> > What I ran into while solving the add-a-header issue (see my last
> > post on this thread) was that I can use a FILTER action from a
> > smtpd_*_restriction check to select a specialized smtp process
> > that is bound to a given IP address.
> >
> >
> > I found, however, that the FILTER action's nexthop field could
> > not be left blank (without a colon, the action is ignored;
>
> This is incorrect. If the ':' is not present in the FILTER argument,
> all Postfix versions before 2.7 will use a nexthop of $myhostname:
>
> This code appears in Postfix 2.6, 2.5, 2.4, 2.3 and earlier, file
> qmgr_message.c. Here, message->filter_xport is the FILTER argument
> (transport, transport: or transport:destination):
>
> else if (message->filter_xport
> && (message->tflags & DEL_REQ_TRACE_ONLY_MASK) == 0) {
> reply.flags = 0;
> vstring_strcpy(reply.transport, message->filter_xport);
> if ((nexthop = split_at(STR(reply.transport), ':')) == 0
> || *nexthop == 0)
> nexthop = var_myhostname;
> vstring_strcpy(reply.nexthop, nexthop);
> vstring_strcpy(reply.recipient, recipient->address);
>
> > with a colon but nothing after it, I got name service errors in
> > my mail log).
>
> This is incorrect. FILTER actions without ":" have the same effect
> as FILTER actions with ":" followed by an empty destination.
>
> - In both cases, all Postfix before version 2.7 will use a destination
> of $myhostname.
Hmm, well I just tested it again, and the behavior I'm seeing is as I explained
("smtp2" (no colon) results in *normal* delivery (not delivered via the smtp2
process at all); "smtp2:" gives errors and creates a bounce).
Either way (yours or mine), this is not desirable behavior, so I'll just write
the difference off to whatever hacks RedHat has done to their version 2.3.3.
> - In both cases, Postfix 2.7 and later will use the recipient's
> domain instead. That is the change that I made in January 2010.
I look forward to being able to make use of that code in the future. I
appreciate your work and am sorry I haven't been able to simply upgrade to take
advantage of this. BTW, if you made exactly that change (that makes FILTER
work
in the scenario I've explained), what is the advantage of using the
sender_dependent_relayhost_maps or sender_dependent_transport_maps stuff over
doing what I've explained above?
> > The hack to resolve that seemed to be to change the restriction
> > check to be check_client_access so I could get at the recipient
> > email address and parse off its domain to hand to the FILTER
> > nexthop field.
>
> This is incorrect. If you use the FILTER action in smtpd_*_restrictions
> then that action has the same effect no matter if you use in client
> restrictions, helo restrictions, and so on. Provided of course that
> the information you need is available.
Well, first, there is a typo in what I wrote. I meant to write that I needed
to
change it to use check_recipient_access
I'm not saying that FILTER is different. All I'm saying is that I needed to
use
check_RECIPIENT_access and not check_CLIENT_access so that I could parse out
the
recipient's domain.
> The following is an example where information that you need is not
> available.
>
> > -o
>smtpd_data_restrictions=check_client_access,pcre:/etc/postfix/send_to_smtp2
> >
> > /etc/postfix/send_to_smtp2:
> > /@(.+)/ FILTER smtp2:$1
>
> That is incorrect. As documented, check_client_access uses the
> CLIENT IP ADDRESS, not the sender or recipient EMAIL ADDRESS.
> http://www.postfix.org/postconf.5.html#check_client_access
Right. Sorry - it was a typo. Using check_client_access was fine for adding a
custom header to messages, but what you've explained is exactly why I changed
it
to check_recipient_access in order to FILTER out to a custom smtp process.
Again, I'm *really sorry* for the goof.
Here is what I've done with the typo corrected. Is this a Bad Idea? Are there
problems with naively using the domain from the recipient email address as the
nexthop value?
master.cf:
smtp2 unix - - n - - smtp
-o smtp_bind_address=bbb.bbb.bbb.bbb
127.0.0.1:10024 inet n - n - - smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o
smtpd_data_restrictions=check_recipient_access,pcre:/etc/postfix/send_to_smtp2
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
/etc/postfix/send_to_smtp2:
/@(.+)/ FILTER smtp2:$1
