Viktor Dukhovni:
> On Fri, Nov 25, 2022 at 06:15:40PM -0300, Gustavo Balduino wrote:
>
> > What i expected to happen is that, when b...@domain-a.com sends a message
> > to al...@domain-b.com, as the message is entering through a submission
> > smtpd, it should not rewrite it and always relay the message to the
> > destinations MX, even if it has to reconnect to my own MX smtpd.
>
> For different message routing for submission vs. inbound port 25 see:
>
> https://www.postfix.org/MULTI_INSTANCE_README.html
>
> One Postfix instance listens on port 25 only, and another on port
> [submission] only. Each has their own configuration. The MSA
> routes some domains differently than the MTA does.
This works as long as the number of customers with security gatways
is small, because it needs one Postfix instance per security gateway.
When you need to support more security gateways, the security gateway
needs to be selected with a lookup table that maps the sender's
email domain to a security gateway domain name.
A possible single-instance Postfix configuration could look like this:
In master.cf:
submission inet n - n - - smtpd
-o { syslog_name = postfix/submission }
-o { smtpd_sender_restrictions = hash:/etc/postfix/sender_filter }
...other submission settings...
In /etc/postfix/sender_filter:
customer1.example FILTER smtp:gateway-for-customer1
Notes:
1) With this, there can be no other content_filter settings (or
FILTER actions) in effect for the path from the submission service
to the security gateway service. You may need to configure a custom
cleanup daemon for the submission service.
2) Instead of "FILTER smtp:gateway-for-xxx" you may need to replace
the "smtp" with the name of a custom Postfix SMTP client.
Wietse
