Hello all,
I have a problem with sender-dependent relayhosts. I'm using the stock
up-to-date postfix-2.3.3-2.1.el5_2 RPM that is part of CentOS 5.2 (if
that's a problem let me know and I'll try with a later version).
In short, if I put a relayhost parameter my sender-dependent relayhost
map gets ignored, even when the documentation states that it takes
higher precedence.
Here's the deal:
My system is purely a relaying gateway whose purpose is scanning
emails with Amavisd and ClamAV. It acts as a gateway for another
internal mail server located on a different host. All non-internal
emails get sent to a relayhost (USANET's smtp.postoffice.net), which
requires the use of SASL. My configuration works fine when the sender
explicitly appears in my sender-dependent relayhost map and in my SASL
password map.
But my problem appears when the sender is not present there. This can
happen because sometimes my internal mail server hosts an alias that
expands into some non-local addresses. So, when [EMAIL PROTECTED] from the
Internet sends mail to this local alias, a copy ends up trying to be
relayed through my Postfix to those non-local addresses. Since those
non-local addresses do not appear in my SASL password map (and I do
not want them there), I cannot send mail to them through USANET (it
would get rejected with "530 Authentication required"). I want to send
mail to them through a different SMTP relay I have at Verio, without
having to list them explicitly anywhere on my Postfix server. This
Verio SMTP server does not work with SASL or encryption.
I figured I should put a relayhost parameter pointing to my Verio
relay like this...
relayhost = [veriosmtp.net]
... since Postfix documentation says sender-dependent relayhost map
takes precedence over the relayhost parameter. But it doesn't seem to
be working that way for me, because if I put that relayhost then ALL
my non-local mail ends up going through Verio (i.e., the
sender-dependent relayhost map that points to USANET for my local
senders gets ignored!).
Since the sender-dependent relayhost map does not accept wildcards,
I'm stuck. I've seen an old email where Wietse suggested using regexp
maps, but I've no idea how that would be done in this case:
> From: Wietse Venema
> Date: 2006-08-30 15:12:21
> [...]
> If you want wildcard lookups in Postfix maps, use regular
> expression maps.
>
> Wietse
I'd appreciate it if somebody could help me out. Thanks,
LT
----------- begin /etc/postfix/main.cf --------
myhostname = smtpgw.myveryowndomain.com
mydestination = $myhostname, localhost
mynetworks = 127.0.0.1/32, 192.168.1.11/32, 192.168.1.12/32
relay_domains = $mydestination, myveryowndomain.com, myotherdomain.net
relayhost = [veriosmtp.net]
#
transport_maps = hash:/etc/postfix/transport
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
#
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
#
smtp_tls_CAfile = /etc/postfix/certs/entrust.secure-server-CA.pem
smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_dkey_file =
smtp_tls_key_file =
smtp_tls_loglevel = 2
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_secure_cert_match = nexthop
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:/var/spool/postfix/cache/smtp_tls_session_cache
# Here follow other generic stuff
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 5
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mynetworks_style = host
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
----------- end /etc/postfix/main.cf ----------
----------- begin /etc/postfix/transport ------
# My postfix server is 192.168.1.11. It acts as purely as a gateway, scanning
# mails with amavisd.
# Mail @myveryowndomain.com reside on another local server, 192.168.1.12,
# which is a CommuniGate server.
#
# Here go some exceptions:
# Mail for [EMAIL PROTECTED] reside on USANET and not on my
internal mail server:
[EMAIL PROTECTED] smtp:[smtp.postoffice.net]
# As stated, mails for myveryowndomain.com should go to my CommuniGate server:
myveryowndomain.com smtp:[192.168.1.12]
# Mails for myotherdomain.com also go to the local CommuniGate server:
myotherdomain.com smtp:[192.168.1.12]
# All other mail not explicitly mentioned here should go through
(possibly sender-dependent) relayhost.
----------- end /etc/postfix/transport --------
----------- begin /etc/postfix/tls_policy -----
#Next hop TLS security level Level-specific options
[smtp.postoffice.net] secure match=smtp.postoffice.net
[veriosmtp.net] none
[someothersmtp.net] none
----------- end /etc/postfix/tls_policy -------
----------- begin /etc/postfix/sender_relay ---
[EMAIL PROTECTED] [smtp.postoffice.net]
[EMAIL PROTECTED] [smtp.postoffice.net]
[EMAIL PROTECTED] [smtp.postoffice.net]
[EMAIL PROTECTED] [smtp.postoffice.net]
[EMAIL PROTECTED] [smtp.postoffice.net]
----------- end /etc/postfix/sender_relay -----
----------- begin /etc/postfix/sasl_passwd ----
[EMAIL PROTECTED] myuser2//myveryowndomain.com:myuser2pass
[EMAIL PROTECTED] myuser3//myveryowndomain.com:myuser3pass
[EMAIL PROTECTED] myuser4//myveryowndomain.com:myuser4pass
[EMAIL PROTECTED] myotheruser1//myotherdomain.com:myotheruser1pass
[EMAIL PROTECTED] myotheruser2//myotherdomain.com:myotheruser2pass
----------- end /etc/postfix/sasl_passwd ------
