I'm no Postfix guru but I'm using this on the backup mx. Suppose your domain is example.com. /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/my.tables/transport
/etc/postfix/my.tables/transport: example.com smtp:[primary.example.com]:12345 .example.com smtp:[primary.example.com]:12345 Primary mx server master.cf: # service type private unpriv chroot wakeup maxproc command + args 12345 inet n - n - - smtpd Don't forget to postmap /etc/postfix/my.tables/transport. Optional but a good idea, block all incoming connections on port 12345 except for the backup mx IP address. HTH, Bill On 1/16/2016 7:53 AM, Paul Goyette wrote:
Well, I think I spoke too soon. I do have the dual-transport mechanism set up. But I still have a "classification" problem! On the backup-MX machine, I would like to have the equivalent of if (message_origin == local) then relay via transport1 else relay via default (where "local" can mean arrival via pickup service, or via smtpd service on a local subnet). It's not clear if the message_origin information is available (and if so, how to access it) once the message has been queued. Is it even possible to do what I'm trying? On Sat, 16 Jan 2016, Paul Goyette wrote:OK, I got this working! (Persistence pays off...) On the backup MX, I made sure that $mydestination was correctly set, and then set $local_transport to "smtp:nexthop:port" On the primary server, I created a new smtpd transport (listener) [xxxx:xxxx:xxxx:xxxx::x]:xxxx inet n - n - - smtpd -o smtpd_client_restrictions=permit_mynetworks,reject This new transport replaces the client restrictions specified in main.cf (which invoke the dspam filter), so mail arriving on this listener will not get filtered. Simple when looking at it in retrospect. But you have to admit that postfix configuration can be rather daunting or intimidating if you're doing it for the first time... I would have preferred to include the "default" client restrictions in master.cf as well, but it kep complaining about the following: [addr] inet n - n - - smtpd -o smtpd_client_restrictions=check_client_access regexp:/path I suspected that the space character was the problem, so I tried to put the value all in quotes, but that didn't help. +------------------+--------------------------+------------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +------------------+--------------------------+------------------------++------------------+--------------------------+------------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +------------------+--------------------------+------------------------+
