outbound sender
Len Conrad
We have two postfix machines, one is a (weak) MX in/out gateway with amavisd+sa+clam that falls way behind during a huge (trusted) outbound send-only distribution list.
The other, powerful postfix machine is not-yet-fully configged next-up to replace the current weak MX, but we can't do that, yet (waiting for sa 3.3.1).
We can route all outbound mail through the powerful postfix box.
How to set up the powerful outbound box with this sender-based routing:
If lists...@domain.tld, send to Internet
Else, send to MX gateway
thanks
Len
Stan Hoeppner
> If lists...@domain.tld, send to Internet
>
> Else, send to MX gateway
This may be what you're looking for.
http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps
sender_dependent_relayhost_maps (default: empty)
A sender-dependent override for the global relayhost parameter setting.
The tables are searched by the envelope sender address and @domain. A lookup
result of DUNNO terminates the search without overriding the global
relayhost parameter setting (Postfix 2.6 and later). This information is
overruled with relay_transport, sender_dependent_default_transport_maps,
default_transport and with the transport(5) table.
For safety reasons, this feature does not allow $number substitutions in
regular expression maps.
This feature is available in Postfix 2.3 and later.
--
Stan
Len Conrad
>> If lists...@domain.tld, send to Internet
>>
>> Else, send to MX gateway
>
>This may be what you're looking for.
I read that before I sent my msg
>http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps
>
>sender_dependent_relayhost_maps (default: empty)
>
>A sender-dependent override for the global relayhost parameter setting.
>The tables are searched by the envelope sender address and @domain. A lookup
>result of DUNNO terminates the search without overriding the global
>relayhost parameter setting (Postfix 2.6 and later). This information is
>overruled with relay_transport, sender_dependent_default_transport_maps,
>default_transport and with the transport(5) table.
But we don't have a relayhost for the sender lists...@domain.tld. We want that trusted sender to bypass the (scanning, weak) relayhost and nexthop to Internet.
in the sender_dependent postfix box,
relayhost = [mx.domain.tld]
sender_dependent_relayhost_maps =
sender_dependent_relayhost.map
... which would contain what, the "null next hop"?
lists...@domain.tld smtp:
thanks
Len
Stan Hoeppner
> But we don't have a relayhost for the sender lists...@domain.tld. We want that trusted sender to bypass the (scanning, weak) relayhost and nexthop to Internet.
>
> in the sender_dependent postfix box,
>
> relayhost = [mx.domain.tld]
>
> sender_dependent_relayhost_maps =
> sender_dependent_relayhost.map
>
> ... which would contain what, the "null next hop"?
>
> lists...@domain.tld smtp:
It would be of the form
lists...@domain.tld smtp:10.1.2.3
10.1.2.3 being the new/big Postfix box you mentioned wanting to send this
list mail through.
But upon further reading, I'm not sure if you need that, or
sender_dependent_default_transport_maps
I'm pretty sure one of these two is what you need. One of the experts will
jump in shortly with the definitive answer (I hope/assume).
--
Stan
Len Conrad
>
>> But we don't have a relayhost for the sender lists...@domain.tld. We want that trusted sender to bypass the (scanning, weak) relayhost and nexthop to Internet.
>>
>> in the sender_dependent postfix box,
>>
>> relayhost = [mx.domain.tld]
>>
>> sender_dependent_relayhost_maps =
>> sender_dependent_relayhost.map
>>
>> ... which would contain what, the "null next hop"?
>>
>> lists...@domain.tld smtp:
>
>It would be of the form
>
>lists...@domain.tld smtp:10.1.2.3
>
>10.1.2.3 being the new/big Postfix box you mentioned wanting to send this
>list mail through.
That's precisely what I don't want to do.
1. all mail from inside goes to this (edge - 1 ) postfix box.
2. if from trusted/don't-scan-it lists...@domain.tld, then don't go to edge/out-MX relayhost, resolve/send directly to Internet.
3. if not from lists...@domain.tld, then send to relayhost.
Len
Len Conrad
So there's no way to do this?
Len
Hari Hendaryanto
>> That's precisely what I don't want to do.
>>
>> 1. all mail from inside goes to this (edge - 1 ) postfix box.
>>
>> 2. if from trusted/don't-scan-it lists...@domain.tld, then don't go to edge/out-MX relayhost, resolve/send directly to Internet.
>>
>> 3. if not from lists...@domain.tld, then send to relayhost.
>>
>
>
> So there's no way to do this?
>
> Len
>
assume all outbound mail sent through the powerful postfix box
in powerful postfix box
main.cf
transport_maps = hash:/etc/postfix/transport
sender_dependent_default_transport_maps =
hash:/etc/postfix/sender_dependent_default_transport_maps
transport
untrusted_domain smtp:your_weak_mx_gateway_for_scaned
sender_dependent_default_transport_maps
lists...@domain.tld powerful-trusted:
master.cf
powerful-trusted unix - - n - - smtp
-o smtp_helo_name=powerful_box_fqdn
-o syslog_name=postfix-powerful-box
postmap hash hash table and reload postfix
but, if lists...@domain.tld has destination to user@untrusted_domain,
mail will be route to your_weak_mx_gateway_for_scaned
otherwise it'll sent directly to internet
cmiiw
Wietse Venema
> >
> >2. if from trusted/don't-scan-it lists...@domain.tld, then don't go to edge/out-MX relayhost, resolve/send directly to Internet.
Use an access map with a nexthop-less FILTER action:
FILTER smtp:
This requires Postfix 2.7. See note 3 in the access(5) manpage.
> >3. if not from lists...@domain.tld, then send to relayhost.
relayhost = [mail.isp.com]
Wietse