Re: setup for personal computer, no domain, smarthost
>Wietse wrote: >> I forgot about authentication. >> >> relayhost = [smtp.newsguy.com]:587 >> >> See http://www.postfix.org/SOHO_README.html for this and other >> information of interest. > >That doesn't seem to work yet at least not by itself but could also be >seriuosly inept pilot error. But before I start posting logs >and so on, I'm trying to get masquerading to help this work. But must not >be understanding the docu well enough > >This page: > http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade >says in part: [...] >Example: >/etc/postfix/main.cf: >masquerade_domains = foo.example.com example.com" > >I thought that might mean I could do: >masquerade_domains = u0.local.lan newsguy.com > >But still get complaints from smarthost about u0.local.lan not recognized. > >I think I will try > masquerade_domains = newsguy.com >Might be more like what is expected to do. > >I'm still tinkering so should know soon. That didn't do it either. The most significant log message below: Aug 5 22:49:17 u0 postfix/smtp[18892]: CC02E182330: to=, relay=smtp.newsguy.com[74.209.136.78]:587, delay=5.4, delays=0.06/0.03/5.3/0.04, dsn=5.1.8, status=bounced (host smtp.newsguy.com[74.209.136.78] said: 553 5.1.8 ... Domain of sender address rea...@u0.local.lan does not exist (in reply to MAIL FROM command)) I'm not really sure what that last sentence is trying to tell me but I had hoped the masquerading would rewrite that to be rea...@newsguy.com. Seems like what I need is to be able to make the righthand side say `newsguy.com' in both From: and the Sender info. But perhaps I have something else in main.cf screwed up. Included below: --- smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination masquerade_domains = newsguy.com relayhost = [smtp.newsguy.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay_passwords smtp_sasl_security_options = myhostname = u0.local.lan alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = u0.local.lan mydestination = u0.local.lan, u0, localhost mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 5120 recipient_delimiter = inet_interfaces = all inet_protocols = all home_mailbox = mbox
Re: setup for personal computer, no domain, smarthost
Wietse wrote: > I forgot about authentication. > > relayhost = [smtp.newsguy.com]:587 > > See http://www.postfix.org/SOHO_README.html for this and other > information of interest. That doesn't seem to work yet at least not by itself but could also be seriuosly inept pilot error. But before I start posting logs and so on, I'm trying to get masquerading to help this work. But must not be understanding the docu well enough This page: http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade says in part: "Address masquerading is disabled by default, and is implemented by the cleanup(8) server. To enable, edit the masquerade_domains parameter in the main.cf file and specify one or more domain names separated by whitespace or commas. When Postfix tries to masquerade a domain, it processes the list from left to right, and processing stops at the first match. Example: /etc/postfix/main.cf: masquerade_domains = foo.example.com example.com" I thought that might mean I could do: masquerade_domains = u0.local.lan newsguy.com But still get complaints from smarthost about u0.local.lan not recognized. I think I will try masquerade_domains = newsguy.com Might be more like what is expected to do. I'm still tinkering so should know soon.
Re: setup for personal computer, no domain, smarthost
Sorry about the delay, I tried to reply on: gmane.mail.postfix.user but never say my replies appear so now trying to reply thru the mailing list. Marat Khaliliwrites: > On 05/08/17 17:05, rea...@newsguy.com wrote: >> Details: >> Setup: Newish install of ubuntu-26 (still making settings etc) Marat K wrote: > Not sure what ubuntu-26 is, but I'm using smarthost configuration in > Ubuntu. Local gurus can advice on installing from source, but it is > not necessary. A dopey typo... looking at something else... should be: ubuntu-17.04 Harry wrote >> I want to be able to pull mail from various pop3 and imap accounts. >> Probably with fetchmail (I've used for many years) Marat K wrote: > Nothing to do with postfix. Well that's good news. When I used sendmail, fetchmail would pass incoming mail to port25 for sendmail to deliver. I don't know how postfix works but I thought it might be the same way when used with fetchmail. Harry wrote: >> With sendmail I used the smarthost method by masquerading as newsguy. >> Not sure how to do it with postfix. Or if something >> else entirely is needed. Ubuntu has interactive installer for package postfix that allows you to create smarthost configuration. Did you try it? Yes, but that didn't help the masquerading part. What I said above was that the SmartHost wasn't enough without masquerading. I've been thru the config thing, repeatedly and have not seen any questions about masquerading. I did find something in the docs but what I understood them to be saying isn't working .. not yet anyway... still tinkering with it.
Re: hostname in aliases.db
On Sat, Aug 05, 2017 at 07:58:19PM +0300, Marat Khalili wrote: > > See also postalias(1), but I'm still not sure that this is a > > real problem. Does something in the container not work > > properly with host-generated aliases.db? > > That's what I'd like to know to, is this hostname mention even > being used? I doubt it is, but I am too lazy / busy to test. :) You could also consult your Berkeley DB documentation. I do know that Postfix simply queries it for the localpart in a localpart@domain, where domain is in $mydestination. Metadata in aliases.db is not queried. > Testing one particular container is not sufficient since I might > run into problems with some other container later, after I end > scripting it. > > > > The better way would probably be to simplify your mail > > infrastructure, using null clients where appropriate. > > > > I have nothing against containerizing Postfix nor running it > > in virtual machines, but unless your organization is very huge > > you do not need more than 1-2 MX hosts and perhaps a per-site > > MSA (which often can coexist on the submission port with MX > > instances.) > > Completely agree. It is mostly a problem of having a hammer and > seeing everything as a nail: I'm also not happy about having many > full-blown postfix instances, but it works and learning something > requires an effort. Hehe, okay. :) > Is msmtp the recommended tool for doing this or just one of the > many out there? There are several, and I am unable specifically to recommend one against the others, because I'm like you. I have this hammer, and when I need to do something involving sending mail, I just use Postfix. ;) -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: hostname in aliases.db
You might indeed want to generate your aliases.db for each container, and chroot(1) might be a means to do that. Completely forgot about chroot, much better than starting whole container. See also postalias(1), but I'm still not sure that this is a real problem. Does something in the container not work properly with host-generated aliases.db? That's what I'd like to know to, is this hostname mention even being used? Testing one particular container is not sufficient since I might run into problems with some other container later, after I end scripting it. The better way would probably be to simplify your mail infrastructure, using null clients where appropriate. I have nothing against containerizing Postfix nor running it in virtual machines, but unless your organization is very huge you do not need more than 1-2 MX hosts and perhaps a per-site MSA (which often can coexist on the submission port with MX instances.) Completely agree. It is mostly a problem of having a hammer and seeing everything as a nail: I'm also not happy about having many full-blown postfix instances, but it works and learning something requires an effort. Is msmtp the recommended tool for doing this or just one of the many out there? -- With Best Regards, Marat Khalili
DKIM-Signing forwarded email
Hi all, I have a postfix instance dedicated to being the main MX (IN). I normally use other postfix instances for sending emails out (OUT). Of course, even this "IN" instance needs to send emails out, mainly bounces. Now I am also implementing forwarding rules: "if you receive an email destined to this address, than forward it out to this other email address". Other addresses are @gmail.com, @msn.com, etc... In order to do that "right" I also implemented an SRS service, so to have my domain as the envelope sending address. Now I also want to enable DKIM-signing of these outgoing emails. Problem is: - SRS (or at least the product I am using, postsrsd) works at the "cleanup" level, so after smtpd - My DKIM-signing tool is a milter, so acts at smtpd time. So the email it sees is with the original sending domain and not my domain. How can I achieve the intended behaviour? Thank you in advance for your help Marco
Re: hostname in aliases.db
On Sat, Aug 05, 2017 at 07:11:08PM +0300, Marat Khalili wrote: > I'm cloning an LXC container which optionally can contain postfix > installation. After cloning the filesystem there's a number of > places I need to change the hostname in. > > I used grep to search for these places and unexpectedly found > mentioning of hostname in /etc/aliases.db, even though /etc/aliases > does not include it. Is this an actual problem? Also, I wonder why you'd need multiple containers with Postfix installs? Did you consider possibly using a null client like msmtp, if all these containers need to do is send mail through a relayhost? > Thus I wonder if I need to re-generate /etc/aliases.db and how can > I do it without actually starting container? You might indeed want to generate your aliases.db for each container, and chroot(1) might be a means to do that. > I can run `newaliases -oAhash:/container/rootfs/etc/aliases` from > host, but then there's a name of the host system in aliases.db, > not container's. See also postalias(1), but I'm still not sure that this is a real problem. Does something in the container not work properly with host-generated aliases.db? > I can also re-generate it from within a container after starting > it and then reload postfix, but it is kludgy. Is there some better > way? The better way would probably be to simplify your mail infrastructure, using null clients where appropriate. I have nothing against containerizing Postfix nor running it in virtual machines, but unless your organization is very huge you do not need more than 1-2 MX hosts and perhaps a per-site MSA (which often can coexist on the submission port with MX instances.) -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
hostname in aliases.db
I've got the following problem which is not critical but still interesting. I'm cloning an LXC container which optionally can contain postfix installation. After cloning the filesystem there's a number of places I need to change the hostname in. I used grep to search for these places and unexpectedly found mentioning of hostname in /etc/aliases.db, even though /etc/aliases does not include it. Thus I wonder if I need to re-generate /etc/aliases.db and how can I do it without actually starting container? I can run `newaliases -oAhash:/container/rootfs/etc/aliases` from host, but then there's a name of the host system in aliases.db, not container's. I can also re-generate it from within a container after starting it and then reload postfix, but it is kludgy. Is there some better way? -- With Best Regards, Marat Khalili
Re: setup for personal computer, no domain, smarthost
Wietse Venema: > rea...@newsguy.com: > > Single user home machine on home lan. > > No real domain (my ISP is comcast but does not offer Static IP for its > > users .. or any kind of personal domain name) > > /etc/postfix/main.cf: > myhostname = localhost.localdomain > myorigin = localhost.localdomain > > See http://www.postfix.org/BASIC_CONFIGURATION_README.html > > > I want to be able to pull mail from various pop3 and imap accounts. > > Probably with fetchmail (I've used for many years) > > AND be able to send mail out thru a smarthost, also done for many > > years but it is becoming increasingly difficult to setup. > > There must be lots of writeups for fetchmail doing this. > > > Smarthost is probabably smtp.newsguy.com. That is what I've been > > using for some time, and I have a very old account with them for > > pop3. > > /etc/postfix/main.cf: > # Include the [] to suppress MS lookups. > relayhost = [smtp.newsguy.com] I forgot about authentication. relayhost = [smtp.newsguy.com]:587 See http://www.postfix.org/SOHO_README.html for this and other information of interest. Wietse
Re: setup for personal computer, no domain, smarthost
rea...@newsguy.com: > Single user home machine on home lan. > No real domain (my ISP is comcast but does not offer Static IP for its > users .. or any kind of personal domain name) /etc/postfix/main.cf: myhostname = localhost.localdomain myorigin = localhost.localdomain See http://www.postfix.org/BASIC_CONFIGURATION_README.html > I want to be able to pull mail from various pop3 and imap accounts. > Probably with fetchmail (I've used for many years) > AND be able to send mail out thru a smarthost, also done for many > years but it is becoming increasingly difficult to setup. There must be lots of writeups for fetchmail doing this. > Smarthost is probabably smtp.newsguy.com. That is what I've been > using for some time, and I have a very old account with them for > pop3. /etc/postfix/main.cf: # Include the [] to suppress MS lookups. relayhost = [smtp.newsguy.com] > With sendmail: > I used the smarthost method by masquerading as newsguy. See http://www.postfix.org/STANDARD_CONFIGURATION_README.html#fantasy This has examples to map user@localhost.localdomain to your ISP account. Wietse
Re: setup for personal computer, no domain, smarthost
> Date: Saturday, August 05, 2017 07:05:22 -0700 > From: rea...@newsguy.com > > Single user home machine on home lan. > No real domain (my ISP is comcast but does not offer Static IP for > its users .. or any kind of personal domain name). > > I want to be able to pull mail from various pop3 and imap accounts. > Probably with fetchmail (I've used for many years) > AND be able to send mail out thru a smarthost, also done for many > years but it is becoming increasingly difficult to setup. Generally port 25 is blocked (both directions) on Comcast dynamic IP assignments. So, to send mail you'll likely need to configure your MTA (postfix or sendmail) to use port 587/starttls (with authentication) to send mail via your account on your mail provider's server (or simply have your MUA do that and not bother with an MTA). Comcast does offer a business-grade service that includes static IP assignment and port 25 access.
Re: setup for personal computer, no domain, smarthost
On 05/08/17 17:05, rea...@newsguy.com wrote: Details: Setup: Newish install of ubuntu-26 (still making settings etc) Not sure what ubuntu-26 is, but I'm using smarthost configuration in Ubuntu. Local gurus can advice on installing from source, but it is not necessary. I want to be able to pull mail from various pop3 and imap accounts. Probably with fetchmail (I've used for many years) Nothing to do with postfix. With sendmail: I used the smarthost method by masquerading as newsguy. Not sure how to do it with postfix. Or if something else entirely is needed. Ubuntu has interactive installer for package postfix that allows you to create smarthost configuration. Did you try it? The only thing you may need tweaking is authentication. Read about smtp_sasl_auth_enable, smtp_sasl_security_options and smtp_sasl_password_maps . As soon as you get it working, ramp up the encryption using smtp_tls_* -- With Best Regards, Marat Khalili
setup for personal computer, no domain, smarthost
Summary: Setup postfix for single user home machine. Receive mail for single user Send out mail from single user (Thru smarthost) (I do have credentials for a few online smtp servers) Details: Setup: Newish install of ubuntu-26 (still making settings etc) I'm a long time sendmail user but recently have not been able to get it working... as has happened many times, something has changed somewhere in the chain and my setup no longer works. After being told many times to ditch sendmail and use postfix ... I'm only starting to try to understand postfix but my situation is: Single user home machine on home lan. No real domain (my ISP is comcast but does not offer Static IP for its users .. or any kind of personal domain name) I want to be able to pull mail from various pop3 and imap accounts. Probably with fetchmail (I've used for many years) AND be able to send mail out thru a smarthost, also done for many years but it is becoming increasingly difficult to setup. Smarthost is probabably smtp.newsguy.com. That is what I've been using for some time, and I have a very old account with them for pop3. With sendmail: I used the smarthost method by masquerading as newsguy. Not sure how to do it with postfix. Or if something else entirely is needed.
Re: Why there is no `reject_rbl_sender` restriction?
> What I was trying to say is that (if there was 1 A record per domain), the > number of spamhaus lookups would increase two times. > If you check MX records, number of lookups can increase even more. I am afraid I still do not understand how you count it :-( But it does not matter, thank you very much for your effort! :-) > hopefully you find it out before get blocked by spamhaus :-) Spamhaus allows 300,000 queries per day. I am still waaay behind it. Moreover 70% of all spam ends on my first Spamhaus restriction anyway. But once again thank you for your notice, Matus! I will be carefull with the restrictions :-)