On Sat, Nov 26, 2022 at 04:56:49PM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Sat, Nov 26, 2022 at 08:26:08AM -0500, Wietse Venema wrote:
> >
> > > > For different message routing for submission vs. inbound port 25 see:
> > > >
> > > > https://www.postfix.org/MULTI_INSTANCE_README.html
> > > >
> > > > One Postfix instance listens on port 25 only, and another on port
> > > > [submission] only. Each has their own configuration. The MSA
> > > > routes some domains differently than the MTA does.
> > >
> > > This works as long as the number of customers with security gatways
> > > is small, because it needs one Postfix instance per security gateway.
> >
> > One MSA instance should be sufficient for multiple customers, with:
> >
> > default_transport = smtp:[mta.example]
> > sender_dependent_default_transport_maps = ...
>
> Unfortunately, that would mis-deliver email for local recipients,
> which is the reason that this thread exists.
The MSA would have no local recipients, all mail is delivered to the
MTA or a filter services. The main thing that requires care is loop
detection, relaying to the MTA can be via a non-default (!= 25)
port on the loopback interface, or else one has to muck around with
distinct settings for myhostname.
--
Viktor.
