With some changes to the mail routing setup, mail ended up being sent from bastion with the NAT IP instead of bastion's IP. This caused many mail servers to reject emails being sent from bastion.
Currently, a temporary fix is in place, with eth0 setup for 10.5.126.11 (which was previously at eth0:0). The heartbeat service on bastion2 has been stopped, and puppet was disabled.
We'll need to get a permanent solution to this.
Looks like we need to set smtp_bind_address in our postfix configs, or potentially.
My only concern is, now with the amount of mail going through our system, we could have issues where by mail gets stuck in the queues, (i.e. postfix can't bind), maybe we should just have mappings for bastion01/bastion02 w/ networking blocking incoming traffic (we only need it for the reverse DNS)
This is matching now.
Login to comment on this ticket.