Multiple accounts on the same SMTP server fails with authentication error

Summary: Configuring two accounts for the same SMTP host in Relay in Applications > Email app results in error sending because of wrong authentication.

Affected products: NethServer 7.7 with nethserver-mail-smarthost package version 2.7.3-1 and up

Steps to reproduce:
1 - Go in the Cockpit interface and open Applications > Email > Configuration;
2 - Reach “Relay” section, then click “New Relay Host”;
3 - Insert a valid sender, then the configuration for a certain SMTP server (e.g., then validate the account (validation is OK; sender address is for example;
4 - Insert another valid sender, then the configuration for the same SMTP server as the step before, then validate the account (validation is OK; sender address is for example;
5 - Try to compose an email from the identity corresponding to the address which is the last between the ones configured in steps 3 and 4 in alphabetical order (in our examples, try to send an email with sender address;
6 - You will receive an authentication error, based on the fact that the mailserver tried to authenticated with credentials instead of the ones for

Expected results: Sending an email from should authenticate to the SMTP server with credentials.

Analysis: The actual implementation populates a sender_dependent_relayhost_map in the correct way, but populates the related smtp_sasl_password_maps hash file writing authentication informations based on the SMTP server; continuing our example:


During mail sending, this file is consulted but only the first instance is evaluated and used as authentication parameters for all the connections targeting

Proposed solution: making use of the Postfix smtp_sender_dependent_authentication configuration directive and a different format for smtp_sasl_password_maps hash file, we are able to authenticate correctly the account on the destination server. The smtp_sasl_password_maps hash file will look like:

This also requires the smtp_sender_dependent_authentication = yes inside /etc/postfix/

Below proposed patches to a couple of templates inside nethserver-mail-smarthost package:

--- 10smarthost_password_sender.old	2019-10-23 18:38:17.237735229 +0200
+++ 10smarthost_password_sender	2019-10-23 18:39:16.612815792 +0200
@@ -6,10 +6,11 @@
     foreach ($db->get_all_by_prop('status' => 'enabled')) {
+	     my $sender   = $_->key();
         my $username = $_->prop('Username') || '';
         my $password = $_->prop('Password') || '';
         if($username || $password) {
-            $OUT .= sprintf("[%s]:%s\t\t%s:%s\n", $_->prop('Host'), $_->prop('Port'), $username, $password);
+            $OUT .= sprintf("%s\t\t%s:%s\n", $sender, $username, $password);
--- 40smarthost_sender.old	2019-10-23 18:51:34.350736926 +0200
+++ 40smarthost_sender	2019-10-23 18:53:59.413914549 +0200
@@ -8,6 +8,7 @@
     my @records = $db->get_all_by_prop('status' => 'enabled');
     if (scalar @records > 0) {
+	     $OUT .= "smtp_sender_dependent_authentication = yes\n";
         $OUT .= "sender_dependent_relayhost_maps = hash:/etc/postfix/sender_smarthost\n";
     } else {
         $OUT .= "# sender_dependent_relayhost_maps disabled\n";

Great #bug report and analysis @syntaxerrormmm! Thank you for your great work!

The bug is tracked here:


You can install the fix from testing

yum --enablerepo=nethserver-testing update nethserver-mail*

I tested Emiliano’s patch thoroughly and seems ok for me. Does anybody wants to confirm by checking out the RPM?