On Wed, Jun 09, 2021 at 07:20:43PM -0500, Russell Jones wrote:
> I have check_recipient_mx_access setup to route mail for certain providers
> through a relay. This has been working well, until I discovered it is
> breaking delivery to local users that get CC'd in an email that is being
> routed through this relay.
Yes, deciding routing (FILTER, ...) based on a single recipient MX is
not sound on input. This can only work correctly in a multi-instance
setup where you first split recipients by domain, before a backend
Postfix instance then uses MX-based FILTER directives for recipients
that are sure to be non-local.
> smtpd_recipient_restrictions =
> check_recipient_mx_access hash:/etc/postfix/mxrelay
>
> [root@main log]# cat /etc/postfix/mxrelay
> outlook.com FILTER relay:[in-v3.mailjet.com]:587
> prodigy.net FILTER relay:[in-v3.mailjet.com]:587
> yahoodns.net FILTER relay:[in-v3.mailjet.com]:587
> google.com FILTER relay:[in-v3.mailjet.com]:587
There is no solution of this sort.
> How can I do MX filtering and relaying, while telling Postfix to never send
> a local domain through the relay?
The "check_recipient_mx_access" feature is not designed for routing
decisions, it is for accepting or refusing mail, ...
Postfix does not have a variant of "FILTER" that affects only the
default transport, and even then some recipients could be misrouted.
If you had a sufficiently programmable nameserver (unbound with the
built-in python extension), you could rewrite the MX RRsets of domains
that resolve to google/outlook/... to a name that resolves to something
like "127.0.0.2", where you could run a Postfix instance that forwards
everything to the given relay.
Postfix can only IGNORE DNS records at present, there's no fancy RRset
rewriting:
http://www.postfix.org/postconf.5.html#smtp_dns_reply_filter
--
Viktor.
