Ideally, if there was auth on a message (kerberos/password remotely, or
legitimately sourced locally -- mailman messages dubiously count), we'd use one
IP, and forwarded messages (eg, mail to jim@ being forwarded to GMail) would
use another. That way, when GMail decided to hate the latter, the (more
important) former would still go through. I'm not quite sure how to decide
based on auth, so instead, I just whitelisting a few envelope senders, but it's
better than nothing.
See
https://serverfault.com/questions/663979/virtual-alias-domains-how-to-use-different-ip-addresses-when-forwarding-mail,
http://www.postfix.org/postconf.5.html#smtp_bind_address, and
http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
for some relevant docs.
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# Alex Dehnert, 2017-11-01
+# Based on https://serverfault.com/questions/663979/virtual-alias-domains-how-to-use-different-ip-addresses-when-forwarding-mail
+
+sender_dependent_default_transport_maps = hash:/etc/mail/sender-transport
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
+smtp-forward unix - - n - - smtp -o smtp_bind_address=18.102.208.11
+smtp-local unix - - n - - smtp -o smtp_bind_address=18.102.208.44
+
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
projects / sysconfig / postfix.git / commitdiff