Hello,
I am currently managing a server that is used to send emails for multiple
domains.
The main.cf currently look like this:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = hostname.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, hostname, localhost.localdomain, , localhost
relayhost = relay1.example.com:465
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_mechanism_filter =
smtp_sasl_security_options =
smtp_tls_security_level = encrypt
smtp_tls_wrappermode = yes
smtp_tls_mandatory_ciphers = high
canonical_maps = hash:/etc/postfix/canonical_maps
sender_canonical_maps = hash:/etc/postfix/sender_canonical_maps
header_checks = regexp:/etc/postfix/header_checks
sender_dependent_relayhost_maps =
hash:/etc/postfix/sender_dependent_relayhost_maps
the /etc/postfix/sasl/passwd look like this:
relay1.example.com:465 username:password
relay2.dummy.com:465 username:password
finally, the sender_dependent_relayhost_map looks like this:
@example.com relay1.example.com:465
@dummy.com relay2.dummy.com:465
Now, one of our customer would like to use an open relay (security is ensured
by IP filtering).
Simply adding a line in the sender_dependent_relayhost_map does not seem to do
the trick:
@customer.com openrelay.customer.com:25
Postfix still try to use sasl to authenticate to that server. My question is
the following: Is there a way to use sasl (or not) on a per relay basis?
Thanks in advance for any pointer in the right direction,
Emmanuel
