EFA as a gateway with multiple domains

Questions and answers about how to do stuff
Post Reply
media14
Posts: 2
Joined: 04 Oct 2018 18:41

EFA as a gateway with multiple domains

Post by media14 »

Hi,

First of all, thank you for the great work achieved with EFA. I have been using it for a long time, sometimes giving me some headache during the setup but so reliable once it is in production.

Today, I try to configure EFA like this for both incoming emails and outgoing emails:
Internet --> EFA --> Mail server (with many domains)
Mail server --> EFA --> External Smtp (let's say sendgrid) --> Internet

Because :
1/ I want EFA to filter all incoming emails before it reaches my mail server
2/ I want EFA to filter all outgoing email before it reaches sendgrid

My issues:
I am OK with the 2/. Not with the 1/. But I feel like it may create a loop.
My Mail server hosts a lot of domains and I don't want to synchronize the domain list with EFA.
Instead, I would like to use wild card and identify routes based on networks.

My dream:
EFA understands when an email is coming from my Mail server (via its IP or hostname?) so it routes is to sendgrid.
EFA understands when an email is coming from the internet (not from my Mail server) so it routes it to my Mail server.

After looking for the way to achieve this - standing unsuccessful - I thought of creating 2 EFA server (one called smtp-in and the other smtp-out) but before I do this, I try my last chance right here :)

Vincent
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: EFA as a gateway with multiple domains

Post by pdwalker »

How many domains are you talking about here?

The postfix transport file has the transport rules for all domains, incoming and outgoing. If I were to put a wildcard rule to represent all the domains I host, then I'd end up with a mail loop.

So, if I really needed to support a wildcard domain, I guess I'd need two smtp gateways - one for receiving the incoming mail (to efa, wildcard transport), and then a different outgoing smtp gateway for my outgoing mail.

I really wouldn't like to do something like that. It makes things too complicated.

Instead, what I'd do is I'd find some way to automatically generate the transport file specifying all my domains. Then I could have just the one mail gateway and never really have to worry about anything else.

Have you considered doing this? What is your internal mail server running anyway?
media14
Posts: 2
Joined: 04 Oct 2018 18:41

Re: EFA as a gateway with multiple domains

Post by media14 »

Hi,

I am talking about ~100 domains. Ok, it might not sound a lot but the main issue is that some of my users can create/delete domains on the mail server on the fly - where the mailboxes are.

The looping issue came to my mind indeed. So I started to change my strategy a little bit. As you suggested, I now work on two EFA gateways. No problem for the outbound gateway, I am fine with it. I am still in trouble with the inbound EFA gateway.

Internet --> EFA inbound gateway --> Main mail server (multiple domains, such as domainx.com)

I tried to work with the transport map, which contains:
domainx.com smtp:[xxx.xxx.xxx.xxx]
* smtp:[xxx.xxx.xxx.xxx]

main.cf:
relay_domains =
transport_maps = hash:/etc/postfix/transport
-> gives 454 4.7.1 <test@domainx.com>: Relay access denied;

main.cf:
relay_domains = hash:/etc/postfix/transport
transport_maps = hash:/etc/postfix/transport
-> it works status=sent (250 2.0.0 Ok: queued as ...) but only for domainx.com (the wildcard has no effect)

I know I am wrong, but I can't figure where I am wrong. Why the transport_maps has a lower priority than the relay_domains ?
Post Reply