Data Loss Prevention

I've looked into postfix but apparently IP-source-based routing is not supported?

If postfix does not support reflecting mode, which other MTA does?

The Network Prevent for Email support postfix, no matter what mode it runs.

Check out the following article that I came across while researching something similar for a customer of mine.

  --  http://advosys.ca/papers/email/58-postfix-instance.html

It describes how you could set up a second instance of Postfix with a different IP address (or same IP listening on a different port), which would indicate that you could use a configuration like this for either IP-based or port-based routing.  Instance 1 could be configured to send to the SMTP Prevent server, which forwards to Instance 2 (would use forwarding instead of reflection, but it would be to the same box).  Or if you did the second instance with a different port, and same IP, you could just reflect to that other port.

~Keith

It's not a matter of whether Prevent supports Postfix in either reflection or fowarding mode...it's a matter of Postfix supporting mail routing in such a way that allows one to put Prevent in reflection mode.  Some fully SMTP compliant MTA's don't necessarily allow for routing email in such a way that would support reflection.

Symantec's documentation on this is rather ambiguous (or it was the last time I read it, though it may have been updated).  It describes the forwarding and reflection modes, and states that SMTP Prevent can integrate with fully SMTP compliant MTA's.  But what it doesn't say is that not all MTA's can support the routing of mail in such a way as to support reflection (whether your using IP, port, or header-based routing rules). 

~Keith