Hello, I have an egress-only mail server (=local senders, no relay, no ingress) which has 2 routes for reaching the internet: - one from its own IP address (A) - another through a tunnel to another server, which has one public IP (B) and one route to the internet
That mail server sends emails for 2 domains: - its own domain, for sysadmin purposes. - another domain, for general-user purposes Emails sent from the former domain are ideally emitted from (A), to have the least complexity and fewest reason to fail. The SPF record for that latter domain only allows B to emit emails in that domain's name. I am not able to directly update that record, and (A) may change periodically - and I definitely do not want to have to synchronise actions with the admins in charge of that DNS record. Emails are not the only kind of traffic in this situation (source IP filtering for some outgoing connections). When the tunnel to B is up, everything works perfectly fine (2 routing tables, one rule to select the non-default table based on source IP, done). When the tunnel to B goes down, so does the interface bearing postfix binding address. Then, postfix logs warnings and happily sends emails through the only remaining route. Which cause them to be classified as spam by recipients, and yours truly a headache. Other connections predictably (and IMHO gracefully) refused to do anything until the tunnel went back up, and I would have vastly preferred postfix to follow. I found an old thread (2009) with a similar problem: http://postfix.1071664.n5.nabble.com/use-smtp-bind-address-or-defer-td40312.html The proposed solution was to go through an authenticated relay, which means that I would have to add one more custom configuration for emails and a single-purpose account to maintain and monitor, and an extra SMTP hop, all of which I would very much like to avoid. Has the situation evolved since then (not that I can find in the documentation) ? Is there a reason for it not to evolve ? Regards, -- Vincent Pelletier
