outbound sender [Postfix]

Prev: spamhaus dbl implementation
Next: Postfix doesn't fall back on other IP addresses

From: Len Conrad on 4 Mar 2010 05:16

We have two postfix machines, one is a (weak) MX in/out gateway with amavisd+sa+clam that falls way behind during a huge (trusted) outbound send-only distribution list.

The other, powerful postfix machine is not-yet-fully configged next-up to replace the current weak MX, but we can't do that, yet (waiting for sa 3.3.1).

We can route all outbound mail through the powerful postfix box.

How to set up the powerful outbound box with this sender-based routing:

If listsender(a)domain.tld, send to Internet

Else, send to MX gateway

thanks
Len

From: Stan Hoeppner on 4 Mar 2010 06:38

Len Conrad put forth on 3/4/2010 4:16 AM:

> If listsender(a)domain.tld, send to Internet
>
> Else, send to MX gateway

This may be what you're looking for.

http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps

sender_dependent_relayhost_maps (default: empty)

A sender-dependent override for the global relayhost parameter setting.
The tables are searched by the envelope sender address and @domain. A lookup
result of DUNNO terminates the search without overriding the global
relayhost parameter setting (Postfix 2.6 and later). This information is
overruled with relay_transport, sender_dependent_default_transport_maps,
default_transport and with the transport(5) table.

For safety reasons, this feature does not allow $number substitutions in
regular expression maps.

This feature is available in Postfix 2.3 and later.

--
Stan

From: Len Conrad on 4 Mar 2010 07:40

>> If listsender(a)domain.tld, send to Internet
>>
>> Else, send to MX gateway
>
>This may be what you're looking for.

I read that before I sent my msg

>http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps
>
>sender_dependent_relayhost_maps (default: empty)
>
>A sender-dependent override for the global relayhost parameter setting.
>The tables are searched by the envelope sender address and @domain. A lookup
>result of DUNNO terminates the search without overriding the global
>relayhost parameter setting (Postfix 2.6 and later). This information is
>overruled with relay_transport, sender_dependent_default_transport_maps,
>default_transport and with the transport(5) table.

But we don't have a relayhost for the sender listsender(a)domain.tld. We want that trusted sender to bypass the (scanning, weak) relayhost and nexthop to Internet.

in the sender_dependent postfix box,

relayhost = [mx.domain.tld]

sender_dependent_relayhost_maps =
sender_dependent_relayhost.map

.... which would contain what, the "null next hop"?

listsender(a)domain.tld smtp:

thanks
Len

From: Stan Hoeppner on 4 Mar 2010 10:04

Len Conrad put forth on 3/4/2010 6:40 AM:

> But we don't have a relayhost for the sender listsender(a)domain.tld. We want that trusted sender to bypass the (scanning, weak) relayhost and nexthop to Internet.
>
> in the sender_dependent postfix box,
>
> relayhost = [mx.domain.tld]
>
> sender_dependent_relayhost_maps =
> sender_dependent_relayhost.map
>
> ... which would contain what, the "null next hop"?
>
> listsender(a)domain.tld smtp:

It would be of the form

listsender(a)domain.tld smtp:10.1.2.3

10.1.2.3 being the new/big Postfix box you mentioned wanting to send this
list mail through.

But upon further reading, I'm not sure if you need that, or

sender_dependent_default_transport_maps

I'm pretty sure one of these two is what you need. One of the experts will
jump in shortly with the definitive answer (I hope/assume).

--
Stan

From: "Len Conrad" on 4 Mar 2010 10:39

>Len Conrad put forth on 3/4/2010 6:40 AM:
>
>> But we don't have a relayhost for the sender listsender(a)domain.tld. We want that trusted sender to bypass the (scanning, weak) relayhost and nexthop to Internet.
>>
>> in the sender_dependent postfix box,
>>
>> relayhost = [mx.domain.tld]
>>
>> sender_dependent_relayhost_maps =
>> sender_dependent_relayhost.map
>>
>> ... which would contain what, the "null next hop"?
>>
>> listsender(a)domain.tld smtp:
>
>It would be of the form
>
>listsender(a)domain.tld smtp:10.1.2.3
>
>10.1.2.3 being the new/big Postfix box you mentioned wanting to send this
>list mail through.

That's precisely what I don't want to do.

1. all mail from inside goes to this (edge - 1 ) postfix box.

2. if from trusted/don't-scan-it listsender(a)domain.tld, then don't go to edge/out-MX relayhost, resolve/send directly to Internet.

3. if not from listsender(a)domain.tld, then send to relayhost.

Len

| Next | Last
Pages: 1 2
Prev: spamhaus dbl implementation
Next: Postfix doesn't fall back on other IP addresses