Spit user accounts for one domain between google and other hosts using postfix

Here’s the situation. You own your own domain and have a postfix smtp server to configure. You’d like to host some of the email users for your domain on gmail because its easy to maintain and provides most of the features your average user wants. However you have some users that require some advanced features which google does not provide, so you want to have those email accounts hosted on a server you control. How do you do setup postfix to send some accounts to gmail and some to your other email server?

Conceptual Overview

Suppose you have email address gmail@mydomain.com, which you want to have email sent to it end up on google’s gmail servers, and local@mydomain.com, which will go to your own servers. All mail will be configured to route through your postfix server, which will be configured to send the mail to the appropriate places depending on the address.

Implementation

Configuring google apps account

First of all, hosting your email on gmail, such that you are using your domain, wouldn’t be possible without google’s relatively new google apps hosting feature. You need to first get an apps account, if yo don’t already have one. I’ll assume you can figure out how to setup the google account. Its pretty straight forward and nothing tricky about it, just follow the instructions. Make sure you verify your domain, but don’t follow the instructions for activating email for the account. Also make sure you create a user for each email account you want hosted on gmail.

Configuring DNS

Modify the instructions given by google in the process of activating email for your apps account such that instead of using your domain as instructed for configuring your MX records, use a subdomain of your domain. For the purposes of this article, I will be using g.mydomain.org. So for instance, your dns should be setup such that MX record for g.mydomain.org with priority 10 points to aspmx.l.google.com. Have the MX records for the domain (mysite.com) point to your postfix server. Also, gmail servers will not allow relaying, that is your smtp server sending email to it, unless the reverse DNS mapping for the IP of the smtp server corresponds to the domain given by postfix client to gmail smtp servers, which is controlled by the myhostname configuration parameter in main.cf. So as far as I can tell, if you don’t control the reverse DNS record for your smtp server’s IP, this probably won’t work.

Configuring Postfix

I will not go into configuring your postfix server for delivering mail, since this is really specific to your setup and not the point of this article. Assume that by default you already have postfix setup to deliver email to mydomain.com to some other default destination. To tell postfix to route gmail@mydomain.com to gmail’s servers, use the following config snippets:

/etc/postfix/main.cf:

virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic

/etc/postfix/virtual:

gmail@mydomain.com gmail@g.mydomain.com

/etc/postfix/generic:

gmail@g.mydomain.com gmail@mydomain.com

Of course, depending on your setup, the absolute paths here and how you store your virtual table may change. When gmail@mydomain.com receives mail, she will not have a To header as g.mydomain.com. Also when sending email, one should not send email to gmail@g.mydomain.org, as this mail will be rejected by gmail’s servers.

Notes

Using this setup you need to add a virtual alias for every user you want to have forwarded to gmail. You can setup postfix to forward all accounts by default to gmail and selective route others to other destinations by modifying these instructions to by default send mail to gmail and change the subdomain MX records to point to the other destination (or if the destination is the local box only postfix need be modified). This is left as an exercise to the reader.

If you are using sasl authentication, you should make sure, if you desire, that the authentication coincides with the gmail account. Usually, when authing with gmail’s smtp servers to send outgoing mail, the username and password are the same for logging into the account via the web interface or imap. If you already have an auth mechanism setup for the default delivery point, it won’t know about the gmail user credentials and so won’t be able to auth them. You probably don’t want to just set your email clients outgoing smtp server to google’s because, then when you send an email to local@mydomain.com google thinks it should be the owner of that domain and see that that user does not exist and bounce your mail. So to effectively send mail across the two delivery points, the mail must go through the postfix server. Just make sure your auth mechanism knows about your gmail users and auths the correctly.

References

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: