I was in a situation where I needed to implement a mail routing policy: Outgoing email from a specific domain gets routed through a relay (eg. Amazon SES) and all other goes directly.
- We have a Postfix server which acts both as a receiver and a sender.
- We want to route all mails with MAIL FROM header containing
@example.comvia Amazon SES (Simple Email Service) relay.
- Email with other MAIL FROM headers will be sent directly, without using SES.
# Domain-based outgoing email relay policy sender_dependent_relayhost_maps = hash:/etc/postfix/relay_maps smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yes
This is the main part of the configuration. We tell Postfix to look for so-called “sender dependent relayhost maps” in a hashed file with the specified path.
We also enable authentication and tell Postfix in which file the access credentials are stored. Enabling TLS encryption is also a very good idea.
Here we set what goes where. With this configuration every email originating from
example.com will go through mail relay at
email-smtp.eu-west-1.amazonaws.com using port
The relay service will provide you with authentication details, which you need to enter here.
Remember to run
postmap on both files after any change to them.
Don’t forget to properly modify your SPF setup – you need to tell the world that SES (or other relay service for that matter) is permitted to send emails on behalf of your domain. There is a probability that your emails would end up marked as spam otherwise.