Configuring Postfix SMTP Transport for Multiple IP Addresses with Domain-Specific Banners


2 views

When configuring Postfix to handle multiple domains on separate IP addresses, we often need to maintain distinct SMTP identities while ensuring proper mail transport. The key challenge emerges when trying to:

  • Bind outgoing mail to specific source IPs
  • Maintain domain-specific HELO banners
  • Keep SMTP daemon listening on all required ports

The original attempt using transport maps and master.cf modifications had logical gaps:

# This creates unix-domain transports but doesn't handle inbound SMTP
domain1  unix - - n - - smtp
   -o smtp_bind_address=1.1.1.1
   -o smtp_helo_name=mail.abc.com
   -o syslog_name=postfix-mail.abc.com

This configuration fails because:

  1. Unix-domain transports don't listen on network ports
  2. The smtp process type is for outgoing mail only
  3. No SMTPD service is defined for incoming connections

Here's the proper way to configure this in master.cf:

# Inbound SMTP listeners
1.1.1.1:smtp inet n - n - - smtpd
  -o smtp_bind_address=1.1.1.1
  -o myhostname=mail.abc.com
  -o syslog_name=postfix-mail.abc.com

2.2.2.2:smtp inet n - n - - smtpd
  -o smtp_bind_address=2.2.2.2
  -o myhostname=mail.xyz.com
  -o syslog_name=postfix-mail.xyz.com

# Outbound transports
domain1 unix - - n - - smtp
  -o smtp_bind_address=1.1.1.1
  -o smtp_helo_name=mail.abc.com
  -o syslog_name=postfix-mail.abc.com-out

domain2 unix - - n - - smtp
  -o smtp_bind_address=2.2.2.2
  -o smtp_helo_name=mail.xyz.com
  -o syslog_name=postfix-mail.xyz.com-out

The sender_transport file should remain as you originally configured:

@abc.com    domain1:
@xyz.com    domain2:

But ensure main.cf includes:

sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport
transport_maps = hash:/etc/postfix/sender_transport

After configuration:

# Check listening ports
netstat -tulnp | grep master

# Test outbound routing
postmap -q @abc.com hash:/etc/postfix/sender_transport

# Verify SMTP banners
telnet 1.1.1.1 25
telnet 2.2.2.2 25

For complex environments, consider adding:

# Per-IP TLS certificates
-o smtpd_tls_cert_file=/path/to/abc.com.crt
-o smtpd_tls_key_file=/path/to/abc.com.key

# Separate queue directories
-o queue_directory=/var/spool/postfix-abc

When configuring Postfix 2.11.3 to handle multiple domains on separate IP addresses, many administrators face confusion between inbound SMTP listeners and outbound routing configurations. The key misunderstanding lies in how master.cf and transport maps interact.

Postfix actually needs two distinct configurations for proper multi-IP operation:


# Inbound configuration (master.cf)
1.1.1.1:smtp inet  n - n - - smtpd
  -o smtpd_banner=mail.abc.com ESMTP
  -o myhostname=mail.abc.com
  -o syslog_name=postfix-mail.abc.com

2.2.2.2:smtp inet  n - n - - smtpd
  -o smtpd_banner=mail.xyz.com ESMTP
  -o myhostname=mail.xyz.com
  -o syslog_name=postfix-mail.xyz.com

AND


# Outbound configuration (master.cf)
domain1  unix - - n - - smtp
  -o smtp_bind_address=1.1.1.1
  -o smtp_helo_name=mail.abc.com
  -o syslog_name=postfix-mail.abc.com

domain2  unix - - n - - smtp
  -o smtp_bind_address=2.2.2.2
  -o smtp_helo_name=mail.xyz.com
  -o syslog_name=postfix-mail.xyz.com

Here's how to properly combine both inbound and outbound configurations:


# /etc/postfix/master.cf
1.1.1.1:smtp     inet  n - n - - smtpd
  -o smtpd_banner=mail.abc.com ESMTP
  -o myhostname=mail.abc.com
  -o syslog_name=postfix-mail.abc.com

2.2.2.2:smtp     inet  n - n - - smtpd
  -o smtpd_banner=mail.xyz.com ESMTP
  -o myhostname=mail.xyz.com
  -o syslog_name=postfix-mail.xyz.com

domain1  unix - - n - - smtp
  -o smtp_bind_address=1.1.1.1
  -o smtp_helo_name=mail.abc.com
  -o syslog_name=postfix-mail.abc.com

domain2  unix - - n - - smtp
  -o smtp_bind_address=2.2.2.2
  -o smtp_helo_name=mail.xyz.com
  -o syslog_name=postfix-mail.xyz.com

The transport map (/etc/postfix/sender_transport) should reference the service names (domain1, domain2) not IP addresses:


# /etc/postfix/sender_transport
@abc.com    domain1:
@xyz.com    domain2:

Then in main.cf:


transport_maps = hash:/etc/postfix/sender_transport
default_transport = smtp

After implementing this configuration:


# Check listening ports
netstat -tulnp | grep 25

# Test SMTP banners
telnet 1.1.1.1 25
telnet 2.2.2.2 25

# Test outbound routing
postmap -q @abc.com hash:/etc/postfix/sender_transport
postmap -q @xyz.com hash:/etc/postfix/sender_transport

1. Not running postmap /etc/postfix/sender_transport after changes
2. Forgetting to restart both postfix and master processes
3. DNS records not properly configured for each IP

Remember to create proper PTR records for each IP address to avoid deliverability issues.