ip4:10.0.0.1 ~all
mail.example.net A 10.0.0.2
mail.example.net MX 1 mail.example.net
mail.example.net TXT v=spf1 mx ip4:10.0.0.1 ~all
example.org A 10.0.0.3
example.org MX 10 mail.example.org
example.org TXT v=spf1 mx ip4:10.0.0.1 ~all
mail.example.org A 10.0.0.3
mail.example.org MX 1 mail.example.org
mail.example.org TXT v=spf1 mx ip4:10.0.0.1 ~all
Also, I have these interfaces
10.0.0.1: eth0
10.0.0.2: eth0.1
10.0.0.3: eth0.2
This are the rDNS settings created by my ISP:
10.0.0.1 - example.com
10.0.0.2 - example.net
10.0.0.3 - example.org
I'd asked to have:
10.0.0.1 - example.com, example.net, example.org
But he said that this could lead to problems identifying my e-mail server. It would like act something like a load balance, delivering a diferent one at time.
I've updated my /etc/postfix/master.cf to look as follow:
example.com:smtp inet n - n - - smtpd -o myhostname=example.com
example.com:587 inet n - n - - smtpd -o myhostname=example.com
example.net:smtp inet n - n - - smtpd -o myhostname=example.net -o smtp_bind_address=10.0.0.2
example.net:587 inet n - n - - smtpd -o myhostname=example.net -o smtp_bind_address=10.0.0.2
example.org:smtp inet n - n - - smtpd -o myhostname=example.org -o smtp_bind_address=10.0.0.3
example.org:587 inet n - n - - smtpd -o myhostname=example.org -o smtp_bind_address=10.0.0.3
Postfix seems to ignore the -o smtp_bind_address=10.0.0.2 because it keeping delivering mail through 10.0.0.1.
Best Answer
The problem is that postfix is using 10.0.0.1 for all your mail. This itself isn't a problem, as you can easily add multiple virtual domains pointing to the same IP.
Basically I would change the records for example.org, etc in this manner.
example.org A 10.0.0.3
example.org MX 10 mail.example.org
mail.example.org CNAME mail.example.com
That way your SPF record will be valid, and the MX record, A record for the mail server, etc will correspond to the correct IP.
That is, unless you have some other reason to make use of multiple IPs.