INTERNAL_IP mapping table

From Messaging Server Technical Reference Wiki
Jump to: navigation, search

Modern MTA configurations typically make use of an INTERNAL_IP  mapping table as a convenient, single location for storing a site's list of "internal" IP addresses. MTA components that need to check whether or not a source IP address is "internal" then can make use of the INTERNAL_IP mapping table for this determination, rather than each component having its own separate list. So while knowledge and use of the INTERNAL_IP mapping table is not hard-coded into the MTA, it is a common configuration feature.

Typical component users of an INTERNAL_IP mapping table include: the PORT_ACCESS mapping table (to determine SASL ruleset), and a backwards-pointing IP literal rewrite rule (for the purpose of switchchannel "switching" to the tcp_intranet channel).

A typical INTERNAL_IP mapping table might appear something like the following, shown from within msconfig:

msconfig> show mapping:INTERNAL_IP.*
role.mapping:INTERNAL_IP.rule = host's-public-IP-address $Y
role.mapping:INTERNAL_IP.rule = $<> $Y
role.mapping:INTERNAL_IP.rule = ${::1} $Y
role.mapping:INTERNAL_IP.rule = $Y
role.mapping:INTERNAL_IP.rule = * $N

or in legacy configuration:


  host's-public-IP-address    $Y
  $<>           $Y
  ${::1}                      $Y                   $Y
  *                           $N

This sample INTERNAL_IP mapping table's rules explicitly match the host's public IP address, use a subnet match to match private IP addresses, and match IPv6 and IPv4 forms of loopback address. A final, fall-through wildcard $N rule ensures that any IP addresses not listed/matched earlier in the INTERNAL_IP table will fail the mapping check (not be considered "internal").

See also: