Postfix: selecting relay host based on From: mail header rather than envelope sender

emailpostfixsmtp-headers

I've successfully set Postfix to relay emails via Mandrill using SASL and sender_dependent_relayhost_maps with a MySQL table so that different senders connect to Mandrill using their own Mandrill username and API key.

So far so good, but I've got three users that all use an Email Service Provider and the Sender in the message envelope is set to "mailer@infusionmail.com" for all three users, and the only place containing the actual user's email address is in the From: email header.

I'm happy with the security (or lack thereof) of using the From: email header as I'm only forwarding mails sent to specific email addresses that are tightly controlled, but I'd be really grateful for suggestions as to how I can best specify the relayhost based on the value of the From: header. Is there any way to set the envelope value to be the same as the From field? Or any other way to do this?

Best Answer

Based on this thread on postfix mailing-list: different transport for all mail introduced via sendmail(1), looks like your case was possible. Unfortunately you can't only rely on two tables sender_dependent_relayhost_maps and smtp_sasl_password_maps. You need modify master.cf. The idea is using header_checks to route email to different transport. Then in each transport, we define smtp client that use independent credential and relayhost.

First define header_checks in main.cf and its pcre table

#main.cf
header_checks = pcre:/etc/postfix/header_dependent_relay

#/etc/postfix/header_dependent_relay

/^From:.*specialsender1\@example\.com/       smtp1:[host1.example.com]
/^From:.*specialsender2\@example\.com/       smtp2:[host2.example.com]
/^From:.*specialsender3\@example\.com/       smtp3:[host3.example.com]

Good, now we setup smtp1,smtp2,smtp3 transport in master.cf

#master.cf
smtp1    unix  -       -       -       -       10       smtp
    -o smtp_sasl_password_maps=hash:/etc/postfix/smtp1.relay
smtp2    unix  -       -       -       -       10       smtp
    -o smtp_sasl_password_maps=hash:/etc/postfix/smtp2.relay
smtp3    unix  -       -       -       -       10       smtp
    -o smtp_sasl_password_maps=hash:/etc/postfix/smtp3.relay

File smtpX.relay has similar content e.g.

[hostX.example.com]   userX:passwordX

Disclaimer:

The hash table of smtp_sasl_password_maps is only for example. You can replace it with mysql table.
You can also replace pcre table of header_checks with combination of SELECT and REGEXP in MySQL . But it may kill your database as postfix will hit MySQL for every header line

Related Solutions

Postfix sasl relay host

If you want the SMTP connection from your MTA to mailhost.zen.co.uk to be SASL auth'd, you want the smtp_sasl_* parameters, not the smtpd_sasl_* parameters. The latter is for when you're the receiving MTA, while the former are for when you're connecting to another MTA, as you appear to want to do here.

Postfix Configuration – Different Outgoing Hosts Based on Sender

Are you sure you're after sender_dependent_default_transport_maps, and not sender_dependent_relayhost_maps? In either case, I'm pretty sure the format is like any of the other _maps tables:

theirmail@senderdomain.com      smtp.gmail.com
@someothersenderdmn.com         smtp.gmail.com

The first being an exact sender match, the second being a domain level match.

That being said, I'm pretty sure Google isn't going to allow you to relay through them without authenticating, and as you're handling relaying for multiple users, I'm sure you don't want to setup that kind of relaying setup, nor will they likely want to disclose their passwords to you.

Best Answer

Related Solutions

Postfix sasl relay host

Postfix Configuration – Different Outgoing Hosts Based on Sender

Related Topic