5

I would like Postfix to try to deliver an email itself initially and, only if there is a bounce, then try to send through a relay.

The scenario is that we moved an existing website, with users we need to email, to a new server with a new IP that major email providers are bouncing out of hand. I know I need to warm up the IP but the problem is how to ensure delivery while we warm up the IP? Seems like a Catch-22.

My idea is to try through our new IP address and, only on bounce, try again through a warmed up IP that we already mail from.

I know how to relay all Postfix email to another Postfix server but I hope I can do a conditional relay only on receiving a bounce so that we can eventually warm up this new IP.

Shovas
  • 263
  • 2
  • 11

1 Answers1

3
postconf -e soft_bounce=yes    
postconf -e smtp_fallback_relay=otherhost:port
postconf -e bounce_queue_lifetime=0

soft_bounce (default: no)

Safety net to keep mail queued that would otherwise be returned to the sender. This parameter disables locally-generated bounces, changes the handling of negative responses from remote servers, content filters or plugins, and prevents the Postfix SMTP server from rejecting mail permanently by changing 5xx reply codes into 4xx. However, soft_bounce is no cure for address rewriting mistakes or mail routing mistakes.

Note: "soft_bounce = yes" is in some cases implemented by modifying server responses. Therefore, the response that Postfix logs may differ from the response that Postfix actually sends or receives.

Example:

soft_bounce = yes

bounce_queue_lifetime (default: 5d)

Consider a bounce message as undeliverable, when delivery fails with a temporary error, and the time in the queue has reached the bounce_queue_lifetime limit. By default, this limit is the same as for regular mail.

Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is d (days).

Specify 0 when mail delivery should be tried only once.

This feature is available in Postfix 2.1 and later.

smtp_fallback_relay

smtp_fallback_relay (default: $fallback_relay) Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. With Postfix 2.2 and earlier this parameter is called fallback_relay. By default, mail is returned to the sender when a destination is not found, and delivery is deferred when a destination is unreachable. With bulk email deliveries, it can be beneficial to run the fallback relay MTA on the same host, so that it can reuse the sender IP address. This speeds up deliveries that are delayed by IP-based reputation systems (greylist, etc.). The fallback relays must be SMTP destinations. Specify a domain, host, host:port, [host]:port, [address] or [address]:port; the form [host] turns off MX lookups. If you specify multiple SMTP destinations, Postfix will try them in the specified order. To prevent mailer loops between MX hosts and fall-back hosts, Postfix version 2.2 and later will not use the fallback relays for destinations that it is MX host for (assuming DNS lookup is turned on).

Jacob Evans
  • 7,886
  • 3
  • 29
  • 57
  • Excellent. That sounds exactly like what I'm looking for. I'll try it out. – Shovas Mar 15 '17 at 03:45
  • I tried this parameter but Postfix isn't acting as I would expect. It's not falling back on bounces. I wonder if that's it's intent "can't be found or that are unreachable". It seems like it's not for bounces but for not even being able to connect. – Shovas Mar 16 '17 at 15:14
  • @Shovas try adding `postconf -e soft_bounce=yes` also drop the default 5d retry to a few hours `postconf -e bounce_queue_lifetime=4h` – Jacob Evans Mar 16 '17 at 22:13
  • I know I had this working before, I've had to warm up a few hundred IPs switching datacenters – Jacob Evans Mar 17 '17 at 03:15
  • I now have soft_bounce = yes, bounce_queue_lifetime = 4h, smtp_fallback_relay = domain.com. I've reloaded and restarted postfix. I sent off an email that was 550 rejected by hotmail.com and Postfix logged status=SOFTBOUNCE. Okay, I print the queue `postqueue -p` and see that email in there. I flush the queue to get it to send again and it tries through hotmail again, not through the smtp_fallback_relay. I set bounce_queue_lifetime=1m, wait 1 minute, flush the queue again, and it still tries through hotmail. I also tried sending a brand new email to see what it would do. Any ideas? – Shovas Mar 22 '17 at 14:07
  • I'll have to toss it in my lab, might need to add fail2ban to force the failback (100 ways to skin a cat and all) – Jacob Evans Mar 22 '17 at 14:55
  • From what I see, smtp_fallback_relay is only used in cases where a server cannot be reached. Since my emails can reach the servers it doesn't trigger. The only other solution I've gathered from googling is to collect bounces somehow and resend those emails with a custom script. – Shovas Mar 22 '17 at 15:19
  • Oh, that'd be interesting, you mean you're forcing a connection failure to trigger smtp_fallback_relay? – Shovas Mar 22 '17 at 15:20
  • yes reverse the typical intention of fail2ban where it blocks outbound traffic to that IP giving 500, still using the soft-bounce so it doesn't send NDR's – Jacob Evans Mar 22 '17 at 15:31
  • @Shovas can you give me some sample for the regex and is this a send-only box or does it receive? – Jacob Evans Mar 22 '17 at 16:15
  • 2
    Here's the exact message I got that I was hoping would fallback: postfix/smtp[10169]: 45B80234E8: to=, relay=mx1.hotmail.com[65.54.188.126]:25, delay=1443, delays=1443/0.01/0.33/0.11, dsn=4.0.0, status=SOFTBOUNCE (host mx1.hotmail.com[65.54.188.126] said: 550 SC-001 (BAY004-MC4F35) Unfortunately, messages from 123.123.123.123 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)) – Shovas Mar 23 '17 at 13:52
  • 1
    It's a send-only server for now – Shovas Mar 23 '17 at 13:52
  • @Shovas You can set up a response policy zone (RPZ) in BIND to override the A record of hotmail mail servers, pointing the hostname to a private IP address that you can't connect to it, then Postfix will use the fallback relayhost. – LinuxBabe Jun 25 '20 at 08:20
  • @LinuxBabe if that, why wouldn't you just use the RPZ to set the MX of hotmail to the relayhost? – Jacob Evans Jun 25 '20 at 12:19
  • @Shovas Would you mind sharing your solution if you found a way to implement this? It would be cool if that solution would not redirect on first attempt to allow for greylisting. – wedi Nov 25 '20 at 12:12
  • Sorry, never did find a solution to this. Seems like something that should be supported, given how many other things have options, but I couldn't find it. – Shovas Nov 26 '20 at 15:36