Hi Weitsie,
Shortly after I sent my first reply, I also replied with:
Also, I can't bind all IPs on the same box as I'm short of IPs in the
location where Postfix-INT is located. The ip5 is located on
Postfix-INT and not Postfix-EXT. The above table also has an exception
that if they're are internal mails, meaning mails from A1.com to
A1.com or A1.com to A2.com, they're lmtp'ed directly from postfix-INT
itself. (This is done to save bandwidth and unnecessary queueing)
I am sorry I missed that part in a hurry. So, ip5 lies on the
postfix-INT instance and not postfix-EXT. I could do what all you said
and everything would be fine but that doesn't take into consideration
the part of internal mails being delivered via lmtp on postfix-INT
itself.
This all happens on Postfix-INT. (This pseudocode is perfect without
any errors, please see my C-style comments)
1. If header is L1 or L2, REJECT (done via milter_header_checks)
2. If internal domains (even that have header L3)
/* If I relay mails to postfix-EXT, how do I make sure
that internal mails are always lmtp'ed? /*
3. then deliver it to our storage servers (through lmtp, as
explained above, it's done via transport_maps)
4. else if external domains
5. If the header value is L3
6. deliver via postfix-INT (Because I don't care much about
the IP bound in postfix-INT)
/* Not sure how to do this. How do I not relay mails
when header value is, say L3 */
7. else
8. relay mails to Postfix-EXT. ( * record in transport_maps.
Note that this comes after the lmtp delivery part and is the last
entry there)
The part where I do use sender_transport happens on Postfix-EXT, that
was kind of clear to me. As my mail's subject, problem is of deciding
transport based on milter_header_checks (line 2, 5, 6). The stuff that
you mentioned can be done on postfix-EXT for domain-wise transport and
it solves part of the problem. Thanks for that. This solved "Line 8
and beyond" of pseudo code.
- The reason I can't I can't forward internal mails to postfix-EXT
from postfix-INT is, my internal mails have address like
"shadyabhi:mail....@internal.storage.box" which if relayed via
postfix-EXT will cause "MX not found" errors.
Line 2, meaning, delivering mails via lmtp is still not done. No
matter what header does internal mails contain, I want them delivered
via lmtp itself.
I'm sorry for the inconvenience caused by dividing text among two
mails. This is really bad but I am still dying to find the solution to
this. Hope to see a reply soon.
On Mon, Aug 19, 2013 at 5:49 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Abhijeet Rastogi:
>> Domain Pure_Traffic Suspect_Traffic
>> A1.com ip1 ip5
>> A2.com ip2 ip5
>> A3.com ip3 ip5
>> A4.com ip4 ip5
>
> In that case, use sender_dependent_default_transport_maps to choose
> an SMTP client with a the appropriate smtp_bind_address setting,
> and use a FILTER action to override this for low-reputation mail.
>
> /etc/postfix/main.cf:
> sender_dependent_default_transport_maps =
> hash:/etc/postfix/sender_transport
> milter_header_checks = pcre:/etc/postfix/milter_header_checks
> smtp1_bind_address = 1.2.3.1
> smtp2_bind_address = 1.2.3.2
> ....
> smtp5_bind_address = 1.2.3.5
>
> /etc/postfix/sender_transport:
> A1.com smtp1:
> A2.com smtp2:
> ... ....
>
> /etc/postfix/milter_header_checks:
> /^X-Foobar-Precedence: junk/ FILTER smtp5:
>
> /etcv/postfix/master.cf:
> smtp1 ... .... ... smtp -o smtp_bind_address=$smtp1_bind_address
> smtp2 ... .... ... smtp -o smtp_bind_address=$smtp2_bind_address
> ...
> smtp5 ... .... ... smtp -o smtp_bind_address=$smtp5_bind_address
>
> Wietse
--
Regards,
Abhijeet Rastogi (shadyabhi)
http://blog.abhijeetr.com
