Domain based relay server

  • Hi together,

    i have a litlle problem.

    A customer has different service email addresses.

    For example

    My first thought was to use this listener https://github.com/i-MSCP/imsc…ostfix_transport_table.pl

    I'd added this

    Code
    1. my %transportTableEntries = (
    2. 'domain-1.tld' => 'relay:mail03.domain-1.tld',
    3. 'domain-2.tld' => 'relay:mail20.domain-2.tld',
    4. 'domain-3.tld' => 'relay:mail10.domain-3.tld'
    5. );


    Everything seems to be working. If i send an email to "[email protected]" postfix uses the relay server "mail03.domain-1.tld". The same works with the other.

    But if i send an email to a different email address with another domain postfix sends the email directly to th receiver without using the relayserver.


    And that ist the point.

    How is it possible to use the correct relay server by sender email domain?


    I'd tried to use this tutorial: https://www.jonathanneilly.co.…nt-relay-hosts-on-ubuntu/

    Code
    1. main.cf
    2. sender_dependent_relayhost_maps = hash:/etc/postfix/imscp/relayhost_maps

    and the file "/etc/postfix/imscp/relayhost_maps"

    Code
    1. @domain-1.tld mail03.domain-1.tld
    2. @domain-3.tld mail20.domain-2.tld
    3. @domain-3.tld mail10.domain-3.tld


    But now i got this error message

    Code
    1. Mar 12 17:28:21 mailgw postfix/qmgr[2397]: 9F9481F540: from=<[email protected]>, size=870, nrcpt=1 (queue active)
    2. Mar 12 17:28:22 mailgw postfix/smtp[2522]: 9F9481F540: to=<[email protected]>, relay=mail03.domain-1.tld[***.***.***.***]:25, delay=0.67, delays=0.13/0.02/0.44/0.06, dsn=5.0.0, status=bounced (host mail03.domain-1.tld[***.***.***.***] said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))


    What do i wrong? Or is the problem on the relay server


    Regards

    Sascha

  • TheCry

    Changed the title of the thread from “Domain based realy server” to “Domain based relay server”.
  • Good evening,

    But if i send an email to a different email address with another domain postfix sends the email directly to th receiver without using the relayserver.

    Could you clarifiy? I'm not sure to understand ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • TheCry


    Mar 12 17:28:22 mailgw postfix/smtp[2522]: 9F9481F540: to=<[email protected]>, relay=mail03.domain-1.tld[***.***.***.***]:25, delay=0.67, delays=0.13/0.02/0.44/0.06, dsn=5.0.0, status=bounced (host mail03.domain-1.tld[***.***.***.***] said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))

    Well, if the [email protected] mail account (recipient) is not known from the relay server, that's normal that it get rejected. The point is: Do you want relay any mail sent to *@my-domain.tld through mail03.domain-1.tld, or just those for the [email protected] mail account?


    Let's imagine the following scenario:

    1. You create [email protected] mail account through i-MSCP frontEnd (What you've done I think)
    2. You send a mail to [email protected]
    3. Because postfix is configured to relay all mails for @my-domain.tld through mail03.domain-1.tld, that last will be selected as relay server

    Problem:


    If the mail03.domain-1.tld relay server does accept only some specific recipients for that the my-domain.tld, it will reject unknown recipients. Basically put, the relay server needs to known recipient for the my-domain.tld domain.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi Laurent,

    maybe my explaination wasn't clear enough.

    Let us say the recipient is "[email protected]" (this email address doesn't exist but the gmx.de is working).


    On my server are only service email addresses:


    Now my server should decide, by sending domain, which relay server should be use to send at the email address [email protected].


    If i send with "[email protected]" the relay server "mail03.domain-1.tld" should be use.

    If i send with "[email protected]" the relay server "mail10.domain-3.tld" should be use.


    My postfix decide's correct but the relay server said "said: 550 #5.1.0 Address rejected".

    Then i send an email with "[email protected]" to "[email protected]" (this email exists in the company not on my server) and postfix us the relay server "mail03.domain-1.tld". But in this case the relay server accepts my email and deliver the email to [email protected].

  • TheCry


    So, basically, you have something like:


    Mail send by your i-MSCP postfix:

    Response from the relay:

    Code
    1. Mar 12 17:28:22 mailgw postfix/smtp[2522]: 9F9481F540: to=<[email protected]>, relay=mail03.domain-1.tld[***.***.***.***]:25, delay=0.67, delays=0.13/0.02/0.44/0.06, dsn=5.0.0, status=bounced (host mail03.domain-1.tld[***.***.***.***] said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))

    Well, is the relay configured to accept to relay mail from your Postfix server? Basically put, there are two schools here:

    1. The relay server should accept to relay mails coming from your i-MSCP Postfix server without SASL authentication. This is done by accepting to relay any mail from your i-MSP postfix server IP addresse. I don't recommend that method unless the relay server is on the same network. Also, this is not based on sender domain... and thus, that don't fit with your requirements unless if you setup proper transport map on i-MSCP postfix server.
    2. You provide an SASL authentication sender map for various relays. This is what you tried to do. See https://gist.github.com/zmwangx/2c56aa32be68daf48c2f for more details.

    First option has to be applied on relay server side while second option has to be applied on i-MSCP postfix server side.


    Finally, with the second option, you should have something like:


    /etc/postfix/main.cf

    /etc/postfix/sasl_passwd:

    Code
    1. [mail03.domain-1.tld]:587 [email protected]:<password>
    2. [mail20.domain-2.tld]:587 [email protected]:<password>
    3. [mail10.domain-3.tld]:587 [email protected]:<password>

    /etc/postfix/sender_relay:

    Code
    1. @domain-1.tld mail03.domain-1.tld
    2. @domain-2.tld mail20.domain-2.tld
    3. @domain-3.tld mail10.domain-3.tld

    Note that with the above configuration, the service mail accounts must exist in their respective relay, with a working SALS authentication. Then the i-MSCP Postfix server will select the relay according the sender domain, authenticate using the provided service mail account, and because that mail account is allowed to send mail from the relay, this should works as expected.


    Note also the use of port 587 instead of default port 25. Port 587 is more appropriate there. It is the submission port. When Postfix send mail to the relay servers, it acts like a mail client.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi Laurent,

    The problem was fixed by the administrator of the relay server.

    There are different rules which has to be changed.

    Now it works without SASL authentication (the admin doesn't want to use this and our server is protected with different ip rules).

  • Hi Laurent,

    The problem was fixed by the administrator of the relay server.

    There are different rules which has to be changed.

    Now it works without SASL authentication (the admin doesn't want to use this and our server is protected with ip rules).

    So this mean that the relay' administrator chosen the first option ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Nuxwin

    Added the Label solved