On Mon, 8 Jun 2020 11:08:45 -0400 (EDT), Wietse Venema <wie...@porcupine.org> wrote: > This requires a new configuration parameter to always defer if the > bind address is unavailable.
Thanks for confirming that I did not miss it in the documentation. > On the oher hand, insead of using a tunnel and juggling routes, you > could use TLS and AUTH for mail that needs to be sent through B. > That code will defer if B is unavailable. > > # Use [] to suppress MX lookups. > relayhost = [host.example.com] > # owner root, mode 0600 > smtp_sasl_password_maps = username/password for B > transport_maps = overrides for direct delivery This is what I meant by: >> I would have to add one more custom configuration for emails >> and a single-purpose account to maintain and monitor, and an extra >> SMTP hop, all of which I would very much like to avoid. B is currently an SNAT (tunnel -> default route), so that I do not have to setup anything application-specific. So while it does have its own postfix for its own needs, I would prefer to keep both setups separate for simplicity: there will be more servers assuming both roles. A suggestion I received off-list is, if I can trigger code when the tunnel availability change (I can), to rewrite a check_*_access pcre map on every event. Switching between DUNNO and HOLD was suggested. I guess DEFER could be better in my case, as local sender not lose the mail and it does not create the need to monitor on-hold postfix queue. The alternative would be "on tunnel up" script to release all on-hold emails, which will eventually bite me if I ever have other reasons to put mails on-hold. Regards, -- Vincent Pelletier