Hello everybody,
I'm revisiting this issue after a break - about a year - and now I'm
trying to get to the bottom of this. I found a thread from five years
back (<a href="http://bit.ly/bIFigX" title="http://bit.ly/bIFigX">http://bit.ly/bIFigX</a>) that discusses a similar issue, but my
situation is somewhat different.
I'm attempting to create a configuration where mail from a set of
local domains is delivered through an external relay while all other
mail (i.e. anything but the listed domains) would be relayed directly
to the receiving remote smtp servers. I would essentially want to
make the "relayshost" parameter conditional per specific domain names:
defined for some (for external relaying), and blank for some (for
direct relaying).
It may be that the only way to accomplish this is to run two separate
Postfix instances, one configured with relayhost, accepting outbound
mail for those domains that should be relayed via a remote host, and
the other configured without relayhost, accepting outbound mail for
all other relayable domains.
Before embarking on the multiple instances route, however, I wanted to
see if anyone on the list would have a solution that would make this
possible with a single Postfix instance.
Thanks for any advise & insights on this issue!
Ville
Comments
Re: Selective outbound relaying II
By Ville Walveranta at 07/08/2010 - 20:56"sender_dependent_relayhost_maps" may be what I'm looking for..
Re: Selective outbound relaying II
By Ville Walveranta at 07/08/2010 - 22:14sender_dependent_relayhost_maps works except that the other settings
affecting the relay aren't conditionalized by the defined relayhost
maps. In this case the relayhost for the externally relayed
"business" domains requires TLS and authentication while the relay for
the local domain (being the local Postfix) does not.
So my follow-up question is this: is it possible to affect other relay
parameters such as smtp_sasl_auth_enable or smtp_tls_security_level
with the sender_dependent_relayhost_maps?
Ville
Re: Selective outbound relaying II
By Stan Hoeppner at 07/08/2010 - 22:17Ville Walveranta put forth on 7/8/2010 9:14 PM:
Something tells me you'll answer your own question before we get a chance to. ;)
Re: Selective outbound relaying II
By Victor Duchovni at 07/08/2010 - 23:54TLS security levels are configurable per nexthop destination
as documented. SASL logins are also specified via the table of
per-destination user:password pairs. It is not clear what's missing.
Re: Selective outbound relaying II
By Ville Walveranta at 07/09/2010 - 02:37On Thu, Jul 8, 2010 at 10:54 PM, Victor Duchovni
I'll read more. The only thing that may be missing is my awareness of
the available configuration options.
Thanks for pointing those out.
Ville
Re: Selective outbound relaying II
By Ville Walveranta at 07/09/2010 - 17:25Resolved!
Another concurrent thread "SASL Authentication per recipient domain"
gave additional clues.
I ended up using a PCRE map for sender_dependent_relayhost_maps
(domain names changed to protect the innocent and to better illustrate
what was done):
main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps =
hash:$config_directory/tables/smtp_sasl_password_maps
sender_dependent_relayhost_maps =
pcre:$config_directory/tables/smtp_relayhost_maps.pcre
smtp_tls_policy_maps = hash:$config_directory/tables/smtp_tls_policy_maps
smtp_sasl_password_maps:
[external.relaydomain.com]:2000 ... at relaydomain dot com:password
smtp_relayhost_maps.pcre:
!/@mylocaldomain\.net$/ [external.relaydomain.com]:2000
smtp_tls_policy_maps:
[external.relaydomain.com]:2000 encrypt
Now all locally accepted domains except for "mylocaldomain.net" are
relayed via external.relaydomain.com listening at port 2000. TLS and
SASL authentication are used for external.relaydomain.com while emails
sent from mylocaldomain.net domain are delivered directly to recipient
smtp servers without SASL authentication or TLS.
In the end the resolution always tends to be rather simple, but for
people who don't live & breathe Postfix the (admittedly very good)
documentation can be a beast to comb through to find the appropriate
parameters and their application. But I'm not complaining, the more
documentation the better! Whenever I work with Postfix I still always
marvel its flexibility as compared to the ol' qmail I used to run few
years back.
Ville
Re: Selective outbound relaying II
By Ville Walveranta at 07/08/2010 - 23:45;-)
I think I've now hit a wall with a singular configuration. I'll
proceed with setting up a second instance unless someone has a clever
idea how to accomplish what I'm looking for with single instance.
Ville