I’m having trouble with traffic that is leaking out of the Peplink’s interface IP instead of the WAN IP that NAT is set up on. I know that this is expected behaviour during a WAN outage, but this seems to be happening all the time. Normally this wouldn’t be much cause for alarm, but the traffic that is leaking is outbound email, which is not getting delivered because it’s coming from the wrong IP. This is also happening on multiple WAN interface IPs.
My setup is somewhat complicated, but here goes. I have two servers behind an external IP address, one is the MTA (Message Transfer Agent) which accepts inbound/outbound SMTP traffic and the other server is a tracker that only does inbound HTTP traffic. So there is no 1:1 NAT used here but a combination of Services, Outbound NAT mappings, and Outbound Policy. There are actually 2 external IPs for the server to enable a bit of reputation management on the IP addresses, but they are both on the same WAN.
So recently I checked IP reputation through senderscore.org and it said that one of the two IPs had not sent any email, which was interesting because my MTA had records of sending just under 100k emails through that IP address. I started auditing my WAN subnet to find the ‘missing email’ and discovered that my Peplink’s interface IP now had a senderscore.org reputation, and a bad one at that. I looked at my other WAN link which also has different servers in the same configuration and found that that interface address had also gained a reputation.
I’ve double checked my settings and I don’t see what I’m doing wrong, but at the very least is there a way to create a firewall rule that can block the interface IPs from being allowed to deliver SMTP traffic? They should not be doing that because it is ruining my deliverability.