Docker-mailserver: SMTP relaying depending of the recipient

Interesting. I haven't used that approach at all. However, if you have a fixed IP you may perhaps be able to ask your ISP if they can add a reverse DNS record for you? If you're lucky they will do it. Happened to me once... but then I've failed to convince several others. If not I hope that somebody who is using this will answer. Good luck with your business!

Interesting. I haven't used that approach at all. However, if you have a fixed IP you may perhaps be able to ask your ISP if they can add a reverse DNS record for you? If you're lucky they will do it. Happened to me once... but then I've failed to convince several others. If not I hope that somebody who is using this will answer. Good luck with your business!

Thank you very much for your support, where I am it is practically impossible to ask for a fixed IP and request the ISP to put an rDNS record on it. Because we are talking about residential Internet service (for home users and cheap) that when you call them on the phone to ask for help, the only solution they give you is to restart your router.

I have renewed my thread with a new link: https://www.linuxbabe.com/mail-server/postfix-transport-map-relay-map-flexible-email-delivery/amp Because I realized that the previous one was talking about how to get emails in, but really what I wanted was to control how they have to go out by domain.

Thank you very much for your comment and help, I really like the atmosphere of this community. I hope I can help you in other things. 👍

After having investigated thoroughly on the matter with my almost total ignorance and null ability on the System, I have managed to control separately the send of emails according to recipient (address or domain).

What I have achieved is very dirty, I hope I can have your help to improve it and, if possible, add this function to the beloved setup.sh or something so that it can be well integrated:

Create postfix-main.cf with the following content:

transport_maps=texthash:/etc/postfix/transport
smtp_sasl_auth_enable=yes
broken_sasl_auth_clients=yes
smtp_sasl_password_maps=texthash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=noanonymous
smtp_sasl_tls_security_options= noanonymous
smtp_tls_security_level=may
# smtp_tls_note_starttls_offer=yes
# local_recipient_maps=$virtual_mailbox_maps $alias_maps

Explanation:

Ask Docker to extend the main configuration (main.cf) of POSTFIX as follows:

transport_maps = texthash:/etc/postfix/transport
The guide to tell our server which recipients are required to use relay.

smtp_sasl_auth_enable = yes
Now all relay servers need authentication, as we ask our server to do so.

broken_sasl_auth_clients = yes
Some relay servers may use a rare or obsolete authentication method, as we leave a record on our server that requires authentication as well.

smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd
We indicate where the passwords are saved.

smtp_sasl_security_options = noanonymous
I don't know what it's for, I think it's to deny the relay server if it asks us to go anonymous.

smtp_sasl_tls_security_options = noanonymous
I don't know what it is for, I think it is to deny the relay server if it asks us to go anonymous when we establish a connection using TLS.

smtp_tls_security_level = may
If the relay server asks us to use TLS, we say OK, but if it does not ask us, we will connect too.

# smtp_tls_note_starttls_offer = yes
# local_recipient_maps = $virtual_mailbox_maps $alias_maps

They are data that I leave there for the tutorials that I looked at on the Internet, they are commented on why they do not work. But if the above fails me or gives me an error in some other relay server, they will be the first thing I will look at.

Create transport with the following content:

local.com      :
gmail.com      relay: [relay server 1]: 587
*              relay: [relay server 2]: 25

Explanation:
Here you put your rules, I still do not know very well what all can do with this file, for now you are doing the following:

1. For your own emails (arrival or auto-send), it is important to end with a : that if not your server goes crazy.
2. For a specific domain, for example gmail.com, go to relay server 1 port 587.
3. For all other emails, use * to include everything.

There are more usage methods here, but I don't quite know how to apply all of them:
http://www.postfix.org/transport.5.html

Create sasl_passwd with the following content:

[relay server 2]:25  USERNAME:PASSWORD
[relay server 1]:587 USERNAME:PASSWORD

Explanation:
Here the important thing is to make them match your transport file. I understand that this will be used by your server to authenticate when they go to the relay servers.

And last but not least, copy all those files to your Docker's /config rute.

Then modify your docker-compose.yml by adding:

     - ./config/transport:/etc/postfix/transport
     - ./config/sasl_passwd:/etc/postfix/sasl_passwd

Now you are good to go! (I hope)

Wishing that you can get if you need to separate the SMTP server that acts as a relay according to the recipient like me.

I also wish that someone could help me to improve what I have done and even integrate it into the Image, surely there could be many interested people.

@cottonthread Interesting work. Even though you said this was dirty, would you add a wiki page entry with what you have explained here?

I'm sure this is a rather specific case, and there is a valid case to be made for checking against PTR/rDNS records. I'd like to close this, but your contribution is worth a wiki page for sure. I don't have the time (nor knowledge right now) to implement what you've said. But if you run into any trouble, I'd like to point towards Contabo. You can get a very cheap VPS sufficient for a Mailserver and you can set the rDNS entries yourself.