Re-writing the source with iptables.

Recently I ran into a problem where my primary IP address on the server was blacklisted. This had the negative effect that mail being sent from the server to other servers that use the blacklist, blocked our emails.

In a shared hosting environment, one user can easily get a server blacklisted.

All our servers have at least 2 publicly accessible IP addresses. I thought that it would be great if I could get the mail to appear to be from one of the secondary IP addresses.

Below is a iptables rule, that achieves just this:

iptables -t nat -A POSTROUTING -o eth0 \
-s <primaryIPAddress>/32 -p tcp --dport 25 \
-j SNAT --to-source <secondaryIPAddress>

Leave a Reply

You must be logged in to post a comment.