292913Re: sender-based-routing challenge
- May 2, 2013On 5/2/2013 1:20 AM, Michael Ionescu wrote:
> I have a corner case where I need to allow an emails generated at my"C" Multiple postfix instances is the preferred solution. Postfix
> site with certain off-site sender addresses to be routed through my MTA
> to the off-site smarthost officially responsible for the sender domain.
> This can be easily done using sender-based-routing. However, it becomes
> an issues as soon as the recipient is on my side and the off-site MTA
> therefore routes the email back to my MTA. A loop will be detected, due
> to my MTA seeing its own Received: header from the previous pass.
> The smtpd the email generator delivers its mail to is configured with a
> prequeue proxy virusfilter. If I understand correctly, this precludes
> rewriting the Received: header on the first pass using postfix on-board
> QUESTION 1: Is this correct?
> I see these work-arounds:
> A) If I receive all email from said off-site MTA on a non-standard port,
> loop-detection will not happen. The drawback is that I will have to
> depend on the off-site MTA for loop-detection.
> QUESTION 2: Is there a definitive overview of all the ways postfix
> detects loops and at what stages these are employed? (I mean aside from
> the source code.) :-)
> B) If there was a way to make the sender-based-routing conditional (i.e.
> only use sender-based-routing if recipient domain is not in my
> relay_domains, otherwise use normal transports) I could shunt emails to
> my own users to my own back-end MTA without passing through the off-site
> QUESTION 3: Can one make sender-based-routing conditional in this way?
> QUESTION 4: Does this also work with an smtpd configured with a
> pre-queue proxy filter?
> C) I could set up a completely separate postfix MTA (not just the smtpd)
> solely for the first pass from the generator. Then I could simply use
> the standard transports and relayhost=offsiteMTA. This is not the
> preferred solution, as it will require either a second (non-standard)
> pfx installation on the existing system or an additional system with a
> standard pfx.
> Thanks for your insight!
supports multiple instances on the same machine quite well. The
added overhead to the machine is negligible. There is some extra
administration, but the upside is you can easily do things that are
not possible (or really ugly) in a single instance.
-- Noel Jones
- << Previous post in topic Next post in topic >>