Postfix sasl auth only for fallback_relay

I have a server which will try to send mails directly to destination MX servers. But some of them are rejecting the mails due to MTA's poor reputations(thats what they say).

I did every thing to improve reputation, and have no option left.

Only a couple of servers are rejecting our mails. So I thought to use Postmark for sending such mails.

But I need to configure Postfix to use sasl auth only for fallback_relay and not for direct mails to MX server.

Some MX servers are giving error due to this sasl authentication(like hotmail). Google servers are accepting without problem.

#my configuration
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:key:key
smtp_sasl_security_options = noanonymous
fallback_relay = [smtp.postmarkapp.com]:25

This is expected behavior when you use a "static" map. Following the manual http://www.postfix.org/postconf.5.html#smtp_sasl_password_maps you need to configure at least a hash map for smtp_sasl_password_maps.

The hash map file should contain one line with

smtp.postmarkapp.com   user:password

This uses the sasl only for the specified host.

I ran into the same issue. Just to expand on mailq's answer, and give it a little more detail, here is exactly what I did to solve my issue.

# old main.cf
smtp_sasl_password_maps = static:username:password

# new main.cf
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_maps

To generate the smtp_sasl_password_maps.db file, you need to create a text file with the following:

smtp.sendgrid.net = username:password

Note the lack of the "static" prefix here. From there, you just run (as root):

postmap /etc/postfix/smtp_sasl_password_maps
service postfix restart

The key here is that if there is not hostname match in the SASL password map, then it proceeded without authentication.

If no username:password entry is found, then the Postfix SMTP client will not attempt to authenticate to the remote host.