postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Postfix as TLS client using different credent

Re: Postfix as TLS client using different credentials for same SMTP host

From: Jeroen Geilman <jeroen_at_nospam>
Date: Mon Oct 11 2010 - 19:16:37 GMT
To: postfix-users@postfix.org

On 10/11/2010 08:56 PM, Chris Hills wrote:
> Hi
>
> The situation is thus:-
>
> I wish to provide a v6-to-v4 relay for two different domains using the
> same postfix process. Mail for the domains is hosted by google, so the
> destination host will be ASPMX.L.GOOGLE.com. for both domains. However,
> recently my ipv4 provider has blocked outgoing tcp:25 so now I must use
> tcp:587 using TLS and authentication. The problem is that I need to use
> two different credentials depending upon the domain for which the
> message is being relayed.
>

Note that TLS != SASL.
Encryption and authentication typically have nothing to do with one another.
It's also not 100% clear from your description whether you want to route
based on sender or recipient domain.

> i.e.
>
> user@domain1.example.com -> postfix -> ASPMX.L.GOOGLE.com. (user: domain1)
> user@domain2.example.com -> postfix -> ASPMX.L.GOOGLE.com. (user: domain2)
>
> How do I configure this?
>

You can solve both issues by creating multiple smtp clients with
distinct added -o smtp_tls_* and -o smtp_sasl_* settings, and routing
those domains to them with transport_maps, e.g.:

in master.cf:

smtp_google1 unix - - - - smtp
  -o smtp_tls|sasl_*_set1 for account #1

smtp_google2 unix - - - - smtp
  -o smtp_tls|sasl_*_set2 for account #2

and in transport(5):

domain1.com smtp_google1:
domain2.com smtp_google2:

man 8 smtp, man 5 transport.

However, I am assuming you want to route by recipient domain.
For sender domain routing, do what Wietse wrote.

-- J.