Hi, Thanks for your answer.
I rechecked my configuration, and located a wrong config in sender_relay: the very same relay that was wrongly put in that file. After removing the relay, I could indeed configure the multi-relay configuration I needed, for both sender and recipient dependent relays. Thanks much for your help. ---------------------------------------- François Le ven. 22 janv. 2021 à 03:19, Viktor Dukhovni <postfix-us...@dukhovni.org> a écrit : > On Fri, Jan 22, 2021 at 02:34:58AM -0500, François Hétu wrote: > > > I'm having some difficulty figuring out how to configure both recipient > and > > sender dependent relay hosts. > > > > 1. Some of my users need to send mail through specific relay hosts with > > login:password; > > 2. Other users on the same box will use the local SMTP server to relay > > mail: the default transport if you will, without password; > > 3. Finally, some outgoing mail has to be routed through other relay hosts > > according to the recipient domain without consideration of the sender. > > Those relays have login:password. > > > > Option 1 can be configured by using the sender_dependent_relayhost_maps > > option and both a sender_relay and a sasl_passwd file. > > > > Option 2 is selected by Postfix if the specified sender is not found in > the > > sender_relay file mentioned above. > > > > Option 3 is made possible by using a transport_map file where the > specific > > recipient domain is listed, with a proper [some-relay.tld]:587 affixed. > > > > But where do I put the login:password of [some-relay.tld]:587? If I put > it > > in the sasl_passwd file, ALL mail not specified in the sender_relay file > is > > routed through [some-relay.tld]:587, and not the local SMTP relay. > > The sasl_passwd file has no effect on transport selection, so I am at a > loss to understand how you reached that conclusion. > > smtp_sasl_password_maps (default: empty) > Optional Postfix SMTP client lookup tables with one > username:password > entry per sender, remote hostname or next-hop domain. Per-sender > lookup > is done only when sender-dependent authentication is enabled. If no > username:password entry is found, then the Postfix SMTP client will > not > attempt to authenticate to the remote host. > > The Postfix SMTP client opens the lookup table before going to > chroot > jail, so you can leave the password file in /etc/postfix. > > Specify zero or more "type:name" lookup tables, separated by > whitespace > or comma. Tables will be searched in the specified order until a > match > is found. > > This makes no mention of any such effect. Indeed the parameter is > implemented in smtp(8) and not the queue manager, and so you can have > different values of smtp_sasl_password_maps for different instances > (transport) of the smtp(8) delivery agent. > > Similarly, smtp_sender_dependent_authentication is also a per-transport > setting. The transport you use for the destination-specific relays > should not enable sender dependent authentication, which should be > enabled only for transports specified in the RHS values of > sender_dependent_default_transport_maps (use that instead of > sender-dependent relays), the "transport" variant lets you override > both the transport name and the nexthop. > > -- > Viktor. >
