MailScanner archive breaks postfix smarthost

Remco Barendse mailscanner at
Sun Jun 13 10:58:08 UTC 2021

I use the archive function of MailScanner to send a copy 
of inbound/outbound email  to an email address on an external server.
Postfix is also serving as a backup for that same domain/server to store 
mail (should the server go down).

When I do not use SmartHost, mail goes out as expected :
Jun 13 12:49:10 gw2 postfix/smtp[5226]: BBFD882A34: 
to=<outbound at>,[--.---.--.--]:25, 
delay=0.76, delays=0.5/0.02/0.13/0.11, dsn=2.0.0, status=sent (250 2.0.0 
15DAnAAT016589 Message accepted for delivery)
Jun 13 12:49:10 gw2 MailScanner[5228]: Read 5624 hostnames from the 
phishing blacklists
Jun 13 12:49:11 gw2 postfix/smtp[5227]: BBFD882A34: 
to=<someone at>,[]:25, delay=0.92, 
delays=0.5/0.03/0.15/0.23, dsn=2.0.0, status=sent (250 2.0.0 OK 
1623581351 a13si5024937edy.153 - gsmtp)
Jun 13 12:49:11 gw2 postfix/qmgr[5207]: BBFD882A34: removed

When I enable SmartHost, it seems as if postfix doesn't use the 
smarthost byt bants to do authentication on the remote mail server to 
deliver the archive copy of the mail, which fails.

Jun 13 12:11:20 gw2 postfix/qmgr[3600]: 88F9882A30: 
from=<test at>, size=339, nrcpt=2 (queue active)
Jun 13 12:11:23 gw2 postfix/smtp[3966]: 88F9882A30: 
to=<remco at>,[]:587, 
delay=3.3, delays=1/0.09/2.2/0.06, dsn=2.0.0, status=sent (250 2.0.0 accepted mail sN5MlU4tIhqltsN
5Pliy28 for delivery)
Jun 13 12:11:23 gw2 postfix/smtp[3964]: 88F9882A30: 
to=<outbound at>,[--.---.--.--]:25, 
delay=3.1, delays=1/0.08/2/0, dsn=4.7.0, status=deferred (SASL 
authentication failed; server[--.---.--.---] said: 
535 5.7.0 authentication failed)
Jun 13 12:19:30 gw2 postfix/qmgr[3600]: 88F9882A30: 
from=<test at>, size=339, nrcpt=2 (queue active)

In my /etc/postfix/transport I have :     smtp:[]

To enable smarthost I added this to :
# Enable auth
smtp_sasl_auth_enable = yes
# Set username and password
smtp_sasl_password_maps = 
smtp_sasl_security_options = noanonymous
# Turn on tls encryption
smtp_tls_security_level = encrypt
header_size_limit = 4096000
# Set external SMTP relay host here IP or hostname accepted along with a 
port number.
relayhost = [YOUR-SMTP-SERVER-IP-HERE]:587

Where am I going wrong?

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list