7

I've already answered my own question and may later update this question to reflect on my starting point/the steps I took to get to my solution, but figured I would ask a question that I started with and the result that took me an unreasonable many hours of research, and trial and error, to get to. Please make any edits, or propose your own postfix/main.cf solution as I still have much to learn.

Introduction to Problem

So I self-host a few things on my server at "example.com" and set up Postfix as my mail transfer agent (MTA). On my mail server, I have a virtual_alias setup to receive emails for particular "email_users@example.com" to my username on the server. My Alma mater has email forwarding enabled so that emails to "student@college.edu", or "alum@alum.college.edu" are forwarded to "email_users@example.com" and received in my user inbox. Essentially all emails (to my .edu or my .com) go to /home/user/Maildir/new.

When writing emails using MUTT (my preferred MUA), I will occasionally change my email "FROM" field to be "student@college.edu", "alumnus@alum.college.edu", or by default reply with whatever reply-to field is enabled. The desired behavior for my mail server outbound to other servers is as follows:

  1. On emails with "FROM: *@example.com" - route the email via SMTP through local Postfix MTA directly to the internet. (* representing wildchar)
  2. On emails with "FROM: student@college.edu", route the email via SMTP through local Postfix MTA and relay it to another SMTP server WITH authentication so that the other server delivers without any soft-fail or bounces (in this case the college SMTP server).

To be clear, this is a question of configuration of Postfix when the user would like to send mail from: local Postfix MTA -> external SMTP server -> recipient via internet.

These questions/how-tos have generally omitted a clear answer, are not asking the same thing and require a better asking title, or are how-tos that only begin to answer the beginning of this setup:

Of course the full documentation is helpful, but quite verbose and hard to figure out in a timely manner if you are new to Postfix. For instance, you may expect to find this under SMTP Relay/Access Control, but the main aspect I was missing was under general configuration in SASL Auth.

jsonV
  • 1,650
  • 2
  • 9
  • 23
  • 1
    Thanks a LOT! I thought about this a while ago but gave up because it seemed too daunting. Now with your help, I've set it up successfully in less than an hour! – codeling Mar 22 '23 at 08:58
  • No problem, glad it helped! It's been a few years since I've made this post, but while I'm here, here's a great resource I used to upgrade my email server configuration from back then: https://www.sidequestninja.com/blog/hello-world-this-is-an-email/ and its accompanying YT video: https://www.youtube.com/watch?v=6SfXXtb-nHM. It certainly made the whole process of self-hosting a mail server less daunting and more guided. – jsonV Apr 02 '23 at 15:03

1 Answers1

9

In order to relay the email to another SMTP server without always relaying by default make use of sender_dependent_relayhost_maps in configuration file (/etc/postfix/main.cf). If you're using relayhost, don't.

Note: smtp is used in outgoing mail and smtpd is the daemon for incoming mail

/etc/postfix/main.cf 

 smtp_use_tls = yes
 smtp_sender_dependent_authentication = yes
 sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
 smtp_sasl_auth_enable = yes
 smtp_sasl_security_options = noanonymous
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_always_send_ehlo = yes
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Now in /etc/postfix/sender_relay, you must specify the email address that is going to be sent to the external SMTP server of interest:

Note: the bracket notation '[ ]' tells Postfix to not use the MX record. Usually the port number is 587

/etc/postfix/sender_relay

student@college.edu         [smtp.server.edu]:port
alumnus@alum.college.edu    [alum.smtpserver.edu]:port

Now when an email is sent with either of these addresses, it is relayed to these SMTP servers to send on your behalf. The last thing to do is authorize it with SASL.

Note: The SMTP server specified in sender_relay must match that in sasl_passwd, and the username:password pair in sasl_passwd should match the user you are sending from in sender_relay and its corresponding password pair. Failure to do so may result in pam_authenticate() errors in /var/log/mail.log

/etc/postfix/sasl_passwd

[smtp.server.edu]:port      student:password
[alum.smtpserver.edu]:port  alumnus:password

Since you're entering plaintext sensitive information here, make sure you update the ownership permissions if you haven't before:

sudo chmod 600 /etc/postfix/sasl_passwd

The last thing to do is use postmap to update these files and reload postfix with the new configuration:

sudo postmap sasl_passwd
sudo postmap sender_relay
sudo postfix reload
jsonV
  • 1,650
  • 2
  • 9
  • 23