Hi, all.
I'm having a devil of a time dealing with various e-mail filtering
services as well as service providers wanting to block mail from my
servers, whether it's because I happen to have a VPS IP or
what-have-you. I try to run a clean ship and pounce on any bad stuff as
I see it.
Anyway, long story short, in addition to the server my users see, I have
a couple of outgoing servers I use so I can have some "agility" in case
that server gets blocked for whatever reason, even if there is no active
spam situation going on (which is most of the time). Of course, I need
to work with various filtering services, reputation services and ISPs to
make sure I'm square with them in the meantime.
To oversimplify things a bit, the main user server for mail client
connections and for mailboxes is server "x", with two servers, "y" and
"z", the latter two being on different VPS providers (though for my
real-world case, "x" and "y" are on the same provider, even the same
subnet).
Here is how I have server "x" set up:
smtpd_recipient_restrictions = (other checks),check_recipient_mx_access
hash:/etc/postfix/transport-maps/tricky_mx_sites
with the contents being, for example:
.mxlogic.net smtp:(z's IP address):587
.other.example.com smtp:(y's IP address):587
In my case, the .mxlogic.net MXes are a doozy for me. In an ideal
world, I'd like McAfee to not block me simply because of an IP's
(potentially distant-)past reputation. However, I have clients who
"want it and want it now".
Instead, it defaults to whatever I have set for "relayhost" or if it's
not set, it'll send directly. It's like the MX lookup I want to see
happen never took place so I can satisfy the conditions for the table
lookup.
Is the "smtpd_check_recipient_mx_access" more for incoming connections
rather than outgoing mails?
Any ideas or suggestions? Googles on the subject aren't being very
fruitful on this matter.
Thanks!
--Ian.
--
Ian R. Justman
UNIX hacker. Anime fan. Any questions?
ianj (at) ian-justman.com
Please direct business correspondence to my new address, biz (at)
ian-justman.com. (04/27/2015)
