Archive for postfix

Spit user accounts for one domain between google and other hosts using postfix

Posted in Uncategorized with tags , on June 1, 2009 by voline

Here’s the situation. You own your own domain and have a postfix smtp server to configure. You’d like to host some of the email users for your domain on gmail because its easy to maintain and provides most of the features your average user wants. However you have some users that require some advanced features which google does not provide, so you want to have those email accounts hosted on a server you control. How do you do setup postfix to send some accounts to gmail and some to your other email server?

Conceptual Overview

Suppose you have email address, which you want to have email sent to it end up on google’s gmail servers, and, which will go to your own servers. All mail will be configured to route through your postfix server, which will be configured to send the mail to the appropriate places depending on the address.


Configuring google apps account

First of all, hosting your email on gmail, such that you are using your domain, wouldn’t be possible without google’s relatively new google apps hosting feature. You need to first get an apps account, if yo don’t already have one. I’ll assume you can figure out how to setup the google account. Its pretty straight forward and nothing tricky about it, just follow the instructions. Make sure you verify your domain, but don’t follow the instructions for activating email for the account. Also make sure you create a user for each email account you want hosted on gmail.

Configuring DNS

Modify the instructions given by google in the process of activating email for your apps account such that instead of using your domain as instructed for configuring your MX records, use a subdomain of your domain. For the purposes of this article, I will be using So for instance, your dns should be setup such that MX record for with priority 10 points to Have the MX records for the domain ( point to your postfix server. Also, gmail servers will not allow relaying, that is your smtp server sending email to it, unless the reverse DNS mapping for the IP of the smtp server corresponds to the domain given by postfix client to gmail smtp servers, which is controlled by the myhostname configuration parameter in So as far as I can tell, if you don’t control the reverse DNS record for your smtp server’s IP, this probably won’t work.

Configuring Postfix

I will not go into configuring your postfix server for delivering mail, since this is really specific to your setup and not the point of this article. Assume that by default you already have postfix setup to deliver email to to some other default destination. To tell postfix to route to gmail’s servers, use the following config snippets:


virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic



Of course, depending on your setup, the absolute paths here and how you store your virtual table may change. When receives mail, she will not have a To header as Also when sending email, one should not send email to, as this mail will be rejected by gmail’s servers.


Using this setup you need to add a virtual alias for every user you want to have forwarded to gmail. You can setup postfix to forward all accounts by default to gmail and selective route others to other destinations by modifying these instructions to by default send mail to gmail and change the subdomain MX records to point to the other destination (or if the destination is the local box only postfix need be modified). This is left as an exercise to the reader.

If you are using sasl authentication, you should make sure, if you desire, that the authentication coincides with the gmail account. Usually, when authing with gmail’s smtp servers to send outgoing mail, the username and password are the same for logging into the account via the web interface or imap. If you already have an auth mechanism setup for the default delivery point, it won’t know about the gmail user credentials and so won’t be able to auth them. You probably don’t want to just set your email clients outgoing smtp server to google’s because, then when you send an email to google thinks it should be the owner of that domain and see that that user does not exist and bounce your mail. So to effectively send mail across the two delivery points, the mail must go through the postfix server. Just make sure your auth mechanism knows about your gmail users and auths the correctly.