Re: Selective outbound relaying II
On Thu, Jul 8, 2010 at 10:54 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: TLS security levels are configurable per nexthop destination as documented. SASL logins are also specified via the table of per-destination user:password pairs. It is not clear what's missing. I'll read more. The only thing that may be missing is my awareness of the available configuration options. Thanks for pointing those out. Ville
Re: Selective outbound relaying II
Resolved! Another concurrent thread SASL Authentication per recipient domain gave additional clues. I ended up using a PCRE map for sender_dependent_relayhost_maps (domain names changed to protect the innocent and to better illustrate what was done): main.cf: smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:$config_directory/tables/smtp_sasl_password_maps sender_dependent_relayhost_maps = pcre:$config_directory/tables/smtp_relayhost_maps.pcre smtp_tls_policy_maps = hash:$config_directory/tables/smtp_tls_policy_maps smtp_sasl_password_maps: [external.relaydomain.com]:2000 relayu...@relaydomain.com:password smtp_relayhost_maps.pcre: !/@mylocaldomain\.net$/ [external.relaydomain.com]:2000 smtp_tls_policy_maps: [external.relaydomain.com]:2000 encrypt Now all locally accepted domains except for mylocaldomain.net are relayed via external.relaydomain.com listening at port 2000. TLS and SASL authentication are used for external.relaydomain.com while emails sent from mylocaldomain.net domain are delivered directly to recipient smtp servers without SASL authentication or TLS. In the end the resolution always tends to be rather simple, but for people who don't live breathe Postfix the (admittedly very good) documentation can be a beast to comb through to find the appropriate parameters and their application. But I'm not complaining, the more documentation the better! Whenever I work with Postfix I still always marvel its flexibility as compared to the ol' qmail I used to run few years back. Ville
Re: Selective outbound relaying II
sender_dependent_relayhost_maps may be what I'm looking for..
Re: Selective outbound relaying II
sender_dependent_relayhost_maps works except that the other settings affecting the relay aren't conditionalized by the defined relayhost maps. In this case the relayhost for the externally relayed business domains requires TLS and authentication while the relay for the local domain (being the local Postfix) does not. So my follow-up question is this: is it possible to affect other relay parameters such as smtp_sasl_auth_enable or smtp_tls_security_level with the sender_dependent_relayhost_maps? Ville
Re: Selective outbound relaying II
Ville Walveranta put forth on 7/8/2010 9:14 PM: sender_dependent_relayhost_maps works except that the other settings affecting the relay aren't conditionalized by the defined relayhost maps. In this case the relayhost for the externally relayed business domains requires TLS and authentication while the relay for the local domain (being the local Postfix) does not. So my follow-up question is this: is it possible to affect other relay parameters such as smtp_sasl_auth_enable or smtp_tls_security_level with the sender_dependent_relayhost_maps? Something tells me you'll answer your own question before we get a chance to. ;) -- Stan
Re: Selective outbound relaying II
On Thu, Jul 8, 2010 at 9:17 PM, Stan Hoeppner s...@hardwarefreak.com wrote: Something tells me you'll answer your own question before we get a chance to. ;) ;-) I think I've now hit a wall with a singular configuration. I'll proceed with setting up a second instance unless someone has a clever idea how to accomplish what I'm looking for with single instance. Ville
Re: Selective outbound relaying II
On Thu, Jul 08, 2010 at 09:17:28PM -0500, Stan Hoeppner wrote: Ville Walveranta put forth on 7/8/2010 9:14 PM: sender_dependent_relayhost_maps works except that the other settings affecting the relay aren't conditionalized by the defined relayhost maps. In this case the relayhost for the externally relayed business domains requires TLS and authentication while the relay for the local domain (being the local Postfix) does not. So my follow-up question is this: is it possible to affect other relay parameters such as smtp_sasl_auth_enable or smtp_tls_security_level with the sender_dependent_relayhost_maps? Something tells me you'll answer your own question before we get a chance to. ;) TLS security levels are configurable per nexthop destination as documented. SASL logins are also specified via the table of per-destination user:password pairs. It is not clear what's missing. -- Viktor.