Hybrid gmail MX + postfix for local accounts
- by krunk
Here's the setup:
We have a domain, mydomain.com. Everything is on our own server, except general email accounts which are through gmail.
Currently gmail is set as the MX record.
The server also has various email aliases it needs to support for bug trackers and such. e.g. [email protected] |/path/to/issuetracker.script
I'm struggling with a setup that allows the following, both locally and from user's email clients.
guser1 - has a gmail account and a local account
guser2 - only has a gmail account
bugs - has a pipe alias in /etc/aliases for issue tracker
Scenarios
mail to [email protected] from local host (crons and such) needs to go to gmail account
mail to [email protected] from local host
mail to [email protected] needs to be piped to the local issue tracker script
So, the first stab was creating a transport map. In this scenario, the our server would be set as teh MX and guser* destined emails are sent to gmail. Put the gmail users in a map like so:
[email protected] smtp:gmailsmtp:25
[email protected] smtp:gmailsmtp:25
Problems:
Ignores extensions such as [email protected]
Only works if append_at_myorigin = no (if set to yes, gmail refuses to connect with: E4C7E3E09BA3: to=, relay=none, delay=0.05, delays=0.02/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to gmail-smtp-in.l.google.com[209.85.222.57]:25: Connection refused))
since append_at_myorigin is set to no, all received emails have (unknown sender)
The second stab was to set explicit localhost aliases in /etc/aliases and do a domain wide forward on mydomain. This too requires setting the local server as the MX:
root: root@localhost
# transport
mydomain.com smtp:gmailsmtp:25
Problems:
* If I create a transport map for a domain that matches "$myhostname", the aliases file is never parsed. So when a local user (or daemon) sends an email like:
mail -s "testing" root < text.txt
Postfix ignores the /etc/alias entry and maps to [email protected] and attempts to send it to the gmail transport mapping.
Third stab:
Create a subdomain for the bugs, something like bugs.mydomain.com. Set the MX for this domain to local server and leave the MX for mydomain.com to the Gmail server.
Problems:
* Does not solve the issue with local accounts. So when the bug tracker responds to an email from [email protected], it uses a local transport and the user never receives the email.
% postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = no
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$myhostname, localhost
myhostname = mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_cert_file = /etc/ssl/certs/kspace.pem
smtp_tls_enforce_peername = no
smtp_tls_key_file = /etc/ssl/certs/kspace.pem
smtp_tls_note_starttls_offer = yes
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
