0

We have a postfix server with courier mailboxes for our organization. Some members want to use Google apps for business which we have set up as the primary mailser to receive mail and to then forward them to our mailserver where we keep a copy of all mailboxes. We need the mailboxes on our server since not everyone is using google apps for business. Postfix is still set up to send out mails from our domain which makes sense to maintain because of spam reputation etc. The issue is that emails send from the postfix server dont make it to google apps for business as postfix recognizes that the mailbox also exists locally and just delivers them there instead of sending them to the mailserver registered as the mx record. Some research and this question suggests that this problem can be solved by setting up one postfix instance to send mail and a separate instance to receive mail.

The question is: what is the easiest way to set the second instance (mail sender) to authenticate against the first instance (mail receiver).

Community
  • 1
joidegn
  • 123
  • 5

1 Answers1

2

As Postfix doesn't internally have other authentication than the network address based, it has only support for SASL authentication and uses external SASL providers, like Dovecot.

Both of the linked articles has examples of using UNIX sockets for the communication between Postfix and the SASL provider. If you use TCP sockets, instead, you'll gain the ability to use SASL provider from different server, i.e. both servers can use the same Dovecot for authentication.

If the servers aren't directly on the same secure (internal) network, you probably want to setup a VPN between them rather than allowing SASL authentication over the Internet; that would be a real security risk!

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129