UCEProtect are gangsters, even the founder admits: https://uceprotect.wtf/. You
don´t want to do anything about it, except you are located in Europe and can
complain to their customers and authorities violating GDPR.
Greetings,
Joachim
-----Ursprüngliche Nachricht-----
Von: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> Im
Auftrag von John Stoffel
Gesendet: Freitag, 2. Dezember 2022 17:37
An: Postfix users <postfix-users@postfix.org>
Betreff: Send email to one @domain.com via authenticated relay?
Hi all,
I run my own domain @stoffel.org and I'm trying to fix a problem sending email
to @charter.net users, since Spectrum has blocked my Linode's ASN number
completely. My IP passes all the RBL blacklists their first line support
suggested I check, but I find my IP for mail.stoffel.org in the UCEPROTECT-3
spam list. Nothing I can do about it. Running postfix 3.5.13
Since I'm also a charter customer for my internet, I've got an email account
with them, so I'd like to just route all email for @charter.net addresses
through their transport.
Everything else should just route naturally to where ever the MX
record points.
My host also has dovecot for local virtual users, with postscreen and
spamassasin setup as well.
I tried setting up /etc/postfix/transport_maps like this:
charter.net [mobile.charter.net]:587
But it started routing all my outgoing email through them, which isn't going to
work. So I'm missing something here. Do I need to setup a seperate instance
for sending email to @charter.net through an authenticated connection?
I though about using relay_domains = charter.net, but I certainly don't want
anyone to be able to use my host to try and spam that domain. I really just
want SASL authenticated clients who send email from my stoffel.org domain to be
routed (and possibly have the from:
header re-written and a reply-to: header added) through an authenticated path
into charter.net.
I know this should be possible, just not finding the setting in my personal
mail archive of the list, or in google-foo.
$ postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.5
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
message_size_limit = 55000000
milter_connect_macros = i j {daemon_name} v {if_name} _
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
mydestination = localhost
myhostname = mail.stoffel.org
mynetworks_style = host
myorigin = $myhostname
non_smtpd_milters = inet:127.0.0.1:8891
postscreen_access_list = permit_mynetworks
postscreen_greet_action = enforce
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/sender_bcc
smtp_sasl_password_maps = hash /etc/postfix/saslpass
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client
zen.spamhaus.org
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination, check_sender_access
hash:/etc/postfix/local_domains
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.stoffel.org/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.stoffel.org/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
spamass-dovecot_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport_maps
virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps
virtual_mailbox_domains = stoffel.org play.stoffel.org mail.stoffel.org
virtual_mailbox_maps = sqlite:/etc/postfix/virtual_users.cf
virtual_transport = spamass-dovecot
=====================================================================
$ postconf -Mf
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o header_checks=regexp:/etc/postfix/header_checks
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unauth_destination
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=mail argv=/usr/bin/maildrop -d ${recipient}
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
spamass-dovecot unix - n n - - pipe flags=DRhu
user=mail:mail argv=/usr/bin/spamc -u debian-spamd -e
/usr/lib/dovecot/deliver -a ${recipient} -d ${user}@${domain}
postlog unix-dgram n - n - 1 postlogd
