9

I've successfully set Postfix to relay emails via Mandrill using SASL and sender_dependent_relayhost_maps with a MySQL table so that different senders connect to Mandrill using their own Mandrill username and API key.

So far so good, but I've got three users that all use an Email Service Provider and the Sender in the message envelope is set to "mailer@infusionmail.com" for all three users, and the only place containing the actual user's email address is in the From: email header.

I'm happy with the security (or lack thereof) of using the From: email header as I'm only forwarding mails sent to specific email addresses that are tightly controlled, but I'd be really grateful for suggestions as to how I can best specify the relayhost based on the value of the From: header. Is there any way to set the envelope value to be the same as the From field? Or any other way to do this?

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
Adrian Savage
  • 91
  • 1
  • 2
  • Did the three user use the same SASL credential? – masegaloeh Apr 02 '15 at 05:29
  • No, they each have a different SASL credential. When they're mailing direct from their mailing client, it correctly identifies their mail relay and SASL credentials based on their sending address. The use of the infusionmail.com ESP is making it impossible at this stage to perform the same lookup based on sender, as the sender is the same and it's only the From: email header that's different. – Adrian Savage Apr 02 '15 at 06:16

2 Answers2

5

Based on this thread on postfix mailing-list: different transport for all mail introduced via sendmail(1), looks like your case was possible. Unfortunately you can't only rely on two tables sender_dependent_relayhost_maps and smtp_sasl_password_maps. You need modify master.cf. The idea is using header_checks to route email to different transport. Then in each transport, we define smtp client that use independent credential and relayhost.

First define header_checks in main.cf and its pcre table

#main.cf
header_checks = pcre:/etc/postfix/header_dependent_relay

#/etc/postfix/header_dependent_relay

/^From:.*specialsender1\@example\.com/       smtp1:[host1.example.com]
/^From:.*specialsender2\@example\.com/       smtp2:[host2.example.com]
/^From:.*specialsender3\@example\.com/       smtp3:[host3.example.com]

Good, now we setup smtp1,smtp2,smtp3 transport in master.cf

#master.cf
smtp1    unix  -       -       -       -       10       smtp
    -o smtp_sasl_password_maps=hash:/etc/postfix/smtp1.relay
smtp2    unix  -       -       -       -       10       smtp
    -o smtp_sasl_password_maps=hash:/etc/postfix/smtp2.relay
smtp3    unix  -       -       -       -       10       smtp
    -o smtp_sasl_password_maps=hash:/etc/postfix/smtp3.relay

File smtpX.relay has similar content e.g.

[hostX.example.com]   userX:passwordX

Disclaimer:

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
1

This worked for me with one change: the action "FILTER" needs to be added in the header_dependent_relay file:

#/etc/postfix/header_dependent_relay

/^From:.*specialsender1\@example\.com/       FILTER smtp1:[host1.example.com]
/^From:.*specialsender2\@example\.com/       FILTER smtp2:[host2.example.com]
/^From:.*specialsender3\@example\.com/       FILTER smtp3:[host3.example.com]

See http://www.postfix.org/header_checks.5.html

Aurel
  • 11
  • 1