On 2021-05-06 12:42, Matus UHLAR - fantomas wrote:
On 06.05.21 10:37, Vytenis Adm wrote:
We have a postfix server, which forwards all customer's outbound
emails to a "relayhost". Our "relayhost" is somewhat costly, so our
goal is to minimize it's usage. MX is served by separate Postfix
instance.
Our goal is to deliver local emails to our MX directly, bypassing
"relayhost". Several clients are sharing the infrastructure, so
querying DB to see whether the domain is local is tricky: this may
lead to abuse when the domain changes ownership, or emails delivered
locally when MX is remote, as some customers have their own NS.
"check_recipient_mx_access" option looked promising.
this applies for incoming mail, not outgoing.
Outbound (SMTP-AUTH) Postfix instance receives mail from our users, so
it's inbound email from Postfix perspective. "check_recipient_mx_access"
can override relay based on DNS MX record, but it has issues I mentioned
in my original posting. Looked promising though.
Unfortunately, some clients have our MX as a secondary, and
"check_recipient_mx_access" ignores the fact that primary MX is
remote. Also, it ignores the fact that emails contain remote
addresses in CC
Option we're considering is using a DNS response rewriting. If the MX
is not matching as a local one - rewrite it to "relayhost". This
sounds like a dirty hack however.
Maybe there are other options or ideas?
tried looking at transport_maps ?
http://www.postfix.org/postconf.5.html#transport_maps
you should be able to configure where to send mail to different
domains, and
"relayhost" would only be applied for default mail
Yes, we did look into it, and it's not an option. "transport_maps" looks
into a DB, and we can't rely on it. Clients can point MX to their own
servers, and "transport_maps" will route to our MX regardless of what is
set in customer's DNS.
