On Wed, Jan 19, 2022 at 08:23:45AM -0500, Alex wrote:
> I'm using postfix-3.5.10 and would like to use it to front-end a
> domain currently being managed by Google Workspace to be able to send
> mail through our filters first.
I take it this means *inbound* mail sent from outside users to your
users, whose mailboxes are ultimately hosted by Gmail, but you want
to process the mail on your MX hosts first.
> I know I'll need to redirect the MX, but how do I obtain a user list
> so I'm not just forwarding all email received for the domain through
> as a relay, and instead only to those users with current accounts?
You'll need more than just a user list, you'll need to make an
arrangement with Gmail to whitelist the hosts that will relay
the mail for storage back to Gmail. This may be by IP address,
or perhaps via SASL or client certs. You'll need to negotiate
that with your Google support reps.
Otherwise, any spam you forward will impact the "reputation" of these
hosts, potentially impeding future email delivery. More importantly,
absent above whitelist, if some of the sender domains have SPF records
and/or DMARC policies in place, Google may reject or file as spam any
mail you forward.
Making sure you reject invalid users is the simpler problem. I'd
normally expect that you'd know in advance which users you've
provisioned on your G-suite domain, but if for some reason that
information is not available internally, you'll need to also discuss
that with the support reps.
Recipient verification (via active probes) is an imperfect last-resort
option.
--
Viktor.
