Re: routing externally forwarded mail differently than internally originated mail

Thu, 19 Mar 2015 04:11:23 -0700 

Daniel Bromberg:
> 
> On 3/18/2015 7:23 PM, Wietse Venema wrote:
> > Daniel Bromberg:
> >> Greetings master postfixers,
> >>
> >> I am trying to solve a forwarding problem. I have two separate amavis
> >> instanceson my edge MX that each do spam-checking: one incoming
> >> (obvious), one outgoing (our users aren't too good about keeping their
> >> computers zombie-free).
> >>
> >> For the particular case where mail passes the gateway, arrives locally,
> >> whereupon it's discovered that it should be forwarded to an external
> >> address, I do NOT want it to get re-scanned by the outgoing amavis
> >> instance, but rather sent straight through. So, I need to route it
> >> differently by choosing an alternate transport (which I will just set up
> >> as a special, 'pre-screened' smtp listening port.) However, how do I
> >> identify / capture this stream of forwarded mail? Right now, to the
> >> outgoing MX/amavis gateway, it looks exactly like it originated from the
> >> inside, rather than having been forwarded.
> >>
> >> mysql_virtual_alias_maps, which I'm using, did not have any helpful
> >> references (because aliases are general, not necessarily external), nor
> >> did several Google's about forwarding magic.

The entry points for the inbound MTA are inbound.clean and inbound.dirty.

The entry points for the outbound MTA are outbound.clean and outbound.dirty.

Mail received on the dirty entry points is filtered.

Receive all mail from remote senders on inbound-dirty.

Receive all mail from local senders on outbound-dirty.

Configure the inbound MTA with a "relayhost" setting of outbound-clean.

Configure the outbound MTA to send local mail to inbound-clean.

        Wietse
> 
> For line two: it's my local MX, not my edge MX, that welcomes local 
> users via the auth'd SSL'd submission port. I guess this is 
> 'outbound-dirty'. In order to ensure these messages are filtered, I have 
> to run amavis on that same host, correct? So that now amavis is running 
> on the local MX, rather than the edge MX? (Hoping to only run amavis there.)
> 
> I hope I'm not garbling the solution.
> 
> -Daniel
> 
> -- 
> *Daniel Bromberg, Founder*
> BaseZen Consulting, Inc.
> dan...@basezen.com
> 617.240.8036
> 52 Montague St Unit B
> Arlington, MA 02474-2508

Reply via email to