Postfix: sender-dependent SASL authentication — relay to multiple SMTP hosts, or relay to the same host but authenticate as different users (e.g., two Gmail accounts)

Postfix: sender-dependent SASL authentication.md

This is a sequel to "Postfix: relay to authenticated SMTP".

I would like to send mail from two different Gmail accounts using Postfix. Here is the relevant section in the Postfix documentation: Configuring Sender-Dependent SASL authentication.

As a concrete example, here's how to set up two Gmail accounts (only relevant sections of the config files are listed below):

/etc/postfix/main.cf:
    # sender-dependent sasl authentication
    smtp_sender_dependent_authentication = yes
    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
    
    # default relayhost setting
    relayhost = [smtp.gmail.com]:587
    
    # smtp authentication settings
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_sasl_mechanism_filter = plain
    smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
    smtp_use_tls = yes
    smtp_tls_security_level = encrypt
    
/etc/postfix/sasl_passwd:
    # per-sender authentication
    account1@gmail.com account1@gmail.com:passwd1
    account2@gmail.com account2@gmail.com:passwd2
    
    # default relayhost
    [smtp.gmail.com]:587 default_account@gmail.com:default_passwd
    
/etc/postfix/sender_relay:
    account1@gmail.com [smtp.gmail.com]:587
    account2@gmail.com [smtp.gmail.com]:587

After editing the config files (sudo su), do

chmod 600 /etc/postfix/sasl_passwd
postmap sasl_passwd sender_relay
postfix reload

And you're all set.

To send an email from account1@gmail.com, use sendmail with the -f sender option (set the envelope sender address):

sendmail -f account1@gmail.com -t <<EOF
To: webmaster@example.com
Subject: Hey, I successfully configured Postfix with sender-dependent SASL authentication!
Content-type: text/html

<b>Isn't this awesome?</b>
EOF

you saved my life with this one, thanks :)

relayhost = [smtp.gmail.com]:587

why do we need the brackets?

Took me a number of search iterations to find this gist. Glad I did: we needed a way to let tenants relay into a system only used for notification-events but their mail should otherwise relay to a generic smart-host. This did the trick.

Thank you so much! Just what I needed. several other similar "methods" I found on the internet didnt work.

Anyone knows what means this account? it is a regular account? if its one dedicated to forwarding mail, how can i set it?

default relayhost

[smtp.gmail.com]:587 default_account@gmail.com:default_passwd

After testing with sendmail, i was unable to send and after that i check mail log and notice that there was several warnings and my mail got in the send queue:

Nov 4 11:42:01 remote.X.pt postfix/smtpd[43489]: 33072DE1DB: client=localhost[127.0.0.1]
Nov 4 11:42:01 remote.X.pt postfix/cleanup[43485]: 33072DE1DB: message-id=20161104114201.1C942DE1D5@remote.X.pt
Nov 4 11:42:01 remote.X.pt postfix/smtpd[43489]: disconnect from localhost[127.0.0.1]
Nov 4 11:42:01 remote.X.pt postfix/qmgr[43387]: 33072DE1DB: from=teste@X.pt, size=787, nrcpt=1 (queue active)
Nov 4 11:42:01 remote.X.pt postfix/trivial-rewrite[43486]: warning: hash:/Library/Server/Mail/Config/postfix/sasl/relayhost/maps is unavailable. open database /Library/Server/Mail/Config/postfix/sasl/relayhost/maps.db: No such file or directory
Nov 4 11:42:01 remote.X.pt postfix/trivial-rewrite[43486]: warning: hash:/Library/Server/Mail/Config/postfix/sasl/relayhost/maps lookup error for "teste@X.pt"
Nov 4 11:42:01 remote.X.pt postfix/trivial-rewrite[43486]: warning: sender_dependent_relayhost_maps lookup failure
Nov 4 11:42:01 remote.X.pt postfix/error[43490]: 33072DE1DB: to=X@gmail.com, relay=none, delay=0, delays=0/0/0/0, dsn=4.3.0, status=deferred (address resolver failure)
Nov 4 11:42:01 remote.X.pt postfix/smtp[43487]: 1C942DE1D5: to=X@gmail.com, relay=127.0.0.1[127.0.0.1]:10024, delay=0.1, delays=0.01/0/0/0.09, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 33072DE1DB)
Nov 4 11:42:01 remote.X.pt postfix/qmgr[43387]: 1C942DE1D5: removed

I already solve my problem after looking carefully at the previous log, i notice that i have written the path of maps aka relay badly.

Thanks any way for the explanation!

With your solution I can send mail with the "sendmail -t account1@gmail.com -f" and it is getting delivered, but if I am using mail command in CentOS 6.5 or any php mail script then the mails are not getting delivered inspite of mentioning "TO" address. Please suggest.

Hi All,

will this solve the Google smtp-relay sending limits? how are the two account set up to send alternately? or if the other one uses its limit the other one is activated?

thank you
Taliez

Folks: There are no notifications for comments on gist, so I most likely won't see your questions. Go ask questions on Server Falt or Super User.

As for existing ones, although you most likely won't see my answers:

@subhomay: I don't use CentOS or any PHP mail script, so no idea.
@Taliez: This solution is for the honest use case of needing to send emails from multiple accounts for different purposes. This is not meant to be used for spamming from a fleet of accounts. If you're relaying more than 10k messages a day, you're apparently abusing the free service. If you're sending spam, stop it, right now. If you're sending legitimate email, having to send more than 10k messages a day probably means you're some kind of business, so you should be using a proper business solution like SendGrid.

<3 Thx, dude!

thanks ! a lot!

Awesome ! Thanks a lot !

relayhost = [smtp.gmail.com]:587

why do we need the brackets?

A bit late, but without brackets postfix is using MX then A records, with brackets A record only.

relayhost = [smtp.gmail.com]:587

why do we need the brackets?

A bit late, but without brackets postfix is using MX then A records, with brackets A record only.

Probably because of exactly this :-)
I want to relay via A record(s) of smtp.gmail.com and not via the MX of it.. There might be ISPs who have something like "mailphalanx.someisp.x" for sending and a different MX for receiving their own mail ....

relayhost = [smtp.gmail.com]:587

why do we need the brackets?

A bit late, but without brackets postfix is using MX then A records, with brackets A record only.

Probably because of exactly this :-) I want to relay via A record(s) of smtp.gmail.com and not via the MX of it.. There might be ISPs who have something like "mailphalanx.someisp.x" for sending and a different MX for receiving their own mail ....

Further clarification is that google doesn't put MX records on their smtp*.gmail.com hosts so ultimately the brackets don't do anything in this situation. Postfix falls back to the the A record if the MX lookup fails. :)