Loading ...
Sorry, an error occurred while loading the content.

Sender transport settings not override default transport

Expand Messages
  • <info@...>
    Hi all, I m facing with a strange problem with my Postfix machine. I have some different IP addresses and dovecot as po3-before-smtp authentication system. I
    Message 1 of 9 , Jul 15, 2014
    • 0 Attachment
      Hi all,
      I'm facing with a strange problem with my Postfix machine.
      I have some different IP addresses and dovecot as po3-before-smtp
      authentication system.
      I can login to postfix using username1@... + password and send
      emails using default smtp transport (these emails are sent through the same
      IP where the user was logged in).
      Now I want to setup another IP to be used as the former one: a user can
      login using username2@... on second IP and his emails must have to
      be delivered through this second IP.
      In practice I want this:
      [ user 1 ] authenticating on IP1 => postfix sends emails using transport on
      IP1
      [ user 2 ] authenticating on IP2 => postfix sends emails using transport on
      IP2
      [ user n ].....

      I tried to configure sender_dependent_default_transport_maps as here
      (regexp):
      /^username1\@mydomain\.com$/ smtp1:
      /^username2\@mydomain\.com$/ smtp2:

      and in master.cf I have:
      smtp unix - - n - - smtp
      smtp1 unix - - n - - smtp
      -o smtp_bind_address=x.y.z.d
      -o smtp_helo_name=mx1.mydomain.com
      -o syslog_name=postfix-smtp1
      smtp2 unix - - n - - smtp
      -o smtp_bind_address=x.y.z.f
      -o smtp_helo_name=mx2.mydomain.com
      -o syslog_name=postfix-smtp2

      The "smtp" transport is intended to be used from all other users and is the
      "default transport" of my Postfix instance.

      The PROBLEM is that this configuration is not executed and all emails are
      sent through default transport.
      Can you help me?
      Thanks a lot
      -Francesco



      ---
      Questa e-mail è priva di virus e malware perché è attiva la protezione avast! Antivirus.
      http://www.avast.com
    • <info@...>
      Good morning. Maybe I wasn t able to write a clear request :-( I ll try another way. I ve a set of IPs. I need to authenticate against each of them (useing
      Message 2 of 9 , Jul 18, 2014
      • 0 Attachment
        Good morning.
        Maybe I wasn't able to write a clear request :-( I'll try another way.

        I've a set of IPs. I need to authenticate against each of them (useing different accounts on the same domain: user1@... , user2@... , ) and want that emails are to be sent through the same IP.
        For instance, if user1 makes authentication (I use Postfix + Dovecot for a pop3-before-smtp) using IP1, his emails must go out through IP1. The same with user2 on IP2, etc.
        How can I reach this target?

        Thank you a lot.
        --Francesco

        -----Messaggio originale-----
        Da: owner-postfix-users@... [mailto:owner-postfix-users@...] Per conto di info@...
        Inviato: martedì 15 luglio 2014 15:45
        A: postfix-users@...
        Oggetto: Sender transport settings not override default transport

        Hi all,
        I'm facing with a strange problem with my Postfix machine.
        I have some different IP addresses and dovecot as po3-before-smtp authentication system.
        I can login to postfix using username1@... + password and send emails using default smtp transport (these emails are sent through the same IP where the user was logged in).
        Now I want to setup another IP to be used as the former one: a user can login using username2@... on second IP and his emails must have to be delivered through this second IP.
        In practice I want this:
        [ user 1 ] authenticating on IP1 => postfix sends emails using transport on
        IP1
        [ user 2 ] authenticating on IP2 => postfix sends emails using transport on
        IP2
        [ user n ].....

        I tried to configure sender_dependent_default_transport_maps as here
        (regexp):
        /^username1\@mydomain\.com$/ smtp1:
        /^username2\@mydomain\.com$/ smtp2:

        and in master.cf I have:
        smtp unix - - n - - smtp
        smtp1 unix - - n - - smtp
        -o smtp_bind_address=x.y.z.d
        -o smtp_helo_name=mx1.mydomain.com
        -o syslog_name=postfix-smtp1
        smtp2 unix - - n - - smtp
        -o smtp_bind_address=x.y.z.f
        -o smtp_helo_name=mx2.mydomain.com
        -o syslog_name=postfix-smtp2

        The "smtp" transport is intended to be used from all other users and is the "default transport" of my Postfix instance.

        The PROBLEM is that this configuration is not executed and all emails are sent through default transport.
        Can you help me?
        Thanks a lot
        -Francesco



        ---
        Questa e-mail è priva di virus e malware perché è attiva la protezione avast! Antivirus.
        http://www.avast.com


        ---
        Questa e-mail è priva di virus e malware perché è attiva la protezione avast! Antivirus.
        http://www.avast.com
      • Wietse Venema
        ... To properly implement distinct MTA personalities, use one MTA per IP address: http://www.postfix.org/MULTI_INSTANCE_README.html. Unfortunately some (Linux)
        Message 3 of 9 , Jul 18, 2014
        • 0 Attachment
          info@...:
          > Good morning.
          > Maybe I wasn't able to write a clear request :-( I'll try another way.
          >
          > I've a set of IPs. I need to authenticate against each of them
          > (useing different accounts on the same domain: user1@... ,
          > user2@... , ) and want that emails are to be sent through
          > the same IP. For instance, if user1 makes authentication (I use
          > Postfix + Dovecot for a pop3-before-smtp) using IP1, his emails
          > must go out through IP1. The same with user2 on IP2, etc. How can
          > I reach this target?

          To properly implement distinct MTA personalities, use one MTA per
          IP address: http://www.postfix.org/MULTI_INSTANCE_README.html.
          Unfortunately some (Linux) distributions tinker with Postfix and
          unintentionally break multi-instance support. You may have to shop
          around or build from source.

          It is possible to implement a partial solution with master.cf overrides:

          # filter without nexthop, requires Postfix 2.7.
          address1:smtp .. .. .. .. .. .. smtpd -o filter=smtp1:
          address2:smtp .. .. .. .. .. .. smtpd -o filter=smtp2:

          smtp1 .. .. .. .. .. .. smtp -o smtp_bind_address=address1
          smtp2 .. .. .. .. .. .. smtp -o smtp_bind_address=address2

          http://www.postfix.org/postconf.5.html#smtp_bind_address
          http://www.postfix.org/master.5.html
          ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.7.16.RELEASE_NOTES

          Wietse
        • Wietse Venema
          ... To be clear, the following requires 2.7 or later.
          Message 4 of 9 , Jul 18, 2014
          • 0 Attachment
            Wietse Venema:
            > info@...:
            > > Good morning.
            > > Maybe I wasn't able to write a clear request :-( I'll try another way.
            > >
            > > I've a set of IPs. I need to authenticate against each of them
            > > (useing different accounts on the same domain: user1@... ,
            > > user2@... , ) and want that emails are to be sent through
            > > the same IP. For instance, if user1 makes authentication (I use
            > > Postfix + Dovecot for a pop3-before-smtp) using IP1, his emails
            > > must go out through IP1. The same with user2 on IP2, etc. How can
            > > I reach this target?
            >
            > To properly implement distinct MTA personalities, use one MTA per
            > IP address: http://www.postfix.org/MULTI_INSTANCE_README.html.
            > Unfortunately some (Linux) distributions tinker with Postfix and
            > unintentionally break multi-instance support. You may have to shop
            > around or build from source.

            To be clear, the following requires 2.7 or later.

            > It is possible to implement a partial solution with master.cf overrides:
            >
            > # filter without nexthop, requires Postfix 2.7.
            > address1:smtp .. .. .. .. .. .. smtpd -o filter=smtp1:
            > address2:smtp .. .. .. .. .. .. smtpd -o filter=smtp2:
            >
            > smtp1 .. .. .. .. .. .. smtp -o smtp_bind_address=address1
            > smtp2 .. .. .. .. .. .. smtp -o smtp_bind_address=address2
            >
            > http://www.postfix.org/postconf.5.html#smtp_bind_address
            > http://www.postfix.org/master.5.html
            > ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.7.16.RELEASE_NOTES
            >
            > Wietse
            >
          • Wietse Venema
            ... This partial solution does not work if you need delivery to local mailboxes. If you need local and remote deliveries, then the partial solution is to use
            Message 5 of 9 , Jul 18, 2014
            • 0 Attachment
              Wietse Venema:
              > Wietse Venema:
              > > info@...:
              > > > Good morning.
              > > > Maybe I wasn't able to write a clear request :-( I'll try another way.
              > > >
              > > > I've a set of IPs. I need to authenticate against each of them
              > > > (useing different accounts on the same domain: user1@... ,
              > > > user2@... , ) and want that emails are to be sent through
              > > > the same IP. For instance, if user1 makes authentication (I use
              > > > Postfix + Dovecot for a pop3-before-smtp) using IP1, his emails
              > > > must go out through IP1. The same with user2 on IP2, etc. How can
              > > > I reach this target?
              > >
              > > To properly implement distinct MTA personalities, use one MTA per
              > > IP address: http://www.postfix.org/MULTI_INSTANCE_README.html.
              > > Unfortunately some (Linux) distributions tinker with Postfix and
              > > unintentionally break multi-instance support. You may have to shop
              > > around or build from source.
              >
              > To be clear, the following requires 2.7 or later.
              >
              > > It is possible to implement a partial solution with master.cf overrides:
              > >
              > > # filter without nexthop, requires Postfix 2.7.

              This partial solution does not work if you need delivery to local
              mailboxes.

              If you need local and remote deliveries, then the partial solution
              is to use sender_dependent_default_transport_maps to select the
              SMTP delivery method based on the sender envelope (MAIL FROM)
              address, with "-o smtp_bind_address" overrides in master.cf to
              select the Postfix SMTP client IP address.

              Untested example:

              /etc/postfix/master.cf:
              address1:smtp .. .. .. .. .. .. smtpd
              address2:smtp .. .. .. .. .. .. smtpd
              smtp1 .. .. .. .. .. .. smtp -o smtp_bind_address=address1
              smtp2 .. .. .. .. .. .. smtp -o smtp_bind_address=address2

              /etc/postfix/main.cf:
              sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport

              /etc/postfix/sender_transport:
              @example1 smtp1
              @example2 smtp2
              @example3 dunno

              Wietse
            • <info@...>
              Many thanks Mr. Venema. I just tried a multi instance solution and it works very well. The problem is when the number of IPs become very large: what if 20
              Message 6 of 9 , Jul 18, 2014
              • 0 Attachment
                Many thanks Mr. Venema.

                I just tried a "multi instance" solution and it works very well. The problem
                is when the number of IPs become very large: what if 20 IPs => 20 Postfix
                instances? I believe that this way is resource-consuming and can't be
                scalable as I'd like.

                I also tried to use sender_dependent_default_transport_maps as you stated in
                the last message, but I cannot check against "sender envelope" (MAIL FROM)
                but against "account used for authentication" (the same for POP3).

                In fact, MAIL FROM headers are different from user/account used for smtp
                authentication. I have the same user@... for authenticating and
                sending on behalf of many FROM users (that are a variable-growing number).

                So my last questioni is: can I choose smtp transport based on user used for
                smtpd authentication?

                Thanks again for your help.
                Francesco


                ---
                Questa e-mail è priva di virus e malware perché è attiva la protezione avast! Antivirus.
                http://www.avast.com
              • Wietse Venema
                ... There is no such feature, or else it would be documented. If you don t want to implement multiple MTA personalities with multiple MTA instances, then there
                Message 7 of 9 , Jul 18, 2014
                • 0 Attachment
                  info@...:
                  > So my last questioni is: can I choose smtp transport based on user
                  > used for smtpd authentication?

                  There is no such feature, or else it would be documented.

                  If you don't want to implement multiple MTA personalities with
                  multiple MTA instances, then there are only partial solutions.

                  Wietse
                • Jose Borges Ferreira
                  ... Have you tried to use check_sasl_access table and return a FILTER smtp1: . You will need Postfix version 2.11 or later.
                  Message 8 of 9 , Jul 18, 2014
                  • 0 Attachment
                    On Fri, Jul 18, 2014 at 5:05 PM, <info@...> wrote:
                    > So my last questioni is: can I choose smtp transport based on user used for
                    > smtpd authentication?

                    Have you tried to use check_sasl_access table and return a "FILTER
                    smtp1:". You will need Postfix version 2.11 or later.

                    http://www.postfix.org/postconf.5.html#check_sasl_access
                  • Wietse Venema
                    ... That does not work because he also needs local delivery. Wietse
                    Message 9 of 9 , Jul 18, 2014
                    • 0 Attachment
                      Jose Borges Ferreira:
                      > On Fri, Jul 18, 2014 at 5:05 PM, <info@...> wrote:
                      > > So my last questioni is: can I choose smtp transport based on user used for
                      > > smtpd authentication?
                      >
                      > Have you tried to use check_sasl_access table and return a "FILTER
                      > smtp1:". You will need Postfix version 2.11 or later.

                      That does not work because he also needs local delivery.

                      Wietse
                    Your message has been successfully submitted and would be delivered to recipients shortly.