On Tue, Nov 10, 2020 at 03:04:24PM -0500, Alex wrote:
> > Amavis is an SMTP server to which you can route mail for filtering.
> > That routing can happen via a content_filter (required in a single
> > instance configuration) or just making amavis the destination for all
> > mail in a multi-instance configuration.
> >
> > Unfiltered Mail ---> Amavis SMTP ---> Filtered Mail
> > 1-inst smtpd A content_filter smtpd B
> > 2-inst Postfix A ditto or transport Postfix B
One thing to keep in mind is that when forwarding mail from a machine to
itself, the destination port must not be port 25, or else loop detection
might kick in if either the IP address or the hostname in the nexthop
greeting or HELO response matches myhostname in the sender instance. So
I'm assuming that you're not doing local SMTP forwarding to port 25.
> Okay, I've made some progress, but I'm still not understanding in
> practical terms how to link postfix to amavisd. It works with
> "content_filter = smtp-amavis:[127.0.0.1]:10024" but I'd like to try
> and do it with transport maps, as we've discussed.
This should work provided nothing causes the mail to take some other
route. The routing logic is:
1. Highest priority, any content_filter override.
2. Next, the transport(5) table.
3. Next, the address-class-specific transport, i.e.
relay_tansport for relay_domains, local_transport for
domains listed in mydestination, ...
4. Next, default_transport possibly sender-dependent via
sender_depedent_default_transport_maps.
In addition $relayhost is the default nexthop when the default
transport or relay_transport does not specify a nexthop.
> Despite the following, mail is just completely bypassed and delivered
> directly to the final destination outlined in
> /etc/postfix-117/transport.
See above, the transport table is the highest-precedence source
of truth after content_filter.
> The multi-instance readme indicates
> mydestination should be unset, but that results in a mail loop for
> mail being reinjected, I believe.
It should only be unset in instances that forward all mail, if the
last instance in the pipeline needs to do local(8) delivery, or
consult local aliases(5), then you need mydestination there.
> /etc/postfix-117/main.cf
> mydestination = $myhostname, localhost.$mydomain, localhost
> myhostname = xavier.mycompany.com
> alias_maps =
> alias_database =
> local_recipient_maps =
> local_transport = error:5.1.1 Mailbox unavailable
All mail to the domains listed in $mydestination will be rejected.
Is that what you want?
> default_transport = smtp-amavis:[127.0.0.1]:10024
> relay_transport = $default_transport
> virtual_transport = $default_transport
> relay_domains = domain1.org, domain2.org
The rest is punted to Amavis (after any virtual(5) rewriting, which
could perhaps result in some recipients matching $mydestionation, which
then bounce).
> transport_maps = ${indexed}transport
Why do you need a transport table? Everything should go to
amavis...
> /etc/postfix-117/transport
> domain1.org smtp:68.195.199.42
> domain2.org smtp:68.195.199.42
These domains don't go to Amavis.
> Nov 10 14:32:44 xavier postfix-117/smtp[1067662]: 2E78E200BD76D:
> to=<a...@domain1.org>, relay=68.195.199.42[68.195.199.42]:2
> 5, delay=1.2, delays=0.51/0.01/0.48/0.15, dsn=2.0.0, status=sent (250
> 2.0.0 Ok: queued as D452A80A9FC6)
As expected.
--
Viktor.
