Thanks for the advice! I'll need to wrap my head around this... Another idea, is it possible to have postfix not use the virtual user table / not rewrite the email address if the mail is being relayed? That would allow mailjet to just send the email back and have it get delivered normally.
On Wed, Jun 9, 2021, 7:52 PM Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Wed, Jun 09, 2021 at 07:20:43PM -0500, Russell Jones wrote: > > > I have check_recipient_mx_access setup to route mail for certain > providers > > through a relay. This has been working well, until I discovered it is > > breaking delivery to local users that get CC'd in an email that is being > > routed through this relay. > > Yes, deciding routing (FILTER, ...) based on a single recipient MX is > not sound on input. This can only work correctly in a multi-instance > setup where you first split recipients by domain, before a backend > Postfix instance then uses MX-based FILTER directives for recipients > that are sure to be non-local. > > > smtpd_recipient_restrictions = > > check_recipient_mx_access hash:/etc/postfix/mxrelay > > > > [root@main log]# cat /etc/postfix/mxrelay > > outlook.com FILTER relay:[in-v3.mailjet.com]:587 > > prodigy.net FILTER relay:[in-v3.mailjet.com]:587 > > yahoodns.net FILTER relay:[in-v3.mailjet.com]:587 > > google.com FILTER relay:[in-v3.mailjet.com]:587 > > There is no solution of this sort. > > > How can I do MX filtering and relaying, while telling Postfix to never > send > > a local domain through the relay? > > The "check_recipient_mx_access" feature is not designed for routing > decisions, it is for accepting or refusing mail, ... > > Postfix does not have a variant of "FILTER" that affects only the > default transport, and even then some recipients could be misrouted. > > If you had a sufficiently programmable nameserver (unbound with the > built-in python extension), you could rewrite the MX RRsets of domains > that resolve to google/outlook/... to a name that resolves to something > like "127.0.0.2", where you could run a Postfix instance that forwards > everything to the given relay. > > Postfix can only IGNORE DNS records at present, there's no fancy RRset > rewriting: > > http://www.postfix.org/postconf.5.html#smtp_dns_reply_filter > > -- > Viktor. >
