Postfix configuration on multihoming server

By Stephane Carrez

This article explains how to configure a Postfix server on a multihomed host and control the IP address used by the server.

What is multihoming

Multihoming is the configuration of multiple interfaces or IP addresses for the same host. It is used in failover environment to increase the reliability of the network.

A hosting service such as OVH provides a simple failover mechanism which allows to bind a failover IP address to several hosts and let the OVH routers redirect the traffic to one of these servers. The network traffic is re-routed from one host to the other in a transparent manner. In that case, each server has its own IP address but also another shared IP address (the IP failover).

To add an IP address to an existing interface, you can edit the /etc/network/interfaces file and add the following definition:

auto eth0:0
iface eth0:0 inet static
        address 87.98.146.48
        netmask 255.255.255.255

After restarting the network interface, you can check that the new interface is up:

$ ifconfig eth0:0
eth0:0    Link encap:Ethernet  HWaddr 00:1c:c0:9c:18:03  
          inet addr:87.98.146.48  Bcast:87.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:27 Base address:0x8000 

Note that you can try this on a local network first.

What's the issue?

With multihomed interfaces, you don't control easily which IP address is used by the server. By default, postfix will listen on each network interface and when it will connect to other mail servers, it will use the IP address of the first interface.

Listening on several IP addresses is not a problem but on the other hand you could expose a mail server on an IP address which is not supposed to exist (ie, there could be no MX record to a DNS entry with that IP address).

Connection to other mail servers is more problematic as you expose to other servers an IP address that you may not want. Configured correctly, these servers could refuse the connection if the reverse is not set correctly.

Postfix Listening Addresses

To restrict the listening addresses, we have to tell postfix to listen to the IP addresses we want. Basically, the server has to listen to the IP failover. This is done by specifying the IP address to listen in the /etc/postfix/master.cf configuration file:

87.98.146.48:smtp   inet  n -   -   -  - smtpd
127.0.0.1:smtp       inet  n -  -  -  - smtpd

Postfix Connection Address

The next step is to make sure the mail server will use the good IP address when connecting to other mail servers. This is done by using the smtp_bind_address parameter in the /etc/postfix/main.cf configuration file:

smtp_bind_address=87.98.146.48

After changing the master.cf and main.cf configuration files, you have to restart the postfix daemon:

$ sudo /etc/init.d/postfix restart

References

Postfix Configuration

Add a comment

To add a comment, you must be connected. Login