.. as already stated the xxx.xxx.xxx.xxx is the public IP of the router on the Internet, I don't know of any other way to state it, it's public NOT private.
Actually no you didn't exactly. Hence the question. Despite what you think we are not asking for the fun of it, but to try and clarify your layout in our OWN heads.
Remember, you have this all in your head, and it all makes perfect sense to you. We do not.
And please remember, you are the one with the problem. We are trying to understand it so we can try and help you, not to wind you up. Forgive us if the questions might seem simple or stupid. That's just the way it is.
Ok. So xxx.xxx.xxx.xxx / mail.XXX.com.au is on the WAN side of the router? (Humour me!!)
At a guess it looks like something is going on in your router. SME would appear to be seeing a connection from your router, and not direct from the interwebs/external mail servers themselves. It can only report the connections that it sees AFAIAA.
eg it is seeing a packet that goes:
1.2.3.4 -> x.x.x.x -> 172.16.0.2 -> 172.16.0.1
So it sees a connection from 172.16.0.2, or the WAN IP x.x.x.x
In reality it should see:
1.2.3.4 -> 172.16.0.1
Correct?
So what sort of router is it? is it running some sort of proxy/AV filtering?
If we look at say this:
https://github.com/smtpd/qpsmtpd/blob/master/qpsmtpd-forkserver ::log(LOGINFO,
"Accepted connection $running/$MAXCONN from $ENV{TCPREMOTEIP} / $ENV{TCPREMOTEHOST}"
So we have "Accepted Connection 1/40 from TCPREMOTEIP / TCPREMOTEHOST"
TCPREMOTEIP comes from $nto_iaddr which is retrieved right at the start of the connection.
# get local/remote hostname, port and ip address
my ($port, $iaddr, $lport, $laddr, $nto_iaddr, $nto_laddr) =
$qpsmtpd->lrpip($server, $client, $hisaddr);
The point being that this is what SME sees - a connection from the router, not the remote server. Don't know how or why.
Can you also just confirm whether ALL traffic flows via SME, or does say JUST the port 25 traffic of it go to SME and the rest go direct to the 10.0.0.x network from the router (which is entirely possible with your layout from the looks of the excellent picture!)?
Remember, you do have two routes from the router to SME there.