Loading ...
Sorry, an error occurred while loading the content.
 

Something like address based relay just the other way around

Expand Messages
  • Tobi
    Hello I just wonder whether my idea is technically possible to fullfill with Postfix. I already use sender based relaying which works fine. My problem is that
    Message 1 of 7 , Nov 30, 2009
      Hello

      I just wonder whether my idea is technically possible to fullfill with
      Postfix. I already use sender based relaying which works fine.
      My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
      would say for 80% of the receivers is no problem to send the emails
      directly (direct-mx). Some domains or receivers do not accept this due to
      dynamic IP block. No problem I thought I could set up a receiver-based
      relay, but unfortunatly I did not find anything about it in Postfix doc
      (maybe I looked for the wrong keywords).
      So my question is: Is there a way to conditionally relay emails based on
      the receivers address/domain? So I could send emails for defined
      addresses/domains via my ISP mailserver instead of direct-mx.
      Is there a way to do this in Postfix?

      Thanks a lot for all tipps/hints
      Cheers

      tobi
    • Wietse Venema
      ... See this URL: http://www.postfix.org/transport.5.html If I am not mistaken, this has precedence over sender-dependent features. Wietse
      Message 2 of 7 , Nov 30, 2009
        Tobi:
        > Hello
        >
        > I just wonder whether my idea is technically possible to fullfill with
        > Postfix. I already use sender based relaying which works fine.
        > My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
        > would say for 80% of the receivers is no problem to send the emails
        > directly (direct-mx). Some domains or receivers do not accept this due to
        > dynamic IP block. No problem I thought I could set up a receiver-based
        > relay, but unfortunatly I did not find anything about it in Postfix doc
        > (maybe I looked for the wrong keywords).

        See this URL: http://www.postfix.org/transport.5.html

        If I am not mistaken, this has precedence over sender-dependent features.

        Wietse

        > So my question is: Is there a way to conditionally relay emails based on
        > the receivers address/domain? So I could send emails for defined
        > addresses/domains via my ISP mailserver instead of direct-mx.
        > Is there a way to do this in Postfix?
        >
        > Thanks a lot for all tipps/hints
        > Cheers
        >
        > tobi
        >
        >
      • tobi
        ... Hello I tried according to Wietse s link to the manual and it works 50% ;-) The email is properly forwarded according to receivers domain with the values
        Message 3 of 7 , Nov 30, 2009
          Wietse Venema schrieb:
          > Tobi:
          >
          >> Hello
          >>
          >> I just wonder whether my idea is technically possible to fullfill with
          >> Postfix. I already use sender based relaying which works fine.
          >> My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
          >> would say for 80% of the receivers is no problem to send the emails
          >> directly (direct-mx). Some domains or receivers do not accept this due to
          >> dynamic IP block. No problem I thought I could set up a receiver-based
          >> relay, but unfortunatly I did not find anything about it in Postfix doc
          >> (maybe I looked for the wrong keywords).
          >>
          >
          > See this URL: http://www.postfix.org/transport.5.html
          >
          > If I am not mistaken, this has precedence over sender-dependent features.
          >
          > Wietse
          >
          >
          >> So my question is: Is there a way to conditionally relay emails based on
          >> the receivers address/domain? So I could send emails for defined
          >> addresses/domains via my ISP mailserver instead of direct-mx.
          >> Is there a way to do this in Postfix?
          >>
          >> Thanks a lot for all tipps/hints
          >> Cheers
          >>
          >> tobi
          >>
          >>
          >>
          >
          >
          Hello

          I tried according to Wietse's link to the manual and it works 50% ;-)
          The email is properly forwarded according to receivers domain with the
          values in transport conf file
          But now Postfix has no user details to perform a SMTP Authentication at
          the defined relay server. smtp tries to relay without auth which my
          providers server don't like. If I'm using sender_dependent_relay then
          smtp takes the details from my sasl password file and therefore can
          perform an auth at the relay server.
          So my next question is how to tell transport where to lookup for the
          login credentials to send an email through an external relay server
          which expects user auth.

          Is there a way which I have not found in the manual to tell Postfix the
          necessary details? Or is it not possible by design?

          Thanks and cheers

          tobi
        • Wietse Venema
          tobi: [ Charset ISO-8859-1 unsupported, converting... ] ... Then you made too many transport map entries. Wietse
          Message 4 of 7 , Nov 30, 2009
            tobi:
            [ Charset ISO-8859-1 unsupported, converting... ]
            > Wietse Venema schrieb:
            > > Tobi:
            > >
            > >> Hello
            > >>
            > >> I just wonder whether my idea is technically possible to fullfill with
            > >> Postfix. I already use sender based relaying which works fine.
            > >> My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
            > >> would say for 80% of the receivers is no problem to send the emails
            > >> directly (direct-mx). Some domains or receivers do not accept this due to
            > >> dynamic IP block. No problem I thought I could set up a receiver-based
            > >> relay, but unfortunatly I did not find anything about it in Postfix doc
            > >> (maybe I looked for the wrong keywords).
            > >
            > > See this URL: http://www.postfix.org/transport.5.html
            > >
            > > If I am not mistaken, this has precedence over sender-dependent features.
            >
            > I tried according to Wietse's link to the manual and it works 50% ;-)
            > The email is properly forwarded according to receivers domain with the
            > values in transport conf file
            > But now Postfix has no user details to perform a SMTP Authentication at
            > the defined relay server. smtp tries to relay without auth which my
            > providers server don't like. If I'm using sender_dependent_relay then

            Then you made too many transport map entries.

            Wietse
          • tobi
            ... Thanks for your patience :-) But I only have two entries in transport which look like this cat /opt/etc/postfix/transport | grep -v # postfix.org
            Message 5 of 7 , Nov 30, 2009
              Wietse Venema schrieb:
              > tobi:
              > [ Charset ISO-8859-1 unsupported, converting... ]
              >
              >> Wietse Venema schrieb:
              >>
              >>> Tobi:
              >>>
              >>>
              >>>> Hello
              >>>>
              >>>> I just wonder whether my idea is technically possible to fullfill with
              >>>> Postfix. I already use sender based relaying which works fine.
              >>>> My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
              >>>> would say for 80% of the receivers is no problem to send the emails
              >>>> directly (direct-mx). Some domains or receivers do not accept this due to
              >>>> dynamic IP block. No problem I thought I could set up a receiver-based
              >>>> relay, but unfortunatly I did not find anything about it in Postfix doc
              >>>> (maybe I looked for the wrong keywords).
              >>>>
              >>> See this URL: http://www.postfix.org/transport.5.html
              >>>
              >>> If I am not mistaken, this has precedence over sender-dependent features.
              >>>
              >> I tried according to Wietse's link to the manual and it works 50% ;-)
              >> The email is properly forwarded according to receivers domain with the
              >> values in transport conf file
              >> But now Postfix has no user details to perform a SMTP Authentication at
              >> the defined relay server. smtp tries to relay without auth which my
              >> providers server don't like. If I'm using sender_dependent_relay then
              >>
              >
              > Then you made too many transport map entries.
              >
              > Wietse
              >
              >
              Thanks for your patience :-)
              But I only have two entries in transport which look like this

              cat /opt/etc/postfix/transport | grep -v "#"
              postfix.org smtp:[smtp.mysip.ch]:587
              domain.tld smtp:[smtp.myotherisp.ch]:587

              And only once in the config (main.cf transport_maps...).
              I can see the unauthorized relay attempts with myisp.ch/myotherisp.ch in
              the Postfix logs. So I assume that no login credentials were used. Is
              transport meant to use the data from sender_relay and sasl_passwd files
              to login to the relay servers?

              Regards

              tobi
            • tobi
              ... Problem found 30cm in front of the screen. After changing the transport postfix.org smtp:[smtp.mysip.ch]:submission domain.tld
              Message 6 of 7 , Nov 30, 2009
                tobi schrieb:
                > Wietse Venema schrieb:
                >
                >> tobi:
                >> [ Charset ISO-8859-1 unsupported, converting... ]
                >>
                >>
                >>> Wietse Venema schrieb:
                >>>
                >>>
                >>>> Tobi:
                >>>>
                >>>>
                >>>>
                >>>>> Hello
                >>>>>
                >>>>> I just wonder whether my idea is technically possible to fullfill with
                >>>>> Postfix. I already use sender based relaying which works fine.
                >>>>> My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
                >>>>> would say for 80% of the receivers is no problem to send the emails
                >>>>> directly (direct-mx). Some domains or receivers do not accept this due to
                >>>>> dynamic IP block. No problem I thought I could set up a receiver-based
                >>>>> relay, but unfortunatly I did not find anything about it in Postfix doc
                >>>>> (maybe I looked for the wrong keywords).
                >>>>>
                >>>>>
                >>>> See this URL: http://www.postfix.org/transport.5.html
                >>>>
                >>>> If I am not mistaken, this has precedence over sender-dependent features.
                >>>>
                >>>>
                >>> I tried according to Wietse's link to the manual and it works 50% ;-)
                >>> The email is properly forwarded according to receivers domain with the
                >>> values in transport conf file
                >>> But now Postfix has no user details to perform a SMTP Authentication at
                >>> the defined relay server. smtp tries to relay without auth which my
                >>> providers server don't like. If I'm using sender_dependent_relay then
                >>>
                >>>
                >> Then you made too many transport map entries.
                >>
                >> Wietse
                >>
                >>
                >>
                > Thanks for your patience :-)
                > But I only have two entries in transport which look like this
                >
                > cat /opt/etc/postfix/transport | grep -v "#"
                > postfix.org smtp:[smtp.mysip.ch]:587
                > domain.tld smtp:[smtp.myotherisp.ch]:587
                >
                > And only once in the config (main.cf transport_maps...).
                > I can see the unauthorized relay attempts with myisp.ch/myotherisp.ch in
                > the Postfix logs. So I assume that no login credentials were used. Is
                > transport meant to use the data from sender_relay and sasl_passwd files
                > to login to the relay servers?
                >
                > Regards
                >
                > tobi
                >
                Problem found 30cm in front of the screen.
                After changing the transport

                postfix.org smtp:[smtp.mysip.ch]:submission
                domain.tld smtp:[smtp.myotherisp.ch]:submission

                it works. I thought :587 would be the same as :submission
              • Victor Duchovni
                ... It is, essentially, the difference is that :submission can break if your /etc/services is incomplete, NIS is not working, ... while the 587, works all
                Message 7 of 7 , Nov 30, 2009
                  On Mon, Nov 30, 2009 at 11:02:22PM +0100, tobi wrote:

                  > > cat /opt/etc/postfix/transport | grep -v "#"
                  > > postfix.org smtp:[smtp.mysip.ch]:587
                  > > domain.tld smtp:[smtp.myotherisp.ch]:587
                  >
                  > Problem found 30cm in front of the screen.
                  > After changing the transport
                  >
                  > postfix.org smtp:[smtp.mysip.ch]:submission
                  > domain.tld smtp:[smtp.myotherisp.ch]:submission
                  >
                  > it works. I thought :587 would be the same as :submission

                  It is, essentially, the difference is that ":submission" can break if
                  your /etc/services is incomplete, NIS is not working, ... while the 587,
                  works all the time.

                  The other difference is that by changing the nexthop, you have also
                  changed the lookup key for smtp_sasl_password_maps, smtp_tls_policy_maps,
                  and any other per-destination SMTP client tables.

                  You may have incorrect data for the ":587" lookup key in some cases.

                  Finally, changing the table source, may have resulted in an actual update
                  of the index file via "postmap", previously not carried out correctly.

                  --
                  Viktor.

                  Disclaimer: off-list followups get on-list replies or get ignored.
                  Please do not ignore the "Reply-To" header.

                  To unsubscribe from the postfix-users list, visit
                  http://www.postfix.org/lists.html or click the link below:
                  <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                  If my response solves your problem, the best way to thank me is to not
                  send an "it worked, thanks" follow-up. If you must respond, please put
                  "It worked, thanks" in the "Subject" so I can delete these quickly.
                Your message has been successfully submitted and would be delivered to recipients shortly.