I have two gmail accounts, and I want to configure my local postfix server as a client which does SASL authentication with smtp.gmail.com:587 with credentials that depend on the sender address.
So, let's say that my gmail accounts are: acc1@gmail.com
and acc2@gmail.com
. If I sent a mail with acc1@gmail.com
in the FROM
header field, then postfix should use the credentials: acc1@gmail.com:psswd1
to do SASL authentication with gmail SMTP server. Similarly with acc2@gmail.com
, it should use acc2@gmail.com:passwd2
. Sounds fairly simple.
Well, I followed the postfix official documentation at http://www.postfix.org/SASL_README.html, and I ended up with the following relevant configurations:
/etc/postfix/main.cf
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_tls_security_level = secure
smtp_tls_CAfile = /etc/ssl/certs/Equifax_Secure_CA.pem
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
relayhost = smtp.gmail.com:587
/etc/postfix/sasl_passwd
acc1@gmail.com acc1@gmail.com:passwd1
acc2@gmail.com acc2@gmail.com:passwd2
smtp.gmail.com:587 acc1@gmail.com:passwd1
/etc/postfix/sender_relay
acc1@gmail.com smtp.gmail.com:587
acc2@gmail.com smtp.gmail.com:587
After I'm done with the configurations I did:
$ postmap /etc/postfix/sasl_passwd
$ postmap /etc/postfix/sender_relay
$ /etc/init.d/postfix restart
The problem is that when I send a mail from acc2@gmail.com
, the message ends up in the destination with sender address acc1@gmail.com
and NOT acc2@gmail.com
, which means that postfix always ignores the per-sender configurations and send the mail using the default credentials (the third line in /etc/postfix/sasl_passwd
above). I checked the configurations multiple times and even compared them to those in various blog posts addressing the same issue but found them to be more or less the same as mine. So, can anyone point me in the right direction, in case I'm missing something?
Many thanks.
EDIT:
Here is what goes into /var/log/mail.log when I send a mail from acc2@gmail.com to another "obfuscated" mail address, acc3@isp.com
Sep 11 17:28:24 host postfix/pickup[13235]: D0E71A4167D: uid=1000 from=<marwan>
Sep 11 17:28:24 host postfix/cleanup[13259]: D0E71A4167D: message-id=<20120911152824.GX10881@host>
Sep 11 17:28:24 host postfix/qmgr[13236]: D0E71A4167D: from=<marwan@host>, size=413, nrcpt=1 (queue active)
Sep 11 17:28:25 host postfix/smtp[13263]: setting up TLS connection to smtp.gmail.com[173.194.70.108]:587
Sep 11 17:28:25 host postfix/smtp[13263]: Verified TLS connection established to smtp.gmail.com[173.194.70.108]:587: TLSv1 with cipher RC4-SHA (128/128 bits)
Sep 11 17:28:32 host postfix/smtp[13263]: D0E71A4167D: to=<acc3@isp.com>, relay=smtp.gmail.com[173.194.70.108]:587, delay=7.8, delays=0.1/0/2.7/5, dsn=2.0.0, status=sent (250 2.0.0 OK 1347377285 25sm9995878bkx.9)
Sep 11 17:28:32 host postfix/qmgr[13236]: D0E71A4167D: removed
As for the MAIL FROM command I noticed it when I increased the tls logging level:
Sep 11 18:26:53 host postfix/smtp[14287]: Write 42 chars: MAIL FROM:<marwan@host> SIZE=405 AUTH=<>
So, is the MAIL FROM command supposed to contain acc2@gmail.com? and if it is, what should I do to make it that way.
BTW, I didn't edit that last line; my local hostname is "host" and my local usename is "marwan".
Thanks again.
Best Answer
Postfix (and indeed any MTA) doesn't care about FROM headers.
The sender_dependent_relayhost_maps setting looks at the envelope (SMTP MAIL FROM) address.
Please include the relevant logs that show what happens when you attempt to send mail using one of the exceptions.