Hi, we have been looking for ways of implementing some redundancy on our postfix gateways by using the smtp_fallback_directive. Our goal is to have mail to our domain example.com failover to our secondary exchange server if the primary is down. So in our transport we have:
example.com smtp:[192.168.99.10] if above goes down use: smtp_fallback_relay = [192.168.99.11] This solution works perfectly for inbound messages destined to our users at example.com. The issue is on our outbound messages, after we implemented the smtp_fallback_relay directive in our main.cf we started getting complaints from end users that they were getting NDR's from exchange. Here was an example: Delivery has failed to these recipients or distribution lists: someb...@somedomain.com Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator. The following organization rejected your message: 192.168.99.11. This message came from our exchange server @ 192.168.99.11, which is also our smtp_fallback_relay. A check from the postfix logs show: Oct 5 18:40:24 mail postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: host mail.somedomain.com[194.99.99.99] said: 421 <someb...@somedomain.com>: Deferring connection (in reply to RCPT TO command) Oct 5 18:40:24 mail postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: host mail.somedomain.com[194.99.99.99] said: 421 <someb...@somedomain.com>: Deferring connection (in reply to RCPT TO command) Oct 5 18:40:29 mailg postfix/smtp[18753]: [ID 197553 mail.info] 4A0AA38DC: to=<someb...@somedomain.com>, relay=192.168.99.11[192.168.99.11]:25, delay=6.4, delays=0.03/0/1.3/5.1, dsn=5.7.1, status=bounced (host 192.168.99.11[192.168.99.11] said: 550 5.7.1 Unable to relay (in reply to RCPT TO command)) My interpretation of what is going on is that the message was sent from exchange to our gateways and the gateway attempted to relay to mail.somedomain.com and got a 421. Then our gateway followed our smtp_fallback_relay directive and attempted to deliver back to our secondary exchange server which also bounced since we have user address verification turned on. So my question out of all of this is: How do we get smtp_fallback_relay to only function for incoming messages to our domain example.com but not use the directive if messages are coming from exchange destined towoards other domains such as somedomain to prevent fallback to our exchange if the relay is down. We got a tone of emails from end users when they started getting all these NDR's from exchange. Thanks
