I've decided to post this here and not on serverfault, as the community there is to small and nearly 80% of my questions are unanswered...
So I've got my sever with 3 domains: x.com, y.com and z.com. x.com relays internally, y.com relays internally, and z.com SHOULD relay through amazon SES.
Right now, x and y.com mail correctly internally, but I need z.com to relay through SES.
So, my config so far in main.cf:
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_transport domainz_sasl_auth_enable = yes domainz_sasl_security_options = noanonymous domainz_sasl_password_maps = hash:/etc/postfix/sas2_passwd domainz_use_tls = yes domainz_tls_security_level = encrypt domainz_tls_note_starttls_offer = yes domainz_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
and in my master.cf, I've appended a unix channel above the default smtp:
domainz unix - - n - 1 smtp smtp inet n - n - - smtpd
and in my sender_transport I have
@domainZ.com domainz: 1. Where do I enter the ses smtp of "email-smtp.us-east-1.amazonaws.com". I assume we need to hit "domainz:" so we can pass the correct sasl data to it. 2. Keep in mind that this is mail going out from the server, not in, so that's why I didn't set a transport_map. This is the error I'm getting when pushing out mail from @domainz: "status=bounced (Host or domain name not found. Name service error for name=domainz type=AAAA: Host not found)"; so before we can even get to amazon's SES host, I'm having an issue at the transport level that I can't seem to figure out.
Thanks, Mike
After nearly 24 hours of trying to solve this, I finally figured it out. I hope this helps whomever is looking to use this same method and doesn't have to go through the pain I just went through!
So in my example above, domain x + y relayed through virtual aliases. For z we must use a transport, in this case it was a sender_dependent_relayhost_maps
transport, so I can grab the sender and relay them through amazon SES.
In main.cf, regardless of smtp/unix-socket
, we straight up use SES standards:
smtp_sasl_auth_enable=yes
smtp_sasl_security_options=noanonymous
smtp_sasl_password_maps=hash:/etc/postfix/sas
smtp_use_tls=yes
smtp_tls_security_level=encrypt
smtp_tls_note_starttls_offer=yes
smtp_tls_CAfile=/etc/ssl/certs/ca-bundle.crt
In sender_dependent_relayhost_maps
we use:
@domainz.com [email-smtp.us-east-1.amazonaws.com]:25
The smtp_sasl_password_maps
file stores the matching relay's user:key.
And that's it!