Domain based relay server

  • Hi together,

    i have a litlle problem.

    A customer has different service email addresses.

    For example

    Code
    1. service@domain-1.tld
    2. service@domain-2.tld
    3. service@domain-3.tld

    My first thought was to use this listener https://github.com/i-MSCP/imsc…ostfix_transport_table.pl

    I'd added this

    Code
    1. my %transportTableEntries = (
    2. 'domain-1.tld' => 'relay:mail03.domain-1.tld',
    3. 'domain-2.tld' => 'relay:mail20.domain-2.tld',
    4. 'domain-3.tld' => 'relay:mail10.domain-3.tld'
    5. );


    Everything seems to be working. If i send an email to "customer@domain-1.tld" postfix uses the relay server "mail03.domain-1.tld". The same works with the other.

    But if i send an email to a different email address with another domain postfix sends the email directly to th receiver without using the relayserver.


    And that ist the point.

    How is it possible to use the correct relay server by sender email domain?


    I'd tried to use this tutorial: https://www.jonathanneilly.co.…nt-relay-hosts-on-ubuntu/

    Code
    1. main.cf
    2. sender_dependent_relayhost_maps = hash:/etc/postfix/imscp/relayhost_maps

    and the file "/etc/postfix/imscp/relayhost_maps"

    Code
    1. @domain-1.tld mail03.domain-1.tld
    2. @domain-3.tld mail20.domain-2.tld
    3. @domain-3.tld mail10.domain-3.tld


    But now i got this error message

    Code
    1. Mar 12 17:28:21 mailgw postfix/qmgr[2397]: 9F9481F540: from=<service@domain-1.tld>, size=870, nrcpt=1 (queue active)
    2. Mar 12 17:28:22 mailgw postfix/smtp[2522]: 9F9481F540: to=<thecry@my-domain.tld>, relay=mail03.domain-1.tld[***.***.***.***]:25, delay=0.67, delays=0.13/0.02/0.44/0.06, dsn=5.0.0, status=bounced (host mail03.domain-1.tld[***.***.***.***] said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))


    What do i wrong? Or is the problem on the relay server


    Regards

    Sascha

  • TheCry

    Changed the title of the thread from “Domain based realy server” to “Domain based relay server”.
  • Good evening,

    But if i send an email to a different email address with another domain postfix sends the email directly to th receiver without using the relayserver.

    Could you clarifiy? I'm not sure to understand ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • When i send an email to thecry@my-domain.tld postfix ignores the setting with the transport table. The email will be send directly with postfix and not with the relay server.


    WIth the second setup i got the error in the error log.

  • TheCry


    Mar 12 17:28:22 mailgw postfix/smtp[2522]: 9F9481F540: to=<thecry@my-domain.tld>, relay=mail03.domain-1.tld[***.***.***.***]:25, delay=0.67, delays=0.13/0.02/0.44/0.06, dsn=5.0.0, status=bounced (host mail03.domain-1.tld[***.***.***.***] said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))

    Well, if the thecry@my-domain.tld mail account (recipient) is not known from the relay server, that's normal that it get rejected. The point is: Do you want relay any mail sent to *@my-domain.tld through mail03.domain-1.tld, or just those for the service@my-domain.tld mail account?


    Let's imagine the following scenario:

    1. You create thecry@my-domain.tld mail account through i-MSCP frontEnd (What you've done I think)
    2. You send a mail to thecry@my-domain.tld
    3. Because postfix is configured to relay all mails for @my-domain.tld through mail03.domain-1.tld, that last will be selected as relay server

    Problem:


    If the mail03.domain-1.tld relay server does accept only some specific recipients for that the my-domain.tld, it will reject unknown recipients. Basically put, the relay server needs to known recipient for the my-domain.tld domain.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi Laurent,

    maybe my explaination wasn't clear enough.

    Let us say the recipient is "thecry@gmx.de" (this email address doesn't exist but the gmx.de is working).


    On my server are only service email addresses:

    Code
    1. service@domain-1.tld
    2. service@domain-2.tld
    3. service@domain-3.tld


    Now my server should decide, by sending domain, which relay server should be use to send at the email address thecry@gmx.de.


    If i send with "service@domain-1.tld" the relay server "mail03.domain-1.tld" should be use.

    If i send with "service@domain-3.tld" the relay server "mail10.domain-3.tld" should be use.


    My postfix decide's correct but the relay server said "said: 550 #5.1.0 Address rejected".

    Then i send an email with "service@domain-1.tld" to "system-administrator@domain-1.tld" (this email exists in the company not on my server) and postfix us the relay server "mail03.domain-1.tld". But in this case the relay server accepts my email and deliver the email to system-administrator@domain-1.tld.

  • TheCry


    So, basically, you have something like:


    Mail send by your i-MSCP postfix:

    Code
    1. FROM service@domain-1.tld
    2. TO thecry@gmx.de

    Response from the relay:

    Code
    1. Mar 12 17:28:22 mailgw postfix/smtp[2522]: 9F9481F540: to=<thecry@gmx.de>, relay=mail03.domain-1.tld[***.***.***.***]:25, delay=0.67, delays=0.13/0.02/0.44/0.06, dsn=5.0.0, status=bounced (host mail03.domain-1.tld[***.***.***.***] said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))

    Well, is the relay configured to accept to relay mail from your Postfix server? Basically put, there are two schools here:

    1. The relay server should accept to relay mails coming from your i-MSCP Postfix server without SASL authentication. This is done by accepting to relay any mail from your i-MSP postfix server IP addresse. I don't recommend that method unless the relay server is on the same network. Also, this is not based on sender domain... and thus, that don't fit with your requirements unless if you setup proper transport map on i-MSCP postfix server.
    2. You provide an SASL authentication sender map for various relays. This is what you tried to do. See https://gist.github.com/zmwangx/2c56aa32be68daf48c2f for more details.

    First option has to be applied on relay server side while second option has to be applied on i-MSCP postfix server side.


    Finally, with the second option, you should have something like:


    /etc/postfix/main.cf

    /etc/postfix/sasl_passwd:

    Code
    1. [mail03.domain-1.tld]:587 service@domain-1.tld:<password>
    2. [mail20.domain-2.tld]:587 service@domain-2.tld:<password>
    3. [mail10.domain-3.tld]:587 service@domain-3.tld:<password>

    /etc/postfix/sender_relay:

    Code
    1. @domain-1.tld mail03.domain-1.tld
    2. @domain-2.tld mail20.domain-2.tld
    3. @domain-3.tld mail10.domain-3.tld

    Note that with the above configuration, the service mail accounts must exist in their respective relay, with a working SALS authentication. Then the i-MSCP Postfix server will select the relay according the sender domain, authenticate using the provided service mail account, and because that mail account is allowed to send mail from the relay, this should works as expected.


    Note also the use of port 587 instead of default port 25. Port 587 is more appropriate there. It is the submission port. When Postfix send mail to the relay servers, it acts like a mail client.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi Laurent,

    The problem was fixed by the administrator of the relay server.

    There are different rules which has to be changed.

    Now it works without SASL authentication (the admin doesn't want to use this and our server is protected with different ip rules).

  • Hi Laurent,

    The problem was fixed by the administrator of the relay server.

    There are different rules which has to be changed.

    Now it works without SASL authentication (the admin doesn't want to use this and our server is protected with ip rules).

    So this mean that the relay' administrator chosen the first option ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Nuxwin

    Added the Label solved