edoceo

Postfix on Local Network as Relay Host

This configuration provides for the configuration where Postfix is running on an in-office server. Users in the office/branch use this system to send mail internally. External mail is relayed to a central mail-server such as main office or ISP

Relay Host Configuration

The primary tool here is the relayhost directive, which instructs postfix to send all mail through that host.

allow_percent_hack = no
biff = no
bounce_queue_lifetime = 2h
default_destination_concurrency_limit = 2
disable_vrfy_command = yes
initial_destination_concurrency = 2
maximal_queue_lifetime = 4h
message_size_limit = 4096
mydomain = edoceo-demo.com
myhostname = branch-office.edoceo-demo.com
mynetworks = 10.0.0.0/8
relay_domains = 
relayhost = [service provider mail host]
smtpd_banner = $myhostname - private smtp
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions =
smtpd_sender_restrictions =
strict_mime_encoding_domain = yes
strict_rfc821_envelopes = yes

Sender Specific Relay Host

A super cool feature of Postfix is that relay-hosts can be updated on a per-sender basis. So, the relay-host configuration can service multiple individuals/accounts through multiple relay hosts.

Modify the example above with the following

relayhost = smtp.example-isp.com
sender_dependent_relayhost_maps = /etc/postfix/sender_dependent_relayhost_maps

And, this sender_dependent_relayhost_maps file is a transport(5) type, with the following contents.

# specific user through specific provider
user@edoceo-demo.com   smtp:[smtp.provider.tld]

# whole domain through specific provider
.edoceo-demo.com   smtp:[smtp.provider.tld:465]

Relay Hosts with Passwords/AUTH/SASL

Some times the relay-host will need some authentication information, to connect and authenticate the SMTP session. Using the smtp_sasl_password_maps stuff you can do this.

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_maps
# May be necessary depending ISP 
# smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes

And smtp_sasl_password_maps file looks like:

# specific user through specific provider
user1@example.com              user:pass

smtp:[smtp.provider.tld]       user:pass

# whole domain through specific provider
smtp:[smtp.provider.tld:465]   user:pass

See Also

Loading Comments from Disqus...