Bind Outgoing Mail to Specific IP

[jpk236]

I run nagios to monitor my boxen, and have it setup to send pages to
xxxxxxxxxx@messaging.sprintpcs.com, where xxxxxxxxxx is my cell phone
number.

For whatever reason, Sprint's MX is blocking the pages:

/var/log/mail/send/current:
@40000000464a656b35d2adcc delivery 573: deferral:
Connected_to_68.28.3.22_but_connection_died._(#4.4.2)/
@40000000464a656b35d2b59c status: local 0/10 remote 80/255

I have 26 IPs on this box, and I ran this command for every IP to see
what was going on:

PASS:
root|10:23:50pm|/var/log/mail/send: telnet -s xxx.xxx.147.243 68.28.3.22 25
Trying 68.28.3.22...
Connected to 68.28.3.22.
Escape character is '^]'.
220 clxipc6003-in.nmcc.sprintspectrum.com ESMTP

FAIL:
root|10:24:22pm|/var/log/mail/send: telnet -s xxx.xxx.147.242 68.28.3.22 25
Trying 68.28.3.22...
Connected to 68.28.3.22.
Escape character is '^]'.
Connection closed by foreign host.

Of the 26 IPs, 14 passed and 12 failed.

Is there a way that I can bind the process that sends mail out to a
specific IP?  One of the 14 that work.

Thanks!

- Justin

UPDATE

I'm fairly certain that Sprint is blocking the mail because some of the IPs (the ones that fail) are found in the spamhaus catalog:

@40000000464a6fac27b55dfc new msg 47336
@40000000464a6fac27b7f9f4 info msg 47336: bytes 1620 from <admin@jpk236.com> qp 2182 uid 89
@40000000464a6fac27d82c24 starting delivery 95: msg 47336 to remote mail-toaster@simerson.net
@40000000464a6fac27dab0ac status: local 0/10 remote 2/255
@40000000464a6fad027ca284 delivery 95: deferral: 72.29.111.133_does_not_like_recipient./Remote_host_said:_451_http://www.spamhaus.org/query/bl?ip=xxx.xxx.147.242/Giving_up_on_72.29.111.133./
@40000000464a6fad027cc994 status: local 0/10 remote 1/255

I just moved to this datacenter, and the IPs are new to me.  The previous owner must have been naughty.

[matt]

one surefire way of making sure your mail toaster sends from a particular IP is to run it in a jail.

[antoniop]

There is a patch for qmail that enforces sending using a certain IP on the host system.

FYI: http://www.fefe.de/qmail/

Except:
qmail-1.03-netqmail-1.05-fefe3.diff.bz2 (read README.antispam, enclosed in the patch; NEW! now also with p0f interface and inline signature check), qmail-remote-outgoingip.diff.gz (qmail-remote will bind to the IP given in /var/qmail/control/outgoingip), qmail-1.03-preline.diff (adds a -p option telling preline to ignore EPIPE)...

Sounds like a good patch to bundle.  I am yet to try it out though.

[matt]

If you are using PF, you can use a redirect rule to do that.

nat on $ext_if from $toaster_ip  to any -> $toaster_ip

or perhaps:
nat on $ext_if from $main_box_ip to any port 25 -> $toaster_ip

[antoniop]

You're a legend Matt.

I didn't think about using NAT to do this