Viktor Dukhovni:
> > On May 18, 2021, at 3:02 PM, Wietse Venema <wie...@porcupine.org> wrote:
> >
> > What about using this to send only local recipients to the MX host,
> > and all other recipients directly.
> >
> > master.cf:
> > submission .. .. ... . smtpd
> > -o { smtpd_recipient_restrictions =
> > check_recipient_access
> > inline:{{example.com = filter smtp:mx.example.com}}
> > reject_plaintext_session
> > permit_sasl_authenticated
> > reject
> > }
>
> Particularly on submission, the message envelope is liable to have
> multiple recipients in mixed domains. So this recipe will route
> some remote recipients to the local MX, which (for completely
> inexplicable reasons) is not what the OP wants.
>
> Frankly, I don't see any point in the proposed complexity. Why not
> just apply (modulo relay restrictions) the same rules to all mail?
>
> Perhaps the OP should explain the *actual* problem he's trying to
> solve, rather than the artificial goal of routing inbound mail
> via a second SMTP hop, while outbound mail goes direct.
>
> Surely whatever processing that entails can be handled on the first
> hop.
>
> That said, I am disappointed the users keep saying that Multi-instance
> configurations are complex, they're actually *simpler* than convoluted
> single-instance configurations. Divide and conquer.
Yeah, they should just allow relaying from the 'final' host
through the primary MX.
What the OP describes is like an inside MTA + perimeter gateway
configuration, but without outbound relaying.
Wietse
Wietse
