Prev: Problem with tcp_table server
Next: Confgure Postfix to allow relay for a specific IP
From: Victor Duchovni on 8 Jul 2010 23:54
On Thu, Jul 08, 2010 at 09:17:28PM -0500, Stan Hoeppner wrote:

> Ville Walveranta put forth on 7/8/2010 9:14 PM:
> > sender_dependent_relayhost_maps works except that the other settings
> > affecting the relay aren't conditionalized by the defined relayhost
> > maps. In this case the relayhost for the externally relayed
> > "business" domains requires TLS and authentication while the relay for
> > the local domain (being the local Postfix) does not.
> >
> > So my follow-up question is this: is it possible to affect other relay
> > parameters such as smtp_sasl_auth_enable or smtp_tls_security_level
> > with the sender_dependent_relayhost_maps?
>
> Something tells me you'll answer your own question before we get a chance to. ;)

TLS security levels are configurable per nexthop destination
as documented. SASL logins are also specified via the table of
per-destination user:password pairs. It is not clear what's missing.

--
Viktor.

From: Ville Walveranta on 9 Jul 2010 02:37
On Thu, Jul 8, 2010 at 10:54 PM, Victor Duchovni
<Victor.Duchovni(a)morganstanley.com> wrote:
> TLS security levels are configurable per nexthop destination
> as documented.  SASL logins are also specified via the table of
> per-destination user:password pairs. It is not clear what's missing.

I'll read more. The only thing that may be missing is my awareness of
the available configuration options.

Thanks for pointing those out.

Ville

From: Ville Walveranta on 9 Jul 2010 17:25
Resolved!

Another concurrent thread "SASL Authentication per recipient domain"
gave additional clues.

I ended up using a PCRE map for sender_dependent_relayhost_maps
(domain names changed to protect the innocent and to better illustrate
what was done):

main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps =
hash:$config_directory/tables/smtp_sasl_password_maps
sender_dependent_relayhost_maps =
pcre:$config_directory/tables/smtp_relayhost_maps.pcre
smtp_tls_policy_maps = hash:$config_directory/tables/smtp_tls_policy_maps

smtp_sasl_password_maps:
[external.relaydomain.com]:2000 relayuser(a)relaydomain.com:password

smtp_relayhost_maps.pcre:
!/@mylocaldomain\.net$/ [external.relaydomain.com]:2000

smtp_tls_policy_maps:
[external.relaydomain.com]:2000 encrypt


Now all locally accepted domains except for "mylocaldomain.net" are
relayed via external.relaydomain.com listening at port 2000. TLS and
SASL authentication are used for external.relaydomain.com while emails
sent from mylocaldomain.net domain are delivered directly to recipient
smtp servers without SASL authentication or TLS.

In the end the resolution always tends to be rather simple, but for
people who don't live & breathe Postfix the (admittedly very good)
documentation can be a beast to comb through to find the appropriate
parameters and their application. But I'm not complaining, the more
documentation the better! Whenever I work with Postfix I still always
marvel its flexibility as compared to the ol' qmail I used to run few
years back.

Ville

First  |  Prev  | 
Pages: 1 2
Prev: Problem with tcp_table server
Next: Confgure Postfix to allow relay for a specific IP