Sender Dependent Transports but on User level

[8rooti]

Hey Everyone

Is there a way to use configure Sender Dependent transport feature on a user level instead of on domain level?

As an example, I have just one domain in mailcow mybusiness.com. Have added 3 users and have added two relays; smtp-relay.gmail.com and outlook.com

user1@example.com to use no relays user2@example.com to use gmail relay user3@example.com to use outlook relay

Anyone know how I can achieve this? Or is this is not possible currently?

Thanks,

[andryyy]

Implemented by https://github.com/mailcow/mailcow-dockerized/commit/5065667ae467261d6a2336ec01faf9d26998044c

[andryyy]

In your case you'd not set a domain transport but a mailbox transport for user2 and user3.

[waja]

Maybe this can be extended somehow for mailaddresses? Actually I'm using this for "external" addresses described in https://github.com/mailcow/mailcow-dockerized/issues/4022#issuecomment-848678167 (and only for those).

[andryyy]

I cannot use the sasl name at this point. External addresses would work, but only if the external address is not allowed for another user. :/ Would that help?

[waja]

Nope, the sasl users also sends mail (in my case) that is local on this machine and those should not be relayed by those transports. Somehow the external (sender) addresses needs to be linked to one of those transports.

(in my case two of them (sasl user a) needs to be linked to one transport and two other (sasl user b) to another transport, and yes, those external addresses are not allowed by another user )

[mamash]

I cannot use the sasl name at this point. External addresses would work, but only if the external address is not allowed for another user. :/ Would that help?

André, any chance this could be revisited? I have a user with a freemail external address with a rigid SPF policy, that's resulting in severe delivery problems to Google (at least).

I have checked the SQL queries and understand why external addresses would have to be unique across the installation, but I don't see that as a problem. Do you think there's a valid use case for re-using external addresses?

[andryyy]

But you can assign a relay to a user. If you are using a non-mailcow mailbox then no, it’s still not working.

Is that really what you are trying to do?

[mamash]

But you can assign a relay to a user. If you are using a non-mailcow mailbox then no, it’s still not working.

Is that really what you are trying to do?

Yeah, that's exactly what I'm trying to do. Keep an external (freemail) address, route it through Mailcow in-and-out, and yet comply with their SPF policy by relaying through their SMTP. I think I can nail the necessary SQL adjustment to take sender_acl into account and run it from my fork though.

[mamash]

Here's a minimum diff to postfix.sh that works for me and gives me spf=pass and dmarc=pass with Google. I'm fine running this on my small installation, but obviously per-site unique external addresses are assumed, so proper UI/db checks should be implemented.

[andryyy]

Yes, external addresses would work as long as they are unique per site.

[Skydiver84de]

just tried to apply a different sender-dependent-transport to a user of one domain that already has a different sender-dependant-transport. however it looks like the user credentials of the domain are used for the user trying to access the different sender-dependant-transport. of course that fails. can somebody confirm that?

To make it clear:

Domain: [server a -> credentials a] User : [server b -> credentials b]

What is actually happenening: User [server b is logged in with credentials a -> fail]

[VermiumSifell]

This would be nice, but should be an option per domain and user. As admin

[rareseu]

You can now do that:

I think this can be closed.

[waja]

This is an account dependent transport implementation. Sender can be also an alias address (or maybe a address not hosted on this mailserver anyway).

[andryyy]

But you should be authenticated when sending a mail from the server anyway.

Doesn’t work for unauthenticated, yes, you can implement it according to Postfix docs.

[davidpiccinini]

Is needed restart specific containers for apply sender-depender transport changes? I set an specific smtp relay service with credentials A for whole domain, and credentials B for specific mailbox. But this mailbox continuos send using credentials A.

Im using Version: 2024-04 and Docker version 26.1.2, build 211e74b, under Ubuntu 20.04.6 LTS