Resolved!
That did the trick!
Thanks.
A little explanation:
This Postfix is for a Debian LAMP server that hosts mainly Wordpress blogs.
All of our customers have their mail set up with Google Apps,
so we don't need Postfix as an MX for their domains.
They all have mail addresses like [email protected] rather than
[email protected]
Each blog runs under a different Linux user account, rather than
www-data. (Apache mpm-itk)
I don't want Postfix to ever send mail directly, always go through the
correct gmail account.
Basically, I'm making Postfix act like a multi-user Thunderbird email
client.
I know there are plugins for Wordpress that can do this directly without
involving Postfix,
but I am trying to make life easier for my customers. We also have
non-Wordpress apps that use php_mail(),
and even an ancient perl cgi script that can't talk TLS.
For anyone who wants to do this using gmail as the transport, here's
what I did on Debian Squeeze.
Install Postfix. I chose "Satellite system"
Generate the cacert.pem:
# cat /usr/lib/ssl/certs/Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem
# cat /usr/lib/ssl/certs/Thawte_Premium_Server_CA.pem >>
/etc/postfix/cacert.pem
I don't think you need the Thawte_Premium one anymore, but it doesn't
hurt anything.
/etc/postfix/main.cf:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_transport = error:you can't go there from here
html_directory = /usr/share/doc/postfix/html
inet_interfaces = loopback-only
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.localdomain, localhost
myhostname = myhost.mydomain.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
/etc/mailname:
myhost.mydomain.net
/etc/postfix/sender_transport
[email protected] smtp:[smtp.gmail.com]:587
[email protected] smtp:[smtp.gmail.com]:587
/etc/postfix/sasl_passwd
[email protected] [email protected]:gmailpassword1
[email protected] [email protected]:gmailpassword2
Hash the files with postmap:
# postmap sender_transport
# postmap sasl_passwd
Restart:
# /etc/init.d/postfix restart
user1 and user2 send mail through their respective gmail accounts.
user3 is a linux user, but not in the transport list, so any mail he sends
gets bounced back to his local mailbox /var/spool/mail/user3
Regards,
Mike Donovan
On 12/14/2011 01:18 PM, Wietse Venema wrote:
Michael Donovan:
>
>What I want is for Postfix to NOT send the mail [when the sender
>>does not match sender_dependent_relayhost_maps] at all. Instead
>>immediately bounce it back to user3 as undeliverable.
>>This is easier with sender_dependent_default_transport_maps:
>
>What follows is untested, and may not work if you also have other
>transport overrides in place such as transport_maps or relayhost
>settings.
>
>/etc/postfix/main.cf:
> default_transport = error:you can't go there from here
> sender_dependent_default_transport_maps = hash:/etc/postfix/sender_relay
>
>/etc/postfix/sender_relay:
> [email protected] smtp:relayhost-for-joe
> [email protected] smtp:relayhost-for-jane
>
>Of course this means that any mail from outside that can't be
>delivered will be lost (the notification has a null sender which
>won't match your table).
>
>To avoid loss of bounces you turn on double-bounce notification:
>
>/etc/postfix/main.cf:
> notify_classes = resource, software, 2bounce
>
>The priority order of Postfix routing is hard-coded (i.e. still to
>be made configurable) and the documentation is kind-of obscure.
>Read carefully.
>
> Wietse
>
>
>
----- Original Message -----
From: Wietse Venema <[email protected]>
To: Postfix users <[email protected]>
Cc:
Sent: Wednesday, December 14, 2011 1:18 PM
Subject: Re: sender_dependent_relay_maps: what if sender does not match?
Michael Donovan:
> What I want is for Postfix to NOT send the mail [when the sender
> does not match sender_dependent_relayhost_maps] at all. Instead
> immediately bounce it back to user3 as undeliverable.
This is easier with sender_dependent_default_transport_maps:
What follows is untested, and may not work if you also have other
transport overrides in place such as transport_maps or relayhost
settings.
/etc/postfix/main.cf:
default_transport = error:you can't go there from here
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_relay
/etc/postfix/sender_relay:
[email protected] smtp:relayhost-for-joe
[email protected] smtp:relayhost-for-jane
Of course this means that any mail from outside that can't be
delivered will be lost (the notification has a null sender which
won't match your table).
To avoid loss of bounces you turn on double-bounce notification:
/etc/postfix/main.cf:
notify_classes = resource, software, 2bounce
The priority order of Postfix routing is hard-coded (i.e. still to
be made configurable) and the documentation is kind-of obscure.
Read carefully.
Wietse
