After nearly 24 hours of trying to solve this, I finally figured it out. I hope this helps whomever is looking to use this same method and doesn't have to go through the pain I just went through!
So in my example above, domain x + y relayed through virtual aliases. For z we must use a transport, in this case it was a sender_dependent_relayhost_maps
transport, so I can grab the sender and relay them through amazon SES.
In main.cf, regardless of smtp/unix-socket
, we straight up use SES standards:
smtp_sasl_auth_enable=yes
smtp_sasl_security_options=noanonymous
smtp_sasl_password_maps=hash:/etc/postfix/sas
smtp_use_tls=yes
smtp_tls_security_level=encrypt
smtp_tls_note_starttls_offer=yes
smtp_tls_CAfile=/etc/ssl/certs/ca-bundle.crt
In sender_dependent_relayhost_maps
we use:
@domainz.com [email-smtp.us-east-1.amazonaws.com]:25
The smtp_sasl_password_maps
file stores the matching relay's user:key.
And that's it!