[Tfug] Postfix sender_dependent_relayhost_maps

Brian Murphy murphy+tfug at email.arizona.edu
Fri Nov 21 13:49:50 MST 2008 

Glenn Pfeiffer wrote:
> Do any of you have any examples or resources to help me configure
> postfix to relay to different hosts depending on the sender?
>
> I have figured out that there are two config settings I need to
> change: sender_dependent_relayhost_maps and
> smtp_sender_dependent_authentication.



Hi Glen.  It was good seeing you last night at Claude's house.

I found your postfix question about sender dependent relaying in the
TFUG archives.  You are right, the postfix docs are short on this!

Try this:

# default smarthost for mail relaying
relayhost = [smtp1.example.com]

# senders who get a special relay
sender_dependent_relayhost_maps =
hash:/etc/postfix/sender_dependent_relayhost


The syntax for the relayhost map is:

user1 at mydomain.com  [smtp2.example.com]
user2 at mydomain.com  [smtp2.example.com]
@mydomain2.com      [smtp3.example.com]:587

Create the hash from the text file with "postmap
hash:sender_dependent_relayhost" on the command line.

Since you mention smtp_sender_dependent_authentication I assume the
hosts you're relaying to require SMTP AUTH, correct?

Postfix has client side SMTP AUTH disabled by default.  To use it you
need to enable it and create a password map.  Be sure to chmod 600 the
password map so other users on your system can't read it.

smtp_sasl_auth_enable = yes
smtp_sal_password_maps = hash:/etc/postfix/sasl_passwd

Syntax for /etc/postfix/sasl_passwd:

user1 at mydomain.com        user1 at mydomain.com:password1
user2 at mydomain.com        user2 at mydomain.com:password2

# postmap hash:/etc/postfix/sasl_passwd

You may want to restrict the auth methods to secure ones if supported by
the remote servers:

smtp_sasl_security_options = noanonymous, noplaintext

If the remote server only offers plaintext auth, you could try to force
your postfix client to use TLS for secure transmission.  I've seen that
it's more common for servers to support TLS than fancy SMTP AUTH
methods.

First enable postfix's client-side TLS with "smtp_use_tls = yes".

Then add "smtp_sasl_tls_security_options = noanonymous" under the
smtp_sasl_security_options line to allow plaintext methods over a TLS
encrypted channel.

I've never had to set up a sender based relay server like this so
hopefully these hints can help you out.

Brian


The opinions or statements expressed herein are my own and should not be
taken as a position, opinion, or endorsement of the University of
Arizona.

More information about the tfug mailing list