From 06162c0801ba011bfa70b0a6cd2891d95a2f4f8d Mon Sep 17 00:00:00 2001
From: Alex Dehnert <alex@dehnerts.com>
Date: Wed, 1 Nov 2017 03:59:37 -0400
Subject: [PATCH] Try to route outgoing messages through diff IPs depending on
 trust

Ideally, if there was auth on a message (kerberos/password remotely, or
legitimately sourced locally -- mailman messages dubiously count), we'd use one
IP, and forwarded messages (eg, mail to jim@ being forwarded to GMail) would
use another. That way, when GMail decided to hate the latter, the (more
important) former would still go through. I'm not quite sure how to decide
based on auth, so instead, I just whitelisting a few envelope senders, but it's
better than nothing.

See
https://serverfault.com/questions/663979/virtual-alias-domains-how-to-use-different-ip-addresses-when-forwarding-mail,
http://www.postfix.org/postconf.5.html#smtp_bind_address, and
http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
for some relevant docs.
---
 main.cf   | 5 +++++
 master.cf | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/main.cf b/main.cf
index 704122a..5c8b277 100644
--- a/main.cf
+++ b/main.cf
@@ -278,6 +278,11 @@ smtpd_use_tls = yes
 smtpd_tls_auth_only = yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# Alex Dehnert, 2017-11-01
+# Based on https://serverfault.com/questions/663979/virtual-alias-domains-how-to-use-different-ip-addresses-when-forwarding-mail
+
+sender_dependent_default_transport_maps = hash:/etc/mail/sender-transport
     
 # The relay_domains parameter restricts what destinations this system will
 # relay mail to.  See the smtpd_recipient_restrictions description in
diff --git a/master.cf b/master.cf
index a74a5f5..e04e05c 100644
--- a/master.cf
+++ b/master.cf
@@ -60,6 +60,9 @@ smtp      inet  n       -       -       -        5      smtpd
         -o mynetworks=127.0.0.0/8
         -o receive_override_options=no_unknown_recipient_checks
 
+smtp-forward    unix  -  -   n       -       -       smtp -o smtp_bind_address=18.102.208.11
+smtp-local      unix  -  -   n       -       -       smtp -o smtp_bind_address=18.102.208.44
+
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
 relay     unix  -       -       -       -       -       smtp
 	-o smtp_fallback_relay=
-- 
2.34.1