use default relayhost if sender is local

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

use default relayhost if sender is local

gabrix-2
I run Debian etch and i use smtp.gmail.com as postfix relayhost.
I also have a list of senders from different domains allowed to relay
smtp traffic on my server .
While for local senders in $myorigin i want my postfix to relay smtp
with gmail , for users in the list i want my local postfix to not
relay and to do it on its own .
this is my postfconf -n:

alias_database = hash:/etc/aliases
alias_maps = $alias_database
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.txt
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks.txt
home_mailbox = Maildir/
inet_interfaces = all
mail_spool_directory = /var/spool/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, $mydomain, www.$mydomain ,ns2.$mydomain
,ns1.$mydomain ,localhost.$mydomain
mydomain = gabrix.ath.cx
myhostname = mail.gabrix.ath.cx
mynetworks = 127.0.0.0/8, 10.0.0.0/8
myorigin = $myhostname
recipient_delimiter = +
relayhost = [smtp.gmail.com]:587
show_user_unknown_table_name = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
smtp_tls_key_file = /etc/postfix/ssl/smtpkey.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Open/OS)
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpkey.pem
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes

I hope i was clear , Thanks !
--
http://www.gabrix.ath.cx
Reply | Threaded
Open this post in threaded view
|

Re: use default relayhost if sender is local

Brian Evans - Postfix List
gabriele esposito wrote:
> I run Debian etch and i use smtp.gmail.com as postfix relayhost.
> I also have a list of senders from different domains allowed to relay
> smtp traffic on my server .
> While for local senders in $myorigin i want my postfix to relay smtp
> with gmail , for users in the list i want my local postfix to not
> relay and to do it on its own .
>  

Note: I see no evidence of your claim in your postconf -n listing that
says "have a list of senders from different domains allowed to relay".

To relay only $myorigin, you should remove relayhost and use transport_maps.

Example:

 example.com      :[gateway.example.com]
 .example.com     :[gateway.example.com]

Brian

> this is my postfconf -n:
>
> alias_database = hash:/etc/aliases
> alias_maps = $alias_database
> append_dot_mydomain = no
> biff = no
> body_checks = pcre:/etc/postfix/body_checks.txt
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> delay_warning_time = 4h
> disable_vrfy_command = yes
> header_checks = pcre:/etc/postfix/header_checks.txt
> home_mailbox = Maildir/
> inet_interfaces = all
> mail_spool_directory = /var/spool/mail
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination = $myhostname, $mydomain, www.$mydomain ,ns2.$mydomain
> ,ns1.$mydomain ,localhost.$mydomain
> mydomain = gabrix.ath.cx
> myhostname = mail.gabrix.ath.cx
> mynetworks = 127.0.0.0/8, 10.0.0.0/8
> myorigin = $myhostname
> recipient_delimiter = +
> relayhost = [smtp.gmail.com]:587
> show_user_unknown_table_name = no
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtp_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
> smtp_tls_key_file = /etc/postfix/ssl/smtpkey.pem
> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name (Open/OS)
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
> smtpd_tls_key_file = /etc/postfix/ssl/smtpkey.pem
> smtpd_tls_received_header = no
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
> smtpd_use_tls = yes
>
> I hope i was clear , Thanks !
>  

Reply | Threaded
Open this post in threaded view
|

Re: use default relayhost if sender is local

gabrix-2
I have changed postfix configuration , this is my new postconf -n:

alias_database = hash:/etc/aliases
alias_maps = $alias_database
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
delay_warning_time = 4h
disable_dns_lookups = yes
disable_vrfy_command = yes
home_mailbox = Maildir/
inet_interfaces = all
mail_spool_directory = /var/spool/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, /etc/postfix/local_domains, $mydomain,
remailer.$mydomain ,ns2.$mydomain ,www.$mydomain ,localhost.$mydomain,
localhost
mydomain = gabrix.ath.cx
myhostname = mail.gabrix.ath.cx
mynetworks = 127.0.0.0/8, 10.0.0.0/8
mynetworks_style = subnet
myorigin = $myhostname
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
show_user_unknown_table_name = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
smtp_tls_key_file = /etc/postfix/ssl/smtpkey.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Open/OS)
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpkey.pem
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport

I also found a better way to explain in english what i'm trying to do:
i want postfix to use smtp.gmail.com as relayhost for users in $mydomain.
Users in host.mydomain mail is only local, like logcheck mail .
Users in my host2.subdomain.mydomain are going to use the local
postfix which is not going to use smtp.gmail.com as relayhost in this
case.
First i listed in /etc/postfix/local_domains my two destination
domains, $mydomain and subdomain.$mydomain, than in relay_domains i
listed which domains that are OK to relay .
It sounded ok to me also the "sender_dependent_relayhost_maps"
directive in this form:
admin@mydomain                 [smtp.gmail.com]
[hidden email]   [smtp.mydomain]
[hidden email]  [smtp.mydomain]
user@guestdomain                 [smtp.mydomain]

and the transport map in this form:

mydomain            smtp:[smtp.gmail.com]
host1.mydomain           local:
subdomain.mydomain   smtp:
guestdomain                 smtp:

This should , IMHHHHHHO , make my local postfix use gmail.com  as
relayhost for user in @mydomain , listed guests domains not use any
relayhost for sending in internet and users  in $myorigin just local
delivery .
This my firsts logs after the change , things are not right , yet !

Jul 30 14:35:11 mail postfix/pickup[16186]: 81BD6B6EFA: uid=1000
from=<[hidden email]>
Jul 30 14:35:11 mail postfix/cleanup[16705]: 81BD6B6EFA:
message-id=<[hidden email]>
Jul 30 14:35:11 mail postfix/qmgr[16187]: 81BD6B6EFA:
from=<[hidden email]>, size=2106, nrcpt=1 (queue active)
Jul 30 14:35:14 mail postfix/smtp[16707]: certificate verification
failed for smtp.gmail.com: num=20:unable to get local issuer
certificate
Jul 30 14:35:14 mail postfix/smtp[16707]: certificate verification
failed for smtp.gmail.com: num=27:certificate not trusted
Jul 30 14:35:14 mail postfix/smtp[16707]: certificate verification
failed for smtp.gmail.com: num=21:unable to verify the first
certificate
Jul 30 14:35:14 mail postfix/smtp[16707]: warning: SASL authentication
failure: No worthy mechs found
Jul 30 14:35:14 mail postfix/smtp[16707]: 81BD6B6EFA:
to=<[hidden email]>, relay=smtp.gmail.com[66.249.91.109]:25,
delay=3.5, delays=0.28/0.15/3.1/0, dsn=4.7.0, status=deferred (SASL
authentication failed; cannot authenticate to server
smtp.gmail.com[66.249.91.109]: no mechanism available)
Jul 30 14:35:57 mail postfix/qmgr[16187]: warning: connect to
transport post smtp: No such file or directory
Jul 30 14:36:57 mail postfix/qmgr[16187]: warning: connect to
transport post smtp: No such file or directory
Jul 30 14:37:19 mail postfix/master[16181]: terminating on signal 15
Jul 30 14:37:20 mail postfix/master[16869]: daemon started -- version
2.3.8, configuration /etc/postfix
Jul 30 14:37:20 mail postfix/qmgr[16875]: 3752CB6EF9:
from=<[hidden email]>, size=29106, nrcpt=1 (queue active)
Jul 30 14:37:20 mail postfix/qmgr[16875]: warning: connect to
transport post smtp: No such file or directory
Jul 30 14:38:20 mail postfix/qmgr[16875]: warning: connect to
transport post smtp: No such file or directory
Jul 30 14:38:22 mail postfix/pickup[16870]: 0B1FBB6EFC: uid=1000
from=<[hidden email]>
Jul 30 14:38:22 mail postfix/cleanup[16915]: 0B1FBB6EFC:
message-id=<[hidden email]>
Jul 30 14:38:22 mail postfix/qmgr[16875]: 0B1FBB6EFC:
from=<[hidden email]>, size=2113, nrcpt=1 (queue active)
Jul 30 14:38:26 mail postfix/smtp[16916]: certificate verification
failed for smtp.gmail.com: num=20:unable to get local issuer
certificate
Jul 30 14:38:26 mail postfix/smtp[16916]: certificate verification
failed for smtp.gmail.com: num=27:certificate not trusted
Jul 30 14:38:26 mail postfix/smtp[16916]: certificate verification
failed for smtp.gmail.com: num=21:unable to verify the first
certificate
Jul 30 14:38:26 mail postfix/smtp[16916]: warning: SASL authentication
failure: No worthy mechs found
Jul 30 14:38:26 mail postfix/smtp[16916]: 0B1FBB6EFC:
to=<[hidden email]>, relay=smtp.gmail.com[66.249.91.109]:25,
delay=5, delays=0.28/0.04/4.6/0, dsn=4.7.0, status=deferred (SASL
authentication failed; cannot authenticate to server
smtp.gmail.com[66.249.91.109]: no mechanism available)
Jul 30 14:39:20 mail postfix/qmgr[16875]: warning: connect to
transport post smtp: No such file or directory
Jul 30 14:40:20 mail postfix/qmgr[16875]: warning: connect to
transport post smtp: No such file or directory
Jul 30 14:42:21 mail last message repeated 2 times
Jul 30 14:44:21 mail last message repeated 2 times
Jul 30 14:46:21 mail last message repeated 2 times

I will appreciate any help thanks !

2008/7/29, Brian Evans - Postfix List <[hidden email]>:

> gabriele esposito wrote:
>> I run Debian etch and i use smtp.gmail.com as postfix relayhost.
>> I also have a list of senders from different domains allowed to relay
>> smtp traffic on my server .
>> While for local senders in $myorigin i want my postfix to relay smtp
>> with gmail , for users in the list i want my local postfix to not
>> relay and to do it on its own .
>>
>
> Note: I see no evidence of your claim in your postconf -n listing that
> says "have a list of senders from different domains allowed to relay".
>
> To relay only $myorigin, you should remove relayhost and use transport_maps.
>
> Example:
>
>  example.com      :[gateway.example.com]
>  .example.com     :[gateway.example.com]
>
> Brian
>
>> this is my postfconf -n:
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = $alias_database
>> append_dot_mydomain = no
>> biff = no
>> body_checks = pcre:/etc/postfix/body_checks.txt
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> daemon_directory = /usr/lib/postfix
>> debug_peer_level = 2
>> delay_warning_time = 4h
>> disable_vrfy_command = yes
>> header_checks = pcre:/etc/postfix/header_checks.txt
>> home_mailbox = Maildir/
>> inet_interfaces = all
>> mail_spool_directory = /var/spool/mail
>> mailbox_command = procmail -a "$EXTENSION"
>> mailbox_size_limit = 0
>> mydestination = $myhostname, $mydomain, www.$mydomain ,ns2.$mydomain
>> ,ns1.$mydomain ,localhost.$mydomain
>> mydomain = gabrix.ath.cx
>> myhostname = mail.gabrix.ath.cx
>> mynetworks = 127.0.0.0/8, 10.0.0.0/8
>> myorigin = $myhostname
>> recipient_delimiter = +
>> relayhost = [smtp.gmail.com]:587
>> show_user_unknown_table_name = no
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>> smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
>> smtp_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
>> smtp_tls_key_file = /etc/postfix/ssl/smtpkey.pem
>> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
>> smtp_use_tls = yes
>> smtpd_banner = $myhostname ESMTP $mail_name (Open/OS)
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_path = private/auth
>> smtpd_sasl_security_options = noanonymous
>> smtpd_sasl_type = dovecot
>> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
>> smtpd_tls_auth_only = no
>> smtpd_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
>> smtpd_tls_key_file = /etc/postfix/ssl/smtpkey.pem
>> smtpd_tls_received_header = no
>> smtpd_tls_security_level = may
>> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
>> smtpd_use_tls = yes
>>
>> I hope i was clear , Thanks !
>>
>
>


--
http://www.gabrix.ath.cx
Reply | Threaded
Open this post in threaded view
|

Re: use default relayhost if sender is local

Brian Evans - Postfix List
gabriele esposito wrote:
> I have changed postfix configuration , this is my new postconf -n:
>  
[...]

> transport_maps = hash:/etc/postfix/transport
>
> I also found a better way to explain in english what i'm trying to do:
> i want postfix to use smtp.gmail.com as relayhost for users in $mydomain.
> Users in host.mydomain mail is only local, like logcheck mail .
> Users in my host2.subdomain.mydomain are going to use the local
> postfix which is not going to use smtp.gmail.com as relayhost in this
> case.
> First i listed in /etc/postfix/local_domains my two destination
> domains, $mydomain and subdomain.$mydomain, than in relay_domains i
> listed which domains that are OK to relay .
> It sounded ok to me also the "sender_dependent_relayhost_maps"
> directive in this form:
> admin@mydomain                 [smtp.gmail.com]
> [hidden email]   [smtp.mydomain]
> [hidden email]  [smtp.mydomain]
> user@guestdomain                 [smtp.mydomain]
>
> and the transport map in this form:
>
> mydomain            smtp:[smtp.gmail.com]
>  
Your config was:

relayhost = [smtp.gmail.com]:587

So your transport_maps entry must match..

mydomain   smtp:[smtp.gmail.com]:587

Note: if doing a full domain, transport_maps makes things easier.
If you only need a few addresses, sender_dependent_relayhost_maps is the
way to go. transport_maps entries will take priority over
sender_dependent_relayhost_maps


> host1.mydomain           local:
> subdomain.mydomain   smtp:
> guestdomain                 smtp:
>  
It's best to list only those domains you want to work *differently* from
the default.
If it's local, postfix knows what to do if listed in mydestination.
If it's to be relayed, postfix knows what to do if listed in relay_domains.

HIGHLY recommended to set relay_recipient_maps with a list of valid
addresses you will be relaying to.
Not doing so can create Backscatter.
> This should , IMHHHHHHO , make my local postfix use gmail.com  as
> relayhost for user in @mydomain , listed guests domains not use any
> relayhost for sending in internet and users  in $myorigin just local
> delivery .
> This my firsts logs after the change , things are not right , yet !
>
> Jul 30 14:35:11 mail postfix/pickup[16186]: 81BD6B6EFA: uid=1000
> from=<[hidden email]>
>  
[...]
> Jul 30 14:35:14 mail postfix/smtp[16707]: warning: SASL authentication
> failure: No worthy mechs found
>  
Looks like you may need to set "smtp_sasl_security_options =
noanonymous" but this a pure guess.
> Jul 30 14:35:14 mail postfix/smtp[16707]: 81BD6B6EFA:
> to=<[hidden email]>, relay=smtp.gmail.com[66.249.91.109]:25,
> delay=3.5, delays=0.28/0.15/3.1/0, dsn=4.7.0, status=deferred (SASL
> authentication failed; cannot authenticate to server
> smtp.gmail.com[66.249.91.109]: no mechanism available)
> Jul 30 14:35:57 mail postfix/qmgr[16187]: warning: connect to
> transport post smtp: No such file or directory
>  
Config or map error?   You seem to list transport "post smtp" somewhere.

Brian

>
> I will appreciate any help thanks !
>
> 2008/7/29, Brian Evans - Postfix List <[hidden email]>:
>  
>> gabriele esposito wrote:
>>    
>>> I run Debian etch and i use smtp.gmail.com as postfix relayhost.
>>> I also have a list of senders from different domains allowed to relay
>>> smtp traffic on my server .
>>> While for local senders in $myorigin i want my postfix to relay smtp
>>> with gmail , for users in the list i want my local postfix to not
>>> relay and to do it on its own .
>>>
>>>      
>> Note: I see no evidence of your claim in your postconf -n listing that
>> says "have a list of senders from different domains allowed to relay".
>>
>> To relay only $myorigin, you should remove relayhost and use transport_maps.
>>
>> Example:
>>
>>  example.com      :[gateway.example.com]
>>  .example.com     :[gateway.example.com]
>>
>> Brian
>>
>>    
>>    
>
>
>