I have spent the last couple of days going through SO questions and the Postfix documentation but have not succeeded in figuring out what I'm doing wrong. My situation is as follows:
- I have a server running Postfix that has it's own FQDN (DomainA). Mail for DomainA is relayed through MailGun.
- The server hosts multiple website domains and the plan is to now ensure that mail for these domains is relayed through MailGun but as a separate domain. This will create separate bounce addresses etc. Call this DomainB
- Depending on which domain is present in the Header, configure Postfix to pick the appropriate SASL authentication ensuring the appropriate headers get added.
Version info: Postfix 2.11.2 on Debian 7 (Wheezy)
Output of postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = no
append_dot_mydomain = no
biff = no
canonical_maps = regexp:/etc/postfix/canonical
canonical_classes = envelope_sender, header_sender
config_directory = /etc/postfix
inet_interfaces = localhost
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = localhost.com, localhost
myhostname = DomainA.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
Contents of relayhost_map file:
@DomainA.com [smtp.mailgun.org]:587
@DomainB.name [smtp.mailgun.org]:587
Try #1 of canonical_maps- all email addresses re-written to [email protected]
/./ [email protected]
Output of mail.log when sending an email from command-line:
Aug 18 01:55:12 DomainA postfix/pickup[3572]: C72492A00B8: uid=0 from=<root>
Aug 18 01:55:12 DomainA postfix/cleanup[3591]: C72492A00B8: message-id=<[email protected]>
Aug 18 01:55:12 DomainA postfix/qmgr[3573]: C72492A00B8: from=<[email protected]>, size=437, nrcpt=1 (queue active)
Aug 18 01:55:13 DomainA postfix/smtp[3593]: C72492A00B8: to=<[email protected]>, relay=smtp.mailgun.org[50.56.21.178]:587, delay=0.28, delays=0.02/0.02/0.16/0.08, dsn=2.0.0, status=sent (250 Great success)
Email headers when received by mail client:
Delivered-To: [email protected]
Return-Path: <[email protected]>
[snip]
Sender: [email protected]
[snip]
From: Primary Root <[email protected]>
To: [email protected]
Subject: test mail #5
Two things stick out to me as being very wrong:
Why is Sender address set to [email protected] even though Postfix has been set as:
append_at_myorigin = no append_dot_mydomain = no
Due to Sender address having DomainA.com appended to it, it seems like Postfix chose to relay mail using SASL details for DomainA - confirmed by reviewing logs on MailGun dashboard. This is causing the bounce address to be set to DomainA as well.
Try #2 of canoncial_maps- only email addresses ending with DomainB.com are re-written to [email protected]
/@DomainB.name/ [email protected]
.muttrc file setup to force From email address as DomainB.com
set from="[email protected]"
set use_from=yes
set use_envelope_from = yes
Output of mail.log:
Aug 18 03:40:49 DomainA postfix/qmgr[8809]: 2BEB92A00D3: from=<[email protected]>, size=441, nrcpt=1 (queue active)
Aug 18 03:40:49 DomainA postfix/smtp[8824]: 2BEB92A00D3: to=<[email protected]>, relay=smtp.mailgun.org[104.130.177.23]:587, delay=0.58, delays=0.01/0.02/0.37/0.17, dsn=2.0.0, status=sent (250 Great success)
Email headers when received by mail client:
Delivered-To: [email protected]
[snip]
Return-Path: <[email protected]>
[snip]
Sender: [email protected]
[snip]
From: Primary Root <[email protected]>
To: [email protected]
Subject: test mail hdr #7
- From this test, I can see that the canonical mapping isn't the issue. The rewrite is happening correctly. However, Postfix seems to not recognize the output as a valid email address and appends the FQDN which causes the relaying to break.
Any suggestions/ideas on how to fix this are most welcome!
In an effort to get a fresh perspective on this problem, I started to configure a similar relayhost setup on another server and it was during that process that I finally traced what the source of the problem. Turns out in my sasl_passwd file I was missing a crucial character.
sasl_passwd file before the fix:
sasl_passwd file after the fix:
The problem was the single missing "@" character before the virtual DomainB. The fallback entry was why it proved so hard to debug this issue as all mail was getting delivered through this route when Postfix failed to match any other entry.
As it may prove useful, I'm also including the setup of my canonical maps file once my relayhost configuration started working correctly:
The above regex ensures that the Envelope sender is updated to match the From sender, avoiding any "via DomainA" in my email client.
As a postscript, it turns out that in Ubuntu 14.04 it is not sufficient to have just the following rows in main.cf:
The following line must also be included:
The contents of the second file can be identical to the first but it must be present to avoid "via Domain" headers when relaying email in Ubuntu.