On Mon, 8 Jun 2020 11:08:45 -0400 (EDT), Wietse Venema
wrote:
> This requires a new configuration parameter to always defer if the
> bind address is unavailable.
Thanks for confirming that I did not miss it in the documentation.
> On the oher hand, insead of using a tunnel and juggling routes, you
> could use TLS and AUTH for mail that needs to be sent through B.
> That code will defer if B is unavailable.
>
> # Use [] to suppress MX lookups.
> relayhost = [host.example.com]
> # owner root, mode 0600
> smtp_sasl_password_maps = username/password for B
> transport_maps = overrides for direct delivery
This is what I meant by:
>> I would have to add one more custom configuration for emails
>> and a single-purpose account to maintain and monitor, and an extra
>> SMTP hop, all of which I would very much like to avoid.
B is currently an SNAT (tunnel -> default route), so that I do not have
to setup anything application-specific. So while it does have its own
postfix for its own needs, I would prefer to keep both setups separate
for simplicity: there will be more servers assuming both roles.
A suggestion I received off-list is, if I can trigger code when the
tunnel availability change (I can), to rewrite a check_*_access pcre
map on every event. Switching between DUNNO and HOLD was suggested. I
guess DEFER could be better in my case, as local sender not lose the
mail and it does not create the need to monitor on-hold postfix queue.
The alternative would be "on tunnel up" script to release all on-hold
emails, which will eventually bite me if I ever have other reasons to
put mails on-hold.
Regards,
--
Vincent Pelletier
