On Sun, Sep 29, 2019 at 06:16:05PM +0200, Jaroslaw Rafa wrote:
> I'm considering an idea of sending e-mail to Gmail users via Gmail server,
> with
> help of a Gmail account specially created for that purpose. (If that doesn't
> help then - I guess - nothing helps :( ).
The trouble is that such accounts are generally restricted to a
single envelope sender address, likely with a matching single "From"
address. You would need to also implement some mechanism to modify
the envelope and header sender addresses to match the login
credentials.
> 1) It's obvious that Postfix has to authenticate to Google SMTP server to
> submit mail through it (with credentials of that specially-created Gmail
> account).
And a matching envelope sender.
> However, I found in the Postfix docs that SMTP client authentication works
> only with Cyrus SASL module, not with Dovecot one.
Yes, Dovecot only supports authentication if incoming email in the
SMTP and (of course) IMAP servers.
> I have currently Dovecot SASL configured, as Dovecot is running as my IMAP
> server, and I don't want to change that. Is it possible to have both SASL
> modules (Cyrus and Dovecot) installed and working simultaneously?
Yes, you can keep using Dovecot for the SMTP server, but use Cyrus for
the SMTP client. My system does exactly that:
$ postconf smtp{,d}_sasl_type
smtp_sasl_type = cyrus
smtpd_sasl_type = dovecot
> While putting the gmail.com domain explicitly as a key in transport(5) table
> is no problem, there is a multitude of companies that are using G Suite and
> have Gmail-hosted mail with their own domain, and I experience the same
> issue with them (ie. my mail being put to Spam by Gmail). So there's a need
> to check if the MX for a destination domain is within google.com or
> googlemail.com domain, and if yes, to send mail via Gmail server as well.
> Is there any way to do it with transport_maps ?
Postfix has no built-in mechanism for this, and it would be rather
difficult to do this in a performant manner. Transport resolution
happens in the queue-manager on one recipient address at a time.
Lookups of remote MX hosts, can take multiple seconds, and your
mail queue can suffer congestive collapse even with a small fraction
of email to a domain with DNS lookup problems.
There are further complications, since some of these domains could
use non-standard names (in their own domains) for the Gmail MX
hosts, or just names owned by Google that you might not be aware
of. For example, you may not yet be aware of mx[1234].smtp.goog
as additional (DNSSEC signed) Gmail MX hosts.
The real solution is to find a way to deliver mail normally,
like everyone else, without going to the Junk folder. For
that
* Avoid IPv6, Google's MX hosts are more strict when you
use IPv6.
* Don't forward externally original email to Gmail accounts.
* DKIM sign your outbound mail.
* Perhaps also publish SPF records for your own domain.
The only creative solution (gross hack, along the lines you suggest)
that comes to mind is to implement a DNS filter that modifies MX
records and/or A/AAAA records to redirect connections to Gmail
servers to a dedicated Postfix instance:
http://www.postfix.org/postconf.5.html#smtp_dns_reply_filter
http://www.postfix.org/MULTI_INSTANCE_README.html
in which:
* The envelope sender and "From" header are changed to match
the dedicated Gmail account. This only works if you're
the *only user* of your mail server.
* The default_transport is "relay:[smtp.gmail.com]:587"
* Appropriate SASL credentials are configured to authenticate
submission.
I would not recommend this "solution". Instead find a way to send
email that Gmail will not routinely consider to be junk.
--
Viktor.
