Controlling HTTP & SMTP IP flow for 3 NIC's

Les Mikesell lesmikesell at gmail.com
Wed Jan 23 19:31:34 UTC 2008


Tim Alberts wrote:
> A little background first..I run 2 servers, mail and web.  The mail 
> server is down for hardware problems.  I'm running both email and web on 
> one server.  The web server has 3 network interfaces 1 for public email, 
> 1 for public web, and 1 for private network.  I use 3 cards because the 
> router I connect to the internet won't recognize multiple IP's for a 
> single hardware MAC.

That's fairly bizarre if true.  Are you sure it didn't just fail 
temporarily when you switched because the previous MAC was cached? 
Routers typically keep their arp cache for up to 20 minutes and won't 
re-discover a moved IP/NIC sooner unless you manually clear the cache.

But... you'd have the same issue with aliases on the same NIC.

> The problem is, that my email messages seem to be going out the web 
> network interface.  This is typically not a problem except for the 
> reverse DNS lookup  fails which at least one domain (Comcast.Net) rejects.
> 
> My question therefore is, how can I route my sendmail traffic to go out 
> the correct ethernet interface?  I'm sure I'll need to do the same for 
> the web traffic so web site spoofing alarms are triggered.
> 
> I have told sendmail to listen to the correct interfaces, but that 
> apparently doesn't mean only write to those interfaces.  I don't see how 
> to control this by setting up my routes and I can only really think of 
> ways to block it in IPtables, not re-route it.

You probably used the DaemonPortOptions entry in sendmail.mc to control 
the listening side.  Do the same with ClientPortOptions for outbound 
connections.

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the users mailing list