This configuration provides for the configuration where Postfix is running on an in-office server. Users in the office/branch use this system to send mail internally. External mail is relayed to a central mail-server such as main office or ISP
Relay Host Configuration
The primary tool here is the relayhost directive, which instructs postfix to send all mail through that host.
allow_percent_hack = no biff = no bounce_queue_lifetime = 2h default_destination_concurrency_limit = 2 disable_vrfy_command = yes initial_destination_concurrency = 2 maximal_queue_lifetime = 4h message_size_limit = 4096 mydomain = edoceo-demo.com myhostname = branch-office.edoceo-demo.com mynetworks = 10.0.0.0/8 relay_domains = relayhost = [service provider mail host] smtpd_banner = $myhostname - private smtp smtpd_client_restrictions = permit_mynetworks, reject smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_recipient_restrictions = smtpd_sender_restrictions = strict_mime_encoding_domain = yes strict_rfc821_envelopes = yes
Sender Specific Relay Host
A super cool feature of Postfix is that relay-hosts can be updated on a per-sender basis. So, the relay-host configuration can service multiple individuals/accounts through multiple relay hosts.
Modify the example above with the following
relayhost = smtp.example-isp.com sender_dependent_relayhost_maps = /etc/postfix/sender_dependent_relayhost_maps
And, this sender_dependent_relayhost_maps file is a transport(5) type, with the following contents.
# specific user through specific provider firstname.lastname@example.org smtp:[smtp.provider.tld] # whole domain through specific provider .edoceo-demo.com smtp:[smtp.provider.tld:465]
Relay Hosts with Passwords/AUTH/SASL
Some times the relay-host will need some authentication information, to connect and authenticate the SMTP session. Using the smtp_sasl_password_maps stuff you can do this.
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_maps # May be necessary depending ISP # smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes
And smtp_sasl_password_maps file looks like:
# specific user through specific provider email@example.com user:pass smtp:[smtp.provider.tld] user:pass # whole domain through specific provider smtp:[smtp.provider.tld:465] user:pass