Michael Donovan:
> Resolved!
> That did the trick!
> Thanks.
Don't forget to set notify_classes as described in my reply, because
otherwise undeliverable outbound mail may be lost (the notification
has the null sender address, which does not match your per-sender
table).
My original reply was incomplete and talked inbound mail. In reality
all undeliverable mail notification has the null sender address.
By including 2bounce in the notify_classes setting, a copy of
the undeliverable notification will be sent to postmaster.
You will want to test what happens when you send a mail to a bad
address from wordpress. It would be bad if the mail would go down
a blackhole.
Wietse
> A little explanation:
> This Postfix is for a Debian LAMP server that hosts mainly Wordpress blogs.
> All of our customers have their mail set up with Google Apps,
> so we don't need Postfix as an MX for their domains.
> They all have mail addresses like [email protected] rather than
> [email protected]
>
> Each blog runs under a different Linux user account, rather than
> www-data. (Apache mpm-itk)
> I don't want Postfix to ever send mail directly, always go through the
> correct gmail account.
> Basically, I'm making Postfix act like a multi-user Thunderbird email
> client.
>
> I know there are plugins for Wordpress that can do this directly without
> involving Postfix,
> but I am trying to make life easier for my customers. We also have
> non-Wordpress apps that use php_mail(),
> and even an ancient perl cgi script that can't talk TLS.
>
> For anyone who wants to do this using gmail as the transport, here's
> what I did on Debian Squeeze.
>
> Install Postfix. I chose "Satellite system"
>
> Generate the cacert.pem:
> # cat /usr/lib/ssl/certs/Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem
> # cat /usr/lib/ssl/certs/Thawte_Premium_Server_CA.pem >>
> /etc/postfix/cacert.pem
>
> I don't think you need the Thawte_Premium one anymore, but it doesn't
> hurt anything.
>
> /etc/postfix/main.cf:
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix
> default_transport = error:you can't go there from here
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = loopback-only
> inet_protocols = ipv4
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination = $myhostname, localhost.localdomain, localhost
> myhostname = myhost.mydomain.net
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = noanonymous
> smtp_sender_dependent_authentication = yes
> smtp_tls_CAfile = /etc/postfix/cacert.pem
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
>
> /etc/mailname:
> myhost.mydomain.net
>
> /etc/postfix/sender_transport
> [email protected]??? smtp:[smtp.gmail.com]:587
> [email protected]??? smtp:[smtp.gmail.com]:587
>
> /etc/postfix/sasl_passwd
> [email protected]??? [email protected]:gmailpassword1
> [email protected]??? [email protected]:gmailpassword2
>
> Hash the files with postmap:
> # postmap sender_transport
> # postmap sasl_passwd
>
> Restart:
> # /etc/init.d/postfix restart
>
> user1 and user2 send mail through their respective gmail accounts.
> user3 is a linux user, but not in the transport list, so any mail he sends
> gets bounced back to his local mailbox /var/spool/mail/user3
>
> Regards,
> Mike Donovan
>
> On 12/14/2011 01:18 PM, Wietse Venema wrote:
>
> Michael Donovan:
> >
> >What I want is for Postfix to NOT send the mail [when the sender
> >>does not match sender_dependent_relayhost_maps] at all. Instead
> >>immediately bounce it back to user3 as undeliverable.
> >>This is easier with sender_dependent_default_transport_maps:
> >
> >What follows is untested, and may not work if you also have other
> >transport overrides in place such as transport_maps or relayhost
> >settings.
> >
> >/etc/postfix/main.cf:
> >???? default_transport = error:you can't go there from here
> >???? sender_dependent_default_transport_maps =
> >hash:/etc/postfix/sender_relay
> >
> >/etc/postfix/sender_relay:
> >???? [email protected]??? smtp:relayhost-for-joe
> >???? [email protected]??? smtp:relayhost-for-jane
> >
> >Of course this means that any mail from outside that can't be
> >delivered will be lost (the notification has a null sender which
> >won't match your table).
> >
> >To avoid loss of bounces you turn on double-bounce notification:
> >
> >/etc/postfix/main.cf:
> >???? notify_classes = resource, software, 2bounce
> >
> >The priority order of Postfix routing is hard-coded (i.e. still to
> >be made configurable) and the documentation is kind-of obscure.
> >Read carefully.
> >
> >????Wietse
> >
> >
> >
>
>
> ----- Original Message -----
> From: Wietse Venema <[email protected]>
> To: Postfix users <[email protected]>
> Cc:
> Sent: Wednesday, December 14, 2011 1:18 PM
> Subject: Re: sender_dependent_relay_maps: what if sender does not match?
>
> Michael Donovan:
> > What I want is for Postfix to NOT send the mail [when the sender
> > does not match sender_dependent_relayhost_maps] at all. Instead
> > immediately bounce it back to user3 as undeliverable.
>
> This is easier with sender_dependent_default_transport_maps:
>
> What follows is untested, and may not work if you also have other
> transport overrides in place such as transport_maps or relayhost
> settings.
>
> /etc/postfix/main.cf:
> ? ? default_transport = error:you can't go there from here
> ? ? sender_dependent_default_transport_maps = hash:/etc/postfix/sender_relay
>
> /etc/postfix/sender_relay:
> ? ? [email protected]??? smtp:relayhost-for-joe
> ? ? [email protected]??? smtp:relayhost-for-jane
>
> Of course this means that any mail from outside that can't be
> delivered will be lost (the notification has a null sender which
> won't match your table).
>
> To avoid loss of bounces you turn on double-bounce notification:
>
> /etc/postfix/main.cf:
> ? ? notify_classes = resource, software, 2bounce
>
> The priority order of Postfix routing is hard-coded (i.e. still to
> be made configurable) and the documentation is kind-of obscure.
> Read carefully.
>
> ??? Wietse
>
> >
