Linux – Delivering mail for some users to external SMTP while the domain is local on Postfix

centos7linuxpostfix

I want to send mail to an outside Office 365 account with the same domain I have for local accounts.

When I try to send mail to this address outside, Postfix rejects it with error "Account not available".
So, I want Postfix to send mail to outside account for same domain, if that account is not present locally.

For example I have two email address abc@example.com and xyz@example.com.

abc@example.com is present in local server
xyz@example.com is an account on Office 365 external mailserver.

Now, I want to send mail to xyz@example.com from Postfix from any local account. The domain example.com is added to relay_domains also, but Postfix still rejects mail with error "recipient not present".

Best Answer

As you already have example.com as a local domain configured in either mydestination or virtual_alias_domains you can't achieve this by also adding it to relay_domains.

Instead, you should add a transport(5) map that can override delivery rules defined by the default transport:nexthop used by mydestination, virtual_alias_domains etc.

DESCRIPTION

The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next-hop destinations. Message delivery transports such as local or smtp are defined in the master.cf file, and next-hop destinations are typically hosts or domain names. The table is searched by the trivial-rewrite(8) daemon.

This mapping overrides the default transport:nexthop selection that is built into Postfix.

Add transport_maps to your /etc/postfix/main.cf:

transport_maps = hash:/etc/postfix/transport

And then add to /etc/postfix/transport:

xyz@example.com    smtp:example-com.mail.protection.outlook.com
@example.com       :
*                  :

(Remember to postmap /etc/postfix/transport as you are using hash, Berkeley DB lookup table.)

This will use default transport rules for all @example.com and anything else (*) leaving other delivery configuration as is, but forward all email to xyz@example.com to Office 365 via SMTP: the default pattern for Office 365 MX record for companies is <domain>.mail.protection.outlook.com.

Using transport_maps is a global solution that will work with any external SMTP server. In a specific scenario, where a) the external account is on Office 365 and b) domain is configured on Postfix virtual_alias_domains it could also be possible to add a virtual alias redirecting all mail to Office 365 user's initial domain (tenant) address, xyz@example.com xyz@contoso.onmicrosoft.com.

Related Solutions

Linux – How to correct Postfix’ ‘Relay Access Denied’

TLS just enables encryption on the smtp session and doesn't directly affect whether or not Postfix will be allowed to relay a message.

The relaying denied message occurs because the smtpd_recipient_restrictions rules was not matched. One of those conditions must be fulfilled to allow the message to go through:

smtpd_recipient_restrictions =
    permit_sasl_authenticated
    check_recipient_access hash:/etc/postfix/filtered_domains
    permit_mynetworks
    reject_unauth_destination

To explain those rules:

permit_sasl_authenticated

permits authenticated senders through SASL. This will be necessary to authenticate users outside of your network which are normally blocked.

check_recipient_access

This will cause postfix to look in /etc/postfix/filtered_domains for rules based on the recipient address. (Judging by the file name on the file name, it is probably just blocking specific domains... Check to see if gmail.com is listed in there?)

permit_mynetworks

This will permit hosts by IP address that match IP ranges specified in $mynetworks. In the main.cf you posted, $mynetworks was set to 127.0.0.1, so it will only relay emails generated by the server itself.

Based on that configuration, your mail client will need to use SMTP Authentication before being allowed to relay messages. I'm not sure what database SASL is using. That is specified in /usr/lib/sasl2/smtpd.conf Presumably it also uses the same database as your virtual mailboxes, so you should be able enable SMTP authentication in your mail client and be all set.

Postfix MX – Configure Postfix to Use External MX Servers for Delivery of Local Mail if User is Unknown

Do you need the postfix server to be responsible for example.com? (Do you ever want mail to be delivered there instead of to google?) If you always want mail for local example users to go to their google, remove $mydomain from the mydestination parameter in main.cf. This will not alter where the mails appear to be coming from for outside users. (That is controlled by "myorigin")

Since postfix either thinks it is responsible for the domain or not, there is no easy way to split the domain up so some mail gets delivered locally and some gets delivered to google. You can do some tricks by putting in forwarding rules or with transport mapping, but then you'd need to specify google or local for each user. I kind of doubt you really want to do that.

Best Answer

Related Solutions

Linux – How to correct Postfix’ ‘Relay Access Denied’

Postfix MX – Configure Postfix to Use External MX Servers for Delivery of Local Mail if User is Unknown

Related Topic