Postfix / Mailgun Setup

Written by James McDonald

March 6, 2014

For each website domain name I want to send email and make sure that it reliably delivered through a trusted relayhost. Mailgun allows you to set TXT records for each of your domains to add the mailgun smtp relay servers as trusted hosts for relaying your email from your websites.

I have these personal websites

http://jmits.com.au
https://toggen.com.au/blog

I want to forward mail from each website and make sure it’s reliably delivered with the correct “From:” headers so you don’t get “relayed by” or “via Mailgun.org” warnings in mail clients.

I need to authenticate with smtp.mailgun.org as a different user when sending mail from each website.

[smtp.mailgun.org]:587 is the SASL secured relayhost for the all the mailgun relayed sites. Postfix may get confused if I use the same relayhost name for each separate website.

I need to relay with different usernames and passwords for each website but to the same relayhost.

I found that the default sender_dependent_relayhost_maps requires an email address. If you want to relay to a different SMTP server based on email address it works to just add email@example [relayhost.example.com] as below.

/etc/postfix/sender_dependent_relayhost_maps contents

james@jamesmcdonald.id.au [mg.jamesmcdonald.au]:587
james@jmits.com.au [mg.jmits.com.au]:587

# To create unique relayhost entries that point to the same host (smtp.mailgun.org) requires access to the DNS records and the creation of a CNAME record mapping mg.jmits.com.au ==> smtp.mailgun.org.

But I wanted to be able to send from usera@jmits.com.au userb@jmits.com.au etc without having to list them individually. Instead of using sender_dependent_relayhost_maps with a list as above create a regex map

Postfix supports several types of Regular Expressions. Check which your postfix supports by running postconf -m. You can use regexp or pcre depending.

/etc/postfix/relayhost_maps_re

/@jamesmcdonald\.id\.au$/ [mg.jamesmcdonald.id.au]:587
/@jmits\.com\.au$/ [mg.jmits.com.au]:587
# returns default when the above don't match
# probably don't need this entry
# because relayhost = will be used if the
# pcre lookup fails
/./ [smtp.mailgun.org]:587

Test it with postconf -q james@jmits.com.au /etc/postfix/relayhost_maps_re

# should return [mg.jmits.com.au]:587

see below the example main.cf to see how you add the above file to it.

!!do not postmap the regex file

/etc/postfix/smtp_sasl_password_maps contents

[mg.jamesmcdonald.au]:587 postmaster@jamesmcdonald.id.au:mailgunassignedpasswd
[mg.jmits.com.au]:587 postmaster@jmits.com.au:anothermgassignedpasswd
# default password
[smtp.mailgun.org:587 postmaster@9873.mailgun.org:anotherpass

postmap it

My /etc/postfix/main.cf is mostly default

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
# default relay host
relayhost = [smtp.mailgun.org]:587
sample_directory = /usr/share/doc/postfix-2.6.6/samples
# depending on the sender domain this perl regular expression
# returns the correct relay host
sender_dependent_relayhost_maps = pcre:/etc/postfix/relayhost_maps_re
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_maps
smtp_sasl_security_options = noanonymous
# specify this or postfix won't know to trust the remote
# smtp server
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_tls_CApath = /etc/pki/tls/certs
# create self signed smtpd.pem by
# cd /etc/pki/tls/certs
# make smtpd.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…

E-Commerce Learnings

I have a client who had two Wordpress Woocommerce Stores hosted for $20 each a month on cPanel Servers On inspecting...