Resolved!
Another concurrent thread "SASL Authentication per recipient domain"
gave additional clues.
I ended up using a PCRE map for sender_dependent_relayhost_maps
(domain names changed to protect the innocent and to better illustrate
what was done):
main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps =
hash:$config_directory/tables/smtp_sasl_password_maps
sender_dependent_relayhost_maps =
pcre:$config_directory/tables/smtp_relayhost_maps.pcre
smtp_tls_policy_maps = hash:$config_directory/tables/smtp_tls_policy_maps
smtp_sasl_password_maps:
[external.relaydomain.com]:2000 relayu...@relaydomain.com:password
smtp_relayhost_maps.pcre:
!/@mylocaldomain\.net$/ [external.relaydomain.com]:2000
smtp_tls_policy_maps:
[external.relaydomain.com]:2000 encrypt
Now all locally accepted domains except for "mylocaldomain.net" are
relayed via external.relaydomain.com listening at port 2000. TLS and
SASL authentication are used for external.relaydomain.com while emails
sent from mylocaldomain.net domain are delivered directly to recipient
smtp servers without SASL authentication or TLS.
In the end the resolution always tends to be rather simple, but for
people who don't live & breathe Postfix the (admittedly very good)
documentation can be a beast to comb through to find the appropriate
parameters and their application. But I'm not complaining, the more
documentation the better! Whenever I work with Postfix I still always
marvel its flexibility as compared to the ol' qmail I used to run few
years back.
Ville
