Relay based on recipient mail server IP address

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Relay based on recipient mail server IP address

egobrc@gmail.com
Hi everybody, is it possible to define a transport map based on
recipient mail server address instead of recipient domain?
Something like this:

cat /etc/postfix/transport

123.456.123.456 smtp:[relayhost.com]

Or is there another way to achieve this?
Reply | Threaded
Open this post in threaded view
|

Re: Relay based on recipient mail server IP address

Wietse Venema
[hidden email]:
> Hi everybody, is it possible to define a transport map based on
> recipient mail server address instead of recipient domain?

Postfix reads the transport map before it knows the server IP address.

You can override the transport map with a FILTER command.
However:
- This works only for mail received with SMTP.
- If a message has multiple recipients, the last FILTER command wins.

/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        # must go before permit_mynetworks
        check_recipient_mx_access hash:/etc/postfix/rcpt_mx_access
        permit_mynetworks
        reject_unauth_destination

/etc/postfix/rcpt_mx_access
    123.456.123.456 FILTER smtp:[relayhost.com]

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Relay based on recipient mail server IP address

egobrc@gmail.com
Thanks Wietse, it worked!

Il giorno mer 1 apr 2020 alle ore 15:58 Wietse Venema
<[hidden email]> ha scritto:

>
> [hidden email]:
> > Hi everybody, is it possible to define a transport map based on
> > recipient mail server address instead of recipient domain?
>
> Postfix reads the transport map before it knows the server IP address.
>
> You can override the transport map with a FILTER command.
> However:
> - This works only for mail received with SMTP.
> - If a message has multiple recipients, the last FILTER command wins.
>
> /etc/postfix/main.cf:
>     smtpd_recipient_restrictions =
>         # must go before permit_mynetworks
>         check_recipient_mx_access hash:/etc/postfix/rcpt_mx_access
>         permit_mynetworks
>         reject_unauth_destination
>
> /etc/postfix/rcpt_mx_access
>     123.456.123.456 FILTER smtp:[relayhost.com]
>
>         Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Relay based on recipient mail server IP address

Viktor Dukhovni
On Thu, Apr 02, 2020 at 10:31:32AM +0200, [hidden email] wrote:

> Thanks Wietse, it worked!

Do you have good reason to expect that this will never misroute
multi-recipient email?  There's a difference between "it worked
once" (in a simple test-case) and "it is reliable enough for
production use".

> > You can override the transport map with a FILTER command.
> > However:
> > - This works only for mail received with SMTP.
> > - If a message has multiple recipients, the last FILTER command wins.
      -------------------------------------------------------------------

> > /etc/postfix/main.cf:
> >     smtpd_recipient_restrictions =
> >         # must go before permit_mynetworks
> >         check_recipient_mx_access hash:/etc/postfix/rcpt_mx_access
> >         permit_mynetworks
> >         reject_unauth_destination
> >
> > /etc/postfix/rcpt_mx_access
> >     123.456.123.456 FILTER smtp:[relayhost.com]

The selected relayhost has to be appropriate for processing all
recipients, not just the last one to match the FILTER rule.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

RE: Relay based on recipient mail server IP address

Einar EINARSSON, IEA
HI
Ok, done
Thanks

-----Original Message-----
From: [hidden email] <[hidden email]> On Behalf Of Viktor Dukhovni
Sent: Thursday, April 02, 2020 10:42
To: [hidden email]
Subject: Re: Relay based on recipient mail server IP address

On Thu, Apr 02, 2020 at 10:31:32AM +0200, [hidden email] wrote:

> Thanks Wietse, it worked!

Do you have good reason to expect that this will never misroute multi-recipient email?  There's a difference between "it worked once" (in a simple test-case) and "it is reliable enough for production use".

> > You can override the transport map with a FILTER command.
> > However:
> > - This works only for mail received with SMTP.
> > - If a message has multiple recipients, the last FILTER command wins.
      -------------------------------------------------------------------

> > /etc/postfix/main.cf:
> >     smtpd_recipient_restrictions =
> >         # must go before permit_mynetworks
> >         check_recipient_mx_access hash:/etc/postfix/rcpt_mx_access
> >         permit_mynetworks
> >         reject_unauth_destination
> >
> > /etc/postfix/rcpt_mx_access
> >     123.456.123.456 FILTER smtp:[relayhost.com]

The selected relayhost has to be appropriate for processing all recipients, not just the last one to match the FILTER rule.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Relay based on recipient mail server IP address

egobrc@gmail.com
In reply to this post by Viktor Dukhovni
Thanks Viktor for your remarks:
- in my environment I do not have other FILTER rules.
- As far as I understood if an email has multiple recipients, and one
of them triggers check_recipient_mx_access all emails are routed
through the smtp relay specified by FILTER? If it is the case, it is
not a problem in my condition.

However I want to underline that is a temporary solution, until that
cloud provider responds to our ticket (that was opened about 10 days
ago) and tells us why emails are refused.

Il giorno gio 2 apr 2020 alle ore 10:42 Viktor Dukhovni
<[hidden email]> ha scritto:

>
> On Thu, Apr 02, 2020 at 10:31:32AM +0200, [hidden email] wrote:
>
> > Thanks Wietse, it worked!
>
> Do you have good reason to expect that this will never misroute
> multi-recipient email?  There's a difference between "it worked
> once" (in a simple test-case) and "it is reliable enough for
> production use".
>
> > > You can override the transport map with a FILTER command.
> > > However:
> > > - This works only for mail received with SMTP.
> > > - If a message has multiple recipients, the last FILTER command wins.
>       -------------------------------------------------------------------
>
> > > /etc/postfix/main.cf:
> > >     smtpd_recipient_restrictions =
> > >         # must go before permit_mynetworks
> > >         check_recipient_mx_access hash:/etc/postfix/rcpt_mx_access
> > >         permit_mynetworks
> > >         reject_unauth_destination
> > >
> > > /etc/postfix/rcpt_mx_access
> > >     123.456.123.456 FILTER smtp:[relayhost.com]
>
> The selected relayhost has to be appropriate for processing all
> recipients, not just the last one to match the FILTER rule.
>
> --
>     Viktor.