I hV On 12 January 2017 at 05:59, Carles Pina i Estany <car...@pina.cat> wrote: > > Hello, > > TL;DR: > I need to setup different configuration for two different relays... and > I can't see if this is possible and how to do it. > > > I have a Postfix problem and very limited internet access (I've just > subscribed to the mailing list but I'm not sure if I'll be able to > download all the messages, feel free to CC me) (I'm on an the ACE > Antarctic expedition right now helping with software/networking/data > management/setting up equipment). > > The problem is that I setup a Postfix server that is used just to relay > to different SMTP servers (so users don't need to be waiting for the > internet connection on their Thunderbird/others). The setup is not ideal > and it's only for 3 users that use different email addresses > (yahoo.co.uk and two different institutional domains). > > For the relay authentication and setup: > > My sasl_passwd file that looks like: > [RELAY_IP1]:465 user1:password1 > [RELAY_IP2]:587 user2:psasword2 > > And I have a relayhost_map: > user1 [RELAY_IP1]:465 > user2 [RELAY_IP2]:587 > > Users connect to the Postfix using Thunderbird, authenticated SMTP. > > The problem is that user1's SMTP server needs these settings: > smtp_tls_wrappermode = yes > smtp_tls_security_level = encrypt > > and user2's SMTP server: > smtp_tls_wrappermode = yes > smtp_tls_security_level = may > > Here the question: I've been playing with the transport table to do > something like (I've found it on the internet): > [RELAY_IP1]:465 relay-smtps[RELAY_IP1]:465 > > And then in the master.cf table: > relay-smtps unix - - y - - smtp > # This server default is SMTPS unless goes to relay-nosmtps > -o smtp_tls_security_level=encrypt > -o smtp_tls_wrappermode=yes > > But my understanding at the moment is that the transport table only > affects depending on the recipient of the email, not on the next relay > host. > > Is it possible to do what I want to do? How? Because at the moment it > seems impossible to me :-( > > Thank you very much! I really appreciate your help! >
Antarctic expedition sounds cool! Or at any rate cold ;-) This seems like the same (or similar) problem that I faced - see http://postfix.1071664.n5.nabble.com/After-smtps-rejection-fails-falling-back-to-smtp-TLS-Postfix-3-1-0-td86200.html. The solution for me was to use stunnel (aka stunnel4) for the relay that requires smtps. So in /etc/stunnel/ssl_for_postfix.conf I have: [smtp-tls-wrapper-11125] accept = 11125 client = yes connect = onwardserver.tld:smtps The corresponding sasl_passwd file has a line like: 127.0.0.1:11125 myusername:mypassword main.cf has an entry for my fallback_relay (but in your case I think would be in your relayhost_map): 127.0.0.1:11125 and main.cf just uses: smtp_tls_security_level = may Postfix just talks to stunnel using port 11125 on the local machine, stunnel handles the smtps aspect. That's my understanding anyway.
