On 2017.08.28. 17:36, Viktor Dukhovni wrote: >>> but only when the destination domain is not a "relay" domain or >>> similar, that is, only if mail for the destination in questin just >>> goes whereever the MX records point with no transport overrides >>> beyond (sender_dependent_default_transport_maps) which selects a >>> sender dependent *default* transport. >> >> I'm using permit_auth_destination and it does not play without >> relay_domains. > > If the destination domain is yours and the senders are remote > untrusted clients, then indeed "default_transport" won't do > unless you're a backup MX host (in that case it is possible > to allow relaying for the domain via "check_recipient_access", > and the default transport will find the right primary MX host).
I have domain + list of emails in the domain. with relay_domains recipient's check stops just after foreign domain name found as destination. with check_recipient_access full email list scanned to reject foreign domain. Is this correct ? > >> well, looks like I found few solutions: >> >> 1. change transport using FILTER via check_sender_access in >> smtpd_sender_restrictions - fine until there is no other filter action > > This would be wrong for multi-recipient email when some recipients > are local, or in any case should not be sent to the same destination. not the case for relay box > >> IMO it may be useful to allow alter transport in >> sender_dependent_relayhost_maps as well in future releases of postfix > > No, that would not be a good idea, since transport selection needs to > be recipient based. what is the difference to default_transport /sender_dependent_default_transport_maps ? Why relayhost/sender_dependent_relayhost_maps do not work same way - not include transport as well ?