On Wed, Nov 08, 2023 at 12:41:55PM +0100, Norbert Schmidt via Postfix-users
wrote:
> Am I right, at the current moment this cannot be done within Postfix but
> would have to be done in the DNS system, right?
Your local resolver (e.g. unbound) could "assume ownership" of
*.mail.protection.outlook.com, and respond with a wildcard "A"
record that redirects the mail flow to another Postfix instance,
that is dedicated to delivery to Microsoft, across all their
<customer>.mail.protection.outlook.com domains, (and some
various).
Naturally, that Postfix instance would have to be talking to a
differently configured resolver, so one of:
- Running on a different machine
- Running in a different VM container on the same machine
- Running in a different chroot jail, with a custom
/etc/resolv.conf.
As Wietse mentioned, we don't currently have any actions other than
"IGNORE" implemented in "smtp_dns_reply_filter". So overriding the
A/AAAA records of *.mail.protection.outlook.com, etc. in Postfix,
which would be a more natural approach, is not an option at present.
--
VIktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
