Written by James McDonald

March 6, 2014

For each website domain name I want to send email and make sure that it reliably delivered through a trusted relayhost. Mailgun allows you to set TXT records for each of your domains to add the mailgun smtp relay servers as trusted hosts for relaying your email from your websites.

I have these personal websites

http://jmits.com.au
https://toggen.com.au/blog

I want to forward mail from each website and make sure it’s reliably delivered with the correct “From:” headers so you don’t get “relayed by” or “via Mailgun.org” warnings in mail clients.

I need to authenticate with smtp.mailgun.org as a different user when sending mail from each website.

[smtp.mailgun.org]:587 is the SASL secured relayhost for the all the mailgun relayed sites. Postfix may get confused if I use the same relayhost name for each separate website.

I need to relay with different usernames and passwords for each website but to the same relayhost.

I found that the default sender_dependent_relayhost_maps requires an email address. If you want to relay to a different SMTP server based on email address it works to just add email@example [relayhost.example.com] as below.

/etc/postfix/sender_dependent_relayhost_maps contents

[email protected] [mg.jamesmcdonald.au]:587
[email protected] [mg.jmits.com.au]:587

# To create unique relayhost entries that point to the same host (smtp.mailgun.org) requires access to the DNS records and the creation of a CNAME record mapping mg.jmits.com.au ==> smtp.mailgun.org.

But I wanted to be able to send from [email protected] [email protected] etc without having to list them individually. Instead of using sender_dependent_relayhost_maps with a list as above create a regex map

Postfix supports several types of Regular Expressions. Check which your postfix supports by running postconf -m. You can use regexp or pcre depending.

/etc/postfix/relayhost_maps_re

/@jamesmcdonald\.id\.au$/ [mg.jamesmcdonald.id.au]:587
/@jmits\.com\.au$/ [mg.jmits.com.au]:587
# returns default when the above don't match
# probably don't need this entry
# because relayhost = will be used if the
# pcre lookup fails
/./ [smtp.mailgun.org]:587

Test it with postconf -q [email protected] /etc/postfix/relayhost_maps_re

# should return [mg.jmits.com.au]:587

see below the example main.cf to see how you add the above file to it.

!!do not postmap the regex file

/etc/postfix/smtp_sasl_password_maps contents

[mg.jamesmcdonald.au]:587 [email protected]:mailgunassignedpasswd
[mg.jmits.com.au]:587 [email protected]:anothermgassignedpasswd
# default password
[smtp.mailgun.org:587 [email protected]:anotherpass

postmap it

My /etc/postfix/main.cf is mostly default

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
# default relay host
relayhost = [smtp.mailgun.org]:587
sample_directory = /usr/share/doc/postfix-2.6.6/samples
# depending on the sender domain this perl regular expression
# returns the correct relay host
sender_dependent_relayhost_maps = pcre:/etc/postfix/relayhost_maps_re
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_maps
smtp_sasl_security_options = noanonymous
# specify this or postfix won't know to trust the remote
# smtp server
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_tls_CApath = /etc/pki/tls/certs
# create self signed smtpd.pem by
# cd /etc/pki/tls/certs
# make smtpd.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...