On Sun, May 21, 2023 at 06:26:34PM -0400, Alex via Postfix-users wrote:
> I don't have any content filters set up in the front-end postfix. How do I
> connect the front-end postfix with the filters?
For per-domain message content modification you need to first "split the
envelope", so that each copy of the original message has recipients for
just one domain. This is of course of the case already, because the
envelope was split by recipient domain at the source MTA, but some MTAs
can detect that multiple domains share the same MX host(s) and send a
single message for multiple recipient domains.
There are two ways to split the envelope:
- Use multiple (logical) MX hosts.
* If the domain count is small enough, and you have sufficiently
many (IPv4) addresses, you can set up a separate front-end
instance for each domain.
- Use a single MX host, and do the content modification in
multiple backend instances.
* This requires a separate backend port(!) per-domain. All
the backend instances can listen on different ports of the same
loopback IP addresses.
Outline:
* Multi-instance configuration with a single frontend instance
receiving SMTP traffic from the public Internet on behalf of all the
domains.
foo.example. IN MX 0 smtp.shared.example.
bar.example. IN MX 0 smtp.shared.example.
baz.example. IN MX 0 smtp.shared.example.
* Frontend instance (smtp.shared.example), splits the envelope:
main.cf:
# Listens on the public IP address
inet_interfaces = 192.0.2.1
relay_domains = foo.example, bar.example, baz.example
relay_recipient_maps = ...
transport_maps = inline:{
{ foo.example = scan:127.0.0.1:25001 }
{ bar.example = scan:127.0.0.1:25002 }
{ baz.example = scan:127.0.0.1:25003 }
}
default_transport = scan:127.0.0.1:25000
master.cf:
scan unix ... smtp
-o smtp_send_xforward_command=yes
* Backend instances implement per-domain message content modification:
"foo" instance:
main.cf:
inet_interfaces = 127.0.0.1
smtpd_authorized_xforward_hosts = 127.0.0.1
master.cf:
25001 inet ... smtpd
"bar" instance:
main.cf:
inet_interfaces = 127.0.0.1
smtpd_authorized_xforward_hosts = 127.0.0.1
master.cf:
25002 inet ... smtpd
"baz" instance:
main.cf:
inet_interfaces = 127.0.0.1
smtpd_authorized_xforward_hosts = 127.0.0.1
master.cf:
25003 inet ... smtpd
"default" instance: handles outbound messages, e.g. bounces,
or recipient domains that don't need custom processing.
main.cf:
inet_interfaces = 127.0.0.1
smtpd_authorized_xforward_hosts = 127.0.0.1
master.cf:
25000 inet ... smtpd
The content transformations can be per-backend milters, per-backend
content_filters, or just header/body checks if sufficient. In each
backend instance the recipients will all be in the dedicated domain.
You can also deploy multiple amavis or similar SMTP proxies to listen
on the 127.0.0.1:2500X ports, and do the content filtering "in-flight".
Always consider how bounces will be routed, and also locally generated
mail from cron, ...
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
