DevHeads.net

How to act based on the interface on which the mail was received?

Hi.

I have this postfix instance to relay all mail to a relay host but I wish to make this instance also an archiving MX for a domain. Initially the configuration was:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_interfaces = loopback-only
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2

In order to make it accept mail for a domain for archiving from the primary mail server, I removed the inet_interfaces so that it listens to public interface also and then configured the domain:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2
#
#
virtual_mailbox_domains = domain.com
virtual_mailbox_base = /home/archive
virtual_mailbox_maps = static:mail/
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

But now even locally generated email for domain.com was getting stored in the virtual mailbox instead of getting relayed to the relayhost. So made virtual_mailbox_domains= empty in main.cf and configured public interface separately in master.cf:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2
#
#
virtual_mailbox_domains =
virtual_mailbox_base = /home/archive
virtual_mailbox_maps = static:mail/
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

master.cf:

xx.xx.x.x:smtp inet n - y - - smtpd -o virtual_mailbox_domains=domain.com
127.0.0.1:smtp inet n - y - - smtpd

But this isn't working. The server is refusing to accept mail for domain.com on the public interface. In other words, how do I override virtual_mailbox_domains for the public IP? I wish to relay all locally generated emails to smarthost but store the email received on public IP for this domain.

Thanks.

Comments

Re: How to act based on the interface on which the mail was rece

By John Fawcett at 02/11/2019 - 07:36

On 11/02/2019 08:42, RA wrote:
<a href="http://www.postfix.org/postmulti.1.html" title="http://www.postfix.org/postmulti.1.html">http://www.postfix.org/postmulti.1.html</a>

John

Re: How to act based on the interface on which the mail was rece

By RA at 02/11/2019 - 15:24

Thanks for your response. Would want to avoid running multiple instances as far as possible. I feel I am missing something in the configuration or my approach isn't correct. Postfix should be able to handle this trivial task in a single instance.

On 11/02/2019 08:42, RA wrote:
<a href="http://www.postfix.org/postmulti.1.html" title="http://www.postfix.org/postmulti.1.html">http://www.postfix.org/postmulti.1.html</a>

John

Re: How to act based on the interface on which the mail was rece

By Wietse Venema at 02/11/2019 - 20:20

It's not trivial. Postfix routing can depend on destination
or (to some extent) on source, but it cannot depend on both.

Wietse

Re: How to act based on the interface on which the mail was rece

By RA at 02/12/2019 - 01:46

Thanks for your input. I really wanted to avoid multiple instances so I finally configured it by re-writing domain.com rcpts to a local mailbox domain.com.backup on the public interface:

mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
inet_protocols = ipv4
myhostname = domain.com
mydestination =
biff = no
append_dot_mydomain = no
soft_bounce = yes
relayhost = ***************
smtp_sasl_password_maps = ***************
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
compatibility_level=2
#
#
$accept_domain_com=check_recipient_access inline:{{domain.com=REDIRECT ... at domain dot com.backup}} check_recipient_access inline:{domain.com=OK} reject
virtual_mailbox_domains = domain.com.backup
virtual_mailbox_base = /home/archive
virtual_mailbox_maps = static:mail/
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

master.cf:

xx.xx.x.x:smtp inet n - y - - smtpd -o smtpd_relay_restrictions=$accept_domain_com
127.0.0.1:smtp inet n - y - - smtpd

RA:
It's not trivial. Postfix routing can depend on destination
or (to some extent) on source, but it cannot depend on both.

Wietse