How to configure postfix for per-sender SASL authentication
Postfix (and indeed any MTA) doesn't care about FROM headers.
The sender_dependent_relayhost_maps setting looks at the envelope (SMTP MAIL FROM) address.
Please include the relevant logs that show what happens when you attempt to send mail using one of the exceptions.
Related videos on Youtube
Marwan Tanager
Updated on September 18, 2022Comments
-
Marwan Tanager over 1 year
I have two gmail accounts, and I want to configure my local postfix server as a client which does SASL authentication with smtp.gmail.com:587 with credentials that depend on the sender address.
So, let's say that my gmail accounts are:
[email protected]
and[email protected]
. If I sent a mail with[email protected]
in theFROM
header field, then postfix should use the credentials:[email protected]:psswd1
to do SASL authentication with gmail SMTP server. Similarly with[email protected]
, it should use[email protected]:passwd2
. Sounds fairly simple.Well, I followed the postfix official documentation at http://www.postfix.org/SASL_README.html, and I ended up with the following relevant configurations:
/etc/postfix/main.cf
smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_tls_security_level = secure smtp_tls_CAfile = /etc/ssl/certs/Equifax_Secure_CA.pem smtp_tls_CApath = /etc/ssl/certs smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache smtp_tls_session_cache_timeout = 3600s smtp_tls_loglevel = 1 tls_random_source = dev:/dev/urandom relayhost = smtp.gmail.com:587
/etc/postfix/sasl_passwd
[email protected] [email protected]:passwd1 [email protected] [email protected]:passwd2 smtp.gmail.com:587 [email protected]:passwd1
/etc/postfix/sender_relay
[email protected] smtp.gmail.com:587 [email protected] smtp.gmail.com:587
After I'm done with the configurations I did:
$ postmap /etc/postfix/sasl_passwd $ postmap /etc/postfix/sender_relay $ /etc/init.d/postfix restart
The problem is that when I send a mail from
[email protected]
, the message ends up in the destination with sender address[email protected]
and NOT[email protected]
, which means that postfix always ignores the per-sender configurations and send the mail using the default credentials (the third line in/etc/postfix/sasl_passwd
above). I checked the configurations multiple times and even compared them to those in various blog posts addressing the same issue but found them to be more or less the same as mine. So, can anyone point me in the right direction, in case I'm missing something?Many thanks.
EDIT:
Here is what goes into /var/log/mail.log when I send a mail from [email protected] to another "obfuscated" mail address, [email protected]
Sep 11 17:28:24 host postfix/pickup[13235]: D0E71A4167D: uid=1000 from=<marwan> Sep 11 17:28:24 host postfix/cleanup[13259]: D0E71A4167D: message-id=<20120911152824.GX10881@host> Sep 11 17:28:24 host postfix/qmgr[13236]: D0E71A4167D: from=<marwan@host>, size=413, nrcpt=1 (queue active) Sep 11 17:28:25 host postfix/smtp[13263]: setting up TLS connection to smtp.gmail.com[173.194.70.108]:587 Sep 11 17:28:25 host postfix/smtp[13263]: Verified TLS connection established to smtp.gmail.com[173.194.70.108]:587: TLSv1 with cipher RC4-SHA (128/128 bits) Sep 11 17:28:32 host postfix/smtp[13263]: D0E71A4167D: to=<[email protected]>, relay=smtp.gmail.com[173.194.70.108]:587, delay=7.8, delays=0.1/0/2.7/5, dsn=2.0.0, status=sent (250 2.0.0 OK 1347377285 25sm9995878bkx.9) Sep 11 17:28:32 host postfix/qmgr[13236]: D0E71A4167D: removed
As for the MAIL FROM command I noticed it when I increased the tls logging level:
Sep 11 18:26:53 host postfix/smtp[14287]: Write 42 chars: MAIL FROM:<marwan@host> SIZE=405 AUTH=<>
So, is the MAIL FROM command supposed to contain [email protected]? and if it is, what should I do to make it that way.
BTW, I didn't edit that last line; my local hostname is "host" and my local usename is "marwan".
Thanks again.
-
andras.tim about 7 yearsDid you checked this? gist.github.com/zmwangx/2c56aa32be68daf48c2f
-