[pfx] Re: sender_dependent_relayhost_maps using different ports

[Wietse Venema via Postfix-users]

Hans Carlson via Postfix-users:
> This is my first time trying to use postfix, so I'm not very familiar with 
> the configuration.  In fact, the config I'll describe was mostly crafted 
> with the help of ChatGPT-5.
> 
> This is a simple home-based relay setup.  I use alpine to send email from 
> 2 local users with ~6 email addresses between them.  All email sent via 
> alpine goes through the postfix smtpd service and then connects to the 
> ISP's SMTP server based on the sender address.  alpine and postfix are 
> both on the same host and postfix only listens on loopback:25.
> 
> So... I have the following defined
> 
>    mydomain = home.arpa
>    myhostname = mail.home.arpa
>    inet_interfaces = loopback-only
>    mynetworks = 127.0.0.0/8
>    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
>    smtp_sender_dependent_authentication = yes
>    smtp_sasl_auth_enable = yes
>    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>    smtp_sasl_mechanism_filter = PLAIN, LOGIN
>    smtp_sasl_security_options = noanonymous
>    smtp_tls_security_level = encrypt
>    smtp_tls_mandatory_ciphers = high
>    smtp_dns_support_level = enabled
> 
> sasl_passwd contains lines like this:
> 
>    us...@isp1.com    us...@isp1.com:XXXXX
>    us...@isp1.com    us...@isp1.com:XXXXX
>    us...@isp2.com    us...@isp2.com:XXXXX
>    us...@isp2.com    us...@isp2.com:XXXXX
> 
> sender_relay contains lines like this:
> 
>    us...@isp1.com    [smtp.isp1.com]:465
>    us...@isp1.com    [smtp.isp1.com]:465
>    us...@isp2.com    [smtp.isp2.com]:587
>    us...@isp2.com    [smtp.isp2.com]:587
> 
> With that configuration, both users @isp2.com can send email just fine, 

Deliveries to port 587 must not use smtp_tls_wrappermode.

> but both users @isp1.com fail with the following message:
> 
>    SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = 
> yes", and "smtp_tls_security_level = encrypt" (or stronger)

Delliveries to port 465 must use tls_wrappermode.

> If I edit main.cf and enable:
> 
>    smtp_tls_wrappermode = yes

That changes smtp_tls_wrappermode for all outbound mail. Not good.

The solution involves transport_maps and a separate SMTP client
in master.cf.

If your transport_maps lookups appear to  be ignored, then Postfix
may not be using the search key that you expect. To find out, make
trivial-rewrite in master.cf a little verbose

master.cf:
    rewrite    unix  -   -   n   -   -    trivial-rewrite -v

and do "postfix reload".

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org