I'm trying to set up a split domain setup with Google Apps. Google Apps has the rather neat option of sending mail on to your own SMTP server - it can send all, or just those that aren't delivered in Google Apps (i.e. no mailbox/mailing list exists for that address). We have configured it to send unmatched mail (the latter case) on to our Postfix server, which in turn is set up to handle the domain as a virtual domain and deliver or forward accordingly like other virtual domains.
This works fine on the surface, incoming mail that doesn't match anything at Google appropriately goes to our Postfix server, and if it matches something there goes where it should. However, there's a problem with sending mail through the Postfix server to our domain - I can't figure out how to make it either : A) always attempt to deliver through Google (and let it round trip back to Postfix and be handled there if necessary) or B) always attempt to deliver through Google if nothing matches in it's virtual accounts (aliases / mailboxes etc) It appears I should be able to set the default transport handling in /etc/postfix/transport to make the entire domain go out via normal SMTP via MX lookup (and thus Google) with overrides for the few accounts that should be handled by Postfix, but that doesn't appear to work as I understand it should - the domain part doesn't work, so it only accepts mail for local accounts defined there. I have to instead put in each and every account on the domain (even those at Google) in there and make them go out via SMTP rather or local delivery explicitly. This would be okay (if a pain to manage) except that I have to specify any mailbox+extens...@example.com that I want to handle sending to Google, which is a pain because we have various mailing lists with lots of different +extension on them for different things (i.e., there's a one for internal systems and servers, and each device/server/etc has its own extension). Since many of these internal devices aren't capable of full blown SMTP auth to send mail, they relay through our Postfix server (and are trusted by it based on the internal IP for relay purposes) - but if I don't add each +extension variation to the virtual mailboxes then they don't get delivered. I tried changing various options related to how verification probes are handled (hoping to make it check against Google first) but didn't get anywhere. Has anyone gotten anything like this set up without having to have every account (and +extension variation) that Google handles listed in Postfix's virtual mailbox just so that it will relay to Google? Thanks in advance!
