Dear all,
I am confronted with a problem in a mail-cluster of internal, external,
and a 3rd party postfix setup.
For simplicity I’ll reduce the setup to:
MX-I (internal mail relay, user authentication, .., also LMTP delivery)
MX-E (external mail relay, incoming/outgoing)
MX-3 (3rd party mail setup)
The setup itself has been running fine like this for years; the cluster
uses external (LDAP) lookups for mail routing and delivery.
Now a user needed to authenticate outgoing email to MX-3. Outgoing and
incoming email for that user is handled by MX-E, the user uses MX-I to
send his emails.
So I thought adding sender_dependent_relayhost_maps on MX-E would do the
trick (I cannot do it for the entire domain/destination MX); and it
partly does, and leads to another problem.
On MX-E:
main.cf:
sender_dependent_relayhost_maps =
hash:$config_directory/sender_dependent_relayhost
sender_dependent_relayhost:
user@foreign.domain [MX-3]:587
salspass:
user@foreign.domain login:pass
With this the outgoing email gets properly authenticated to MX-3.
Now sometimes the same email comes back to MX-E via an *alias* (no From:
changes) on MX-3. MX-E will receive the looped back email from MX-3
and then decides by its transport rules that it should send it to MX-I.
Here’s the problem: MX-E now tries to do SASL auth to MX-I for this
looped back email and that fails.
Is there any better (simpler) solution than to have a dedicated/split
outgoing or incoming MX for this user?
Thanks for any suggestions,
Bjoern
