How to correctly manage multiple virtual hosts with postfix

emailpostfixsmtpspf

I'm tring to correctly setup a postfix server for our products for a couple of days. The server is running correctly but some emails sended to gmail are delivered to spam box.
The server is configured like this:

/etc/postfix/main.cf

mydomain = example.com
myhostname = example.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, example.com, example.org, example.net
virtual_alias_domains = example.org, example.net
virtual_alias_maps = hash:/etc/postfix/virtual

/etc/postfix/master.cf

587      inet  n       -       n       -       -       smtpd -v
smtp      inet  n       -       n       -       -       smtpd -v

/etc/postfix/virtual

user1@example.com  user1
user2@example.com  user2
user3@example.com  user3

user1@example.net  user1
user2@example.net  user2
user3@example.net  user3
user4@example.net  user4

user2@example.org  user2

My working SPF rule is 10.0.0.1 is a fake IP for example.com, and it is applied to example.com, example.net and example.org:
v=spf1 mx ip4:10.0.0.1 ~all

I've configured the MX DNS, rDNS, SPF and everything was fine and working. And only authenticated users can send e-mail through this server.

So, here is the problem, if a send an e-mail from user1@example.com (the same as mydomain and myhostname) the e-mail is delivered to inbox. If I send the email from user1@example.net the e-mail is delivered to spam box.

Looking at the e-mail's headers the diference is:

the one which arrives at spam box

Received: from example.com (mail.example.com. [10.0.0.1])
        by mx.google.com with ESMTP id e69si1483476yhm.50.2013.03.07.06.42.23;
        Thu, 07 Mar 2013 06:42:23 -0800 (PST)
Received-SPF: pass (google.com: domain of user3@example.net designates 10.0.0.1 as permitted sender) client-ip=10.0.0.1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of user3@example.net designates 10.0.0.1 as permitted sender) smtp.mail=user3@example.net
Received: from new-host-5.home (177.205.99.64.dynamic.adsl.gvt.net.br [177.205.99.64])
    by example.com (Postfix) with ESMTP id 7EAB2D186F
    for <maykelsb@gmail.com>; Thu,  7 Mar 2013 09:42:22 -0500 (EST)
From: User3 <user3@example.net>

the one which arrives at in box

Received: from example.com (mail.example.com. [10.0.0.1])
        by mx.google.com with ESMTP id a30si1434990yhm.294.2013.03.07.06.45.39;
        Thu, 07 Mar 2013 06:45:39 -0800 (PST)
Received-SPF: pass (google.com: domain of user3@example.com designates 10.0.0.1 as permitted sender) client-ip=10.0.0.1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of user3@example.com designates 10.0.0.1 as permitted sender) smtp.mail=user3@example.com
Received: from new-host-5.home (177.205.99.64.dynamic.adsl.gvt.net.br [177.205.99.64])
    by example.com (Postfix) with ESMTP id A55BCD186F
    for <maykelsb@gmail.com>; Thu,  7 Mar 2013 09:45:38 -0500 (EST)
From: User3 <user3@example.com>

I tryed to use transport to change the oubound e-mail to send eachone through its ip, but without luck. Here is my transport settings (tried with name and ip also):

example.com  smtp:10.0.0.1:25
example.net  smtp:10.0.0.2:25
example.org  smtp:10.0.0.3:25

Someone have any ideas in how to solve this? I think that if I could set the outbound of user3@example.net throught mail.example.net and not mail.example.com this problem will be solved.
Thank you.

The DNS configuration of the 3 IPs are much like each other, as you can see bellow:

example.com A 10.0.0.2
example.com MX 10 mail.example.com
example.com TXT v=spf1 mx ip4:10.0.0.1 ~all
mail.example.com A 10.0.0.1
mail.example.com MX 1 mail.example.com
mail.example.com TXT v=spf1 mx ip4:10.0.0.1 ~all

example.net A 10.0.0.1
example.net MX 10 mail.example.net
example.net TXT v=spf1 mx ip4:10.0.0.1 ~all
mail.example.net A 10.0.0.2
mail.example.net MX 1 mail.example.net
mail.example.net TXT v=spf1 mx ip4:10.0.0.1 ~all

example.org A 10.0.0.3
example.org MX 10 mail.example.org
example.org TXT v=spf1 mx ip4:10.0.0.1 ~all
mail.example.org A 10.0.0.3
mail.example.org MX 1 mail.example.org
mail.example.org TXT v=spf1 mx ip4:10.0.0.1 ~all

Also, I have these interfaces

10.0.0.1: eth0
10.0.0.2: eth0.1
10.0.0.3: eth0.2

This are the rDNS settings created by my ISP:

10.0.0.1 - example.com
10.0.0.2 - example.net
10.0.0.3 - example.org

I'd asked to have:

10.0.0.1 - example.com, example.net, example.org

But he said that this could lead to problems identifying my e-mail server. It would like act something like a load balance, delivering a diferent one at time.

I've updated my /etc/postfix/master.cf to look as follow:

example.com:smtp      inet    n       -       n       -       -       smtpd -o myhostname=example.com
example.com:587       inet    n       -       n       -       -       smtpd -o myhostname=example.com
example.net:smtp      inet    n       -       n       -       -       smtpd -o myhostname=example.net -o smtp_bind_address=10.0.0.2
example.net:587       inet    n       -       n       -       -       smtpd -o myhostname=example.net -o smtp_bind_address=10.0.0.2
example.org:smtp      inet    n       -       n       -       -       smtpd -o myhostname=example.org -o smtp_bind_address=10.0.0.3
example.org:587       inet    n       -       n       -       -       smtpd -o myhostname=example.org -o smtp_bind_address=10.0.0.3

Postfix seems to ignore the -o smtp_bind_address=10.0.0.2 because it keeping delivering mail through 10.0.0.1.

Best Answer

The problem is that postfix is using 10.0.0.1 for all your mail. This itself isn't a problem, as you can easily add multiple virtual domains pointing to the same IP.

Basically I would change the records for example.org, etc in this manner.

example.org A 10.0.0.3
example.org MX 10 mail.example.org
mail.example.org CNAME mail.example.com

That way your SPF record will be valid, and the MX record, A record for the mail server, etc will correspond to the correct IP.

That is, unless you have some other reason to make use of multiple IPs.

Related Solutions

Emails are going to spam

The following is based off of the IP I see in your logs as the mail sending IP of 67.55.9.182.

You have a PTR entry, which is good.

;; ANSWER SECTION:
182.9.55.67.in-addr.arpa. 14400 IN      PTR     dsl-67-55-9-182.acanac.net.

However your forward and reverse should match ideally. The reverse entry leads me to believe that you are running this off of a DSL ISP connection. That is enough to get your mail marked as spam in some systems. They do not like seeing mail coming from "home" or "consumer" connections.

Your IP is also listed in several blacklists:

67.55.9.182 is listed in dnsbl-3.uceprotect.net 
67.55.9.182 is listed in bl.spamcannibal.org

This will also result in your mail being sent to the spam bin.

Resolve the above issues and you will likely see your mail being accepted as ham. Hope that helps and let me know if you have any questions.

Email sent from server with rDNS & SPF being blocked by Hotmail

Your title says your email is being blocked by hotmail.com but in one of your comments to Stony's answer you state that your SMTP log shows "RCPT=OK" and "RECV=OK" when sending email to hotmail.com. That in and of itself should be telling you that your email is not being blocked. It's being accepted by hotmail.com and is most likely being filtered after being accepted. there's a difference between an email being blocked/rejected and being filtered after being accepted.

You state that you can't telnet to port 25 of mail.hotmail.com. That's because mail.hotmail.com is not an MX for hotmail.com. A quick nslookup shows the following MX records for hotmail.com: mx1.hotmail.com, mx2.hotmail.com, mx3.hotmail.com, and mx4.hotmail.com.

You state that you can't ping hotmail.com but you can ping gmail.com. It's irrelevant whether or not you can ping hotmail.com or any other server, name, web site, etc. The ping tool doesn't test the availability of a service (web, email, etc). The fact that you can't ping hotmail.com only means that the hosts that hotmail.com resolve to don't respond to pings or that a firewall is blocking those pings. It's totally irrelevant to the problem. In addition, pinging hotmail.com has nothing to do with the MX records for hotmail.com. Hotmail.com is the domain name and pinging hotmail.com is pinging the A records configured for that domain name. When you ping gmail.com you're pinging the A record for that domain name, you're not pinging the MX records for gmail.com.

Have a look at the Hotmail Postmaster page here to see if there's anything you need to look in to:

http://mail.live.com/mail/troubleshooting.aspx

Best Answer

Related Solutions

Emails are going to spam

Email sent from server with rDNS & SPF being blocked by Hotmail

Related Topic