Using Postfix to relay via multiple Google Apps accounts

Question

I'm in the process of setting up a web app that needs to send emails via two different email addresses on a domain that uses Google Apps. I'm using Postfix as a relay as I'm reasonably familiar with it.

However, I'm struggling to puzzle out how to get this working with two different email addresses on the same domain. The impression I've gotten is that you need to set up two different password files in /etc/postfix/sasl, which I've done, and then set smtp_sasl_password_maps to hash:/etc/postfix/sasl/passwd, but I'm not too sure on the syntax required for two different file. I've tried setting it as follows:

smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd, hash:/etc/postfix/sasl/passwd2

But that doesn't seem to do the trick. I also tried having both in one file, but that didn't work either. Whichever method I try, it only ever seems to pick up on one address. Google doesn't seem to be very helpful with this issue either?

Can anyone see where I've gone astray here?

EDIT: Perhaps I wasn't too clear about what I'm trying to do.

The web server for example.com has Postfix installed, but the MX records are pointed at Google Apps. There are two email addresses, noreply@example.com and support@example.com, and both of them are on Google Apps. What I want to do is configure Postfix to use Google Apps as a relay for both of these email addresses.

The problem is that I can't figure out how to set up password maps for these two accounts and I can therefore only set it up for one, not both.

You can also use virtual mailboxes linking your single account to multiple Google Apps accounts. — John Strood, Jan 12 '16 at 18:45

score 9 · Accepted Answer · answered Oct 31 '12 at 00:55

9

You need to enable sender dependent authentication so that Postfix will choose the appropriate credentials based on the sender of the message being delivered. The password map should be keyed by the sender address instead of the relay host.

main.cf:

smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password_maps

sasl_password_maps:

noreply@example.com noreply@example.com:password123
support@example.com support@example.com:password456

answered Oct 31 '12 at 00:55

mgorven

30,615
7
79
122

This is great and all but is there a way to define a default credential if the sender is none of the above? – dan Nov 07 '19 at 11:21
Remember to run postmap /etc/postfix/sender_relay and postmap /etc/postfix/sasl_password_maps – Marcus J.Kennedy May 25 '20 at 09:10

score 8 · Answer 2 · edited Jun 11 '20 at 10:02

Sender dependent authentication can help. There is good example in official documentation.

Postfix supports different ISP accounts for different sender addresses (version 2.3 and later). This can be useful when one person uses the same machine for work and for personal use, or when people with different ISP accounts share the same Postfix server.

To make this possible, Postfix supports per-sender SASL passwords and per-sender relay hosts. In the example below, the Postfix SMTP client will search the SASL password file by sender address before it searches that same file by destination. Likewise, the Postfix trivial-rewrite(8) daemon will search the per-sender relayhost file, and use the default relayhost setting only as a final resort.

/etc/postfix/main.cf:

smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
relayhost = [mail.isp.example]
# Alternative form:
# relayhost = [mail.isp.example]:port

/etc/postfix/sasl_passwd:

# Per-sender authentication; see also /etc/postfix/sender_relay.
user1@example.com               username1:password1
user2@example.net               username2:password2
# Login information for the default relayhost.
[mail.isp.example]              username:password
# Alternative form:
# [mail.isp.example]:port username:password

/etc/postfix/sender_relay:

# Per-sender provider; see also /etc/postfix/sasl_passwd.
user1@example.com               [mail.example.com]:port
user2@example.net               [mail.example.net]

Execute the command "postmap /etc/postfix/sasl_passwd" whenever you change the sasl_passwd table.
Execute the command "postmap /etc/postfix/sender_relay" whenever you change the sender_relay table.

score 0 · Answer 3 · answered May 07 '21 at 02:19

I used a different approach. My problem is: I have to switch between two google accounts because the 10000 emails/24 hours limit on Gmail, I created "sasl_passwd.db_user1" and "sasl_passwd.db_user2" and one script on crontab that copy the "sasl_passwd.db_user1" into "sasl_passwd.db" and restart the postfix. And another script that copy the "user2" into "sasl_passwd.db".

Using Postfix to relay via multiple Google Apps accounts

3 Answers3