Ubuntu Tutorials

Some time ago I blogged about configuring Postfix to relay outgoing email through your gmail account. One of the commenters left a question asking how to achieve the same result, but use unique relays for each account attempting to send email. I’ve only just now been able to find time to write up an answer and find a good solution. This post will outline how to configure specific users of your mail server to relay through unique providers for outgoing email. For example:

user1@server1.com must relay through smtp.isp1.com
user2@server2.com must relay through mail.isp2.org
user3@server3.com must relay through mx.isp3.net
all others must relay through the default, smtp.hugecorp.biz

note: This is only supported on Postfix version v2.3+ and later. If you are using a recent version of Ubuntu or Debian you should be fine. To find out your current installed version you can run:

dpkg -l postfix


Step 1

Open your main.cf file:

vim /etc/postfix/main.cf


Add these lines to the configuration:

smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/passwd
relayhost = [smtp.hugecorp.biz]:submission


Step 2

Create /etc/postfix/relayhost_map file:

vim /etc/postfix/relayhost_map


Append entries for each unique sender => isp relay mapping you need. (note: our default relay, smtp.hugecorp.biz, is not included here):

# Per-sender provider
user1@server1.com [smtp.isp1.com]
user2@server2.com [mail.isp2.org]
user3@server3.com [mx.isp3.net]


Step 3

Update the /etc/postfix/passwd file with the user authentication information:

# Per-sender authentication
user1@server1.com user1@server1.com:SecretP@ssw0rd1
user1@server2.com user2@server2.com:SecretP@ssw0rd2
user1@server3.com user2@server3.com:SecretP@ssw0rd3
# Login for the default relayhost
[smtp.hugecorp.biz] defaultUsername:defaultPassword


Step 4
Hash the config files. Restart Postfix:

postmap hash:/etc/postfix/passwd
postmap hash:/etc/postfix/relayhost_map
/etc/init.d/postfix reload

Following these instructions you should be able to configure each of your users, or a specific subset of users, to relay their outgoing email through specific ISPs or even specific gmail accounts.  If my previous post is too limited for you–you don’t want everything authenticating and relaying through a single gmail account–these instructions should give you more flexibility.

Source: nixCraft

I’ve got a few servers in different places around the country and try to monitor them using the logwatch utility.  One problem that I’ve run into however is that a few of these servers are not able to send their logwatch emails to me, based on email restrictions by the ISPs.  I spent some time this afternoon researching what was required to have my servers authenticate to my gmail account and send me the mail that way.  This setup assumes Ubuntu 8.04 (or later) and Postfix.

Install the required packages

sudo aptitude install postfix libsasl2 ca-certificate libsasl2-modules

Configure Postfix

This tutorial will not outline how to configure your postfix server, but we’ll jump directly to the relayhost section.  You’ll want to add the following lines to your /etc/postfix/main.cf file:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

The above lines are telling Postfix that you want to relay mail through gmail on a specific port, telling it to authenticate, and where to find the username and password.  The last three lines specify the authentication types supported, where the certificate authority file is and that it should use tls.

Define Username and Password

Next we’ll need to populate the sasl_passwd file.  Create the file /etc/postfix/sasl_passwd with the following contents:

[smtp.gmail.com]:587    user.name@gmail.com:password

This file should have restrictive permissions and then needs to be translated into a .db that Postfix will read.

sudo chmod 400 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd


At this point you can restart Postfix and it should work, however it will complain about not being able to authenticate the certificate.  To take care of this issue we’ll use the ca-certificate package we installed and tell it where it can validate the certificate.

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem

Go ahead and reload postfix (sudo /etc/init.d/postfix reload) and you should be set.