Thanks to @AlexD idea, we'll implement the following transport table in order to simulate a IP failover using the DNS MX resolution (postfix 3.3)
Relay for 2 domains, exemple[12].com
exemple1.com relay:mx.myhost.com:587
exemple2.com relay:mx.myhost.com:587
In DNS
A ip1.myhost.com 1.2.3.4
A ip2.myhost.com 11.12.13.14
MX mx.myhost.com 10 ip1.myhost.com
MX mx.myhost.com 50 ip2.myhost.com
The postfix relay should first use ip1 (priority 10) and ip2 (50) if ip1 fails.
Provided that this is correct, next step is the SMTP authentication. The same set of username/password is available for both the ip1 and ip2 connections.
user:pass
Question: in the sasl_passwd
map, since both ip1 and ip2 use the same user:pass set, can we / should we use the to-be-mx-resolved host (one entry) or do we have to use two identical user/pass entries one for [ip1] and one for [ip2]? (Does the SASL authentication indirectly accepts a host to be MX resolved and then apply the authentication to the resolved entry?)
a) Is this sasl_passwd file ok
mx.myhost.com:587 user:pass
b) or this one
[ip1.myhost.com]:587 user:pass
[ip2.myhost.com]:587 user:pass
c) and by the way is this the same as using directly the IPs?
[1.2.3.4]:587 user:pass
[11.12.13.14]:587 user:pass
(provided the A record does not change)
man 5 postconf says following:
SASL_README has the following:
Example configuration:
So according to the documentation quoted above, you need to write your destination the same way as it used in your transport table. If you have
mx.myhost.com:587
then you need to use