Re: setup for personal computer, no domain, smarthost

[reader]

>Wietse wrote:
>> I forgot about authentication.
>>
>> relayhost = [smtp.newsguy.com]:587
>>
>> See http://www.postfix.org/SOHO_README.html for this and other 
>> information of interest.
>
>That doesn't seem to work yet at least not by itself but could also be
>seriuosly inept pilot error. But before I start posting logs
>and so on, I'm trying to get masquerading to help this work.  But must not
>be understanding the docu well enough 
>
>This page:
>  http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade
>says in part:

[...]

>Example:

>/etc/postfix/main.cf:
>masquerade_domains = foo.example.com example.com"
>
>I thought that might mean I could do:
>masquerade_domains = u0.local.lan newsguy.com
>
>But still get complaints from smarthost about u0.local.lan not recognized.
>
>I think I will try 
>  masquerade_domains = newsguy.com
>Might be more like what is expected to do.
>
>I'm still tinkering so should know soon.

That didn't do it either. The most significant log message below:

Aug 5 22:49:17 u0 postfix/smtp[18892]: CC02E182330:
to=, relay=smtp.newsguy.com[74.209.136.78]:587,
delay=5.4, delays=0.06/0.03/5.3/0.04, dsn=5.1.8, status=bounced (host
smtp.newsguy.com[74.209.136.78] said: 553 5.1.8
... Domain of sender address rea...@u0.local.lan
does not exist (in reply to MAIL FROM command))

I'm not really sure what that last sentence is trying to tell me but I 
had hoped the masquerading would rewrite that to be rea...@newsguy.com.

Seems like what I need is to be able to make the righthand side say 
`newsguy.com' in both From: and the Sender info.

But perhaps I have something else in main.cf screwed up.

Included below:
---
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination

masquerade_domains = newsguy.com

relayhost = [smtp.newsguy.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwords
smtp_sasl_security_options =
myhostname = u0.local.lan
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = u0.local.lan
mydestination = u0.local.lan, u0, localhost
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 5120
recipient_delimiter = 
inet_interfaces = all
inet_protocols = all
home_mailbox = mbox

Re: setup for personal computer, no domain, smarthost

[reader]

Wietse wrote:
> I forgot about authentication.
>
> relayhost = [smtp.newsguy.com]:587
>
> See http://www.postfix.org/SOHO_README.html for this and other 
> information of interest.

That doesn't seem to work yet at least not by itself but could also be
seriuosly inept pilot error. But before I start posting logs
and so on, I'm trying to get masquerading to help this work.  But must not
be understanding the docu well enough 

This page:
  http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade
says in part:

"Address masquerading is disabled by default, and is implemented by the
cleanup(8) server. To enable, edit the masquerade_domains parameter in the
main.cf file and specify one or more domain names separated by whitespace or
commas. When Postfix tries to masquerade a domain, it processes the list from
left to right, and processing stops at the first match.

Example:

/etc/postfix/main.cf:
masquerade_domains = foo.example.com example.com"

I thought that might mean I could do:
masquerade_domains = u0.local.lan newsguy.com

But still get complaints from smarthost about u0.local.lan not recognized.

I think I will try 
  masquerade_domains = newsguy.com
Might be more like what is expected to do.

I'm still tinkering so should know soon.

Re: setup for personal computer, no domain, smarthost

[reader]

Sorry about the delay, I tried to reply on:
   gmane.mail.postfix.user but never say my replies appear so
now trying to reply thru the mailing list.

Marat Khalili  writes:

> On 05/08/17 17:05, rea...@newsguy.com wrote:
>> Details:
>> Setup: Newish install of ubuntu-26 (still making settings etc)

Marat K wrote:
> Not sure what ubuntu-26 is, but I'm using smarthost configuration in
> Ubuntu. Local gurus can advice on installing from source, but it is
> not necessary.

A dopey typo... looking at something else... should be: ubuntu-17.04

Harry wrote
>> I want to be able to pull mail from various pop3 and imap accounts.
>> Probably with fetchmail (I've used for many years)

Marat K wrote:
> Nothing to do with postfix.

Well that's good news.

When I used sendmail, fetchmail would pass incoming mail to port25 for
sendmail to deliver. I don't know how postfix works but I thought it might be
the same way when used with fetchmail.

Harry wrote:
>> With sendmail I used the smarthost method by masquerading as newsguy.
>> Not sure how to do it with postfix. Or if something
>> else entirely is needed.

Ubuntu has interactive installer for package postfix that allows you
to create smarthost configuration. Did you try it? 

Yes, but that didn't help the masquerading part. What I said above was that
the SmartHost wasn't enough without masquerading.

I've been thru the config thing, repeatedly and have not seen any 
questions about masquerading.

I did find something in the docs but what I understood them to be saying
isn't working .. not yet anyway... still tinkering with it.

Re: hostname in aliases.db

[/dev/rob0]

On Sat, Aug 05, 2017 at 07:58:19PM +0300, Marat Khalili wrote:
> > See also postalias(1), but I'm still not sure that this is a
> > real problem.  Does something in the container not work
> > properly with host-generated aliases.db?
>
> That's what I'd like to know to, is this hostname mention even 
> being used?

I doubt it is, but I am too lazy / busy to test. :)  You could also 
consult your Berkeley DB documentation.

I do know that Postfix simply queries it for the localpart in a 
localpart@domain, where domain is in $mydestination.  Metadata in 
aliases.db is not queried.

> Testing one particular container is not sufficient since I might 
> run into problems with some other container later, after I end 
> scripting it.
> 
> 
> > The better way would probably be to simplify your mail
> > infrastructure, using null clients where appropriate.
> > 
> > I have nothing against containerizing Postfix nor running it
> > in virtual machines, but unless your organization is very huge
> > you do not need more than 1-2 MX hosts and perhaps a per-site
> > MSA (which often can coexist on the submission port with MX 
> > instances.)
>
> Completely agree. It is mostly a problem of having a hammer and 
> seeing everything as a nail: I'm also not happy about having many 
> full-blown postfix instances, but it works and learning something 
> requires an effort.

Hehe, okay. :)

> Is msmtp the recommended tool for doing this or just one of the
> many out there?

There are several, and I am unable specifically to recommend one 
against the others, because I'm like you.  I have this hammer, and 
when I need to do something involving sending mail, I just use 
Postfix. ;)
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: hostname in aliases.db

[Marat Khalili]

You might indeed want to generate your aliases.db for each container,
and chroot(1) might be a means to do that.

Completely forgot about chroot, much better than starting whole container.



See also postalias(1), but I'm still not sure that this is a real
problem.  Does something in the container not work properly with
host-generated aliases.db?
That's what I'd like to know to, is this hostname mention even being 
used? Testing one particular container is not sufficient since I might 
run into problems with some other container later, after I end scripting it.




The better way would probably be to simplify your mail
infrastructure, using null clients where appropriate.

I have nothing against containerizing Postfix nor running it in
virtual machines, but unless your organization is very huge you do
not need more than 1-2 MX hosts and perhaps a per-site MSA (which
often can coexist on the submission port with MX instances.)
Completely agree. It is mostly a problem of having a hammer and seeing 
everything as a nail: I'm also not happy about having many full-blown 
postfix instances, but it works and learning something requires an 
effort. Is msmtp the recommended tool for doing this or just one of the 
many out there?



--

With Best Regards,
Marat Khalili

DKIM-Signing forwarded email

[Marco Pizzoli]

Hi all,
I have a postfix instance dedicated to being the main MX (IN).
I normally use other postfix instances for sending emails out (OUT).

Of course, even this "IN" instance needs to send emails out, mainly bounces.

Now I am also implementing forwarding rules: "if you receive an email
destined to this address, than forward it out to this other email address".
Other addresses are @gmail.com, @msn.com, etc...

In order to do that "right" I also implemented an SRS service, so to have
my domain as the envelope sending address.
Now I also want to enable DKIM-signing of these outgoing emails.

Problem is:
- SRS (or at least the product I am using, postsrsd) works at the "cleanup"
level, so after smtpd
- My DKIM-signing tool is a milter, so acts at smtpd time. So the email it
sees is with the original sending domain and not my domain.

How can I achieve the intended behaviour?

Thank you in advance for your help

Marco

Re: hostname in aliases.db

[/dev/rob0]

On Sat, Aug 05, 2017 at 07:11:08PM +0300, Marat Khalili wrote:
> I'm cloning an LXC container which optionally can contain postfix 
> installation. After cloning the filesystem there's a number of 
> places I need to change the hostname in.
> 
> I used grep to search for these places and unexpectedly found 
> mentioning of hostname in /etc/aliases.db, even though /etc/aliases 
> does not include it.

Is this an actual problem?  Also, I wonder why you'd need multiple 
containers with Postfix installs?  Did you consider possibly using a 
null client like msmtp, if all these containers need to do is send 
mail through a relayhost?

> Thus I wonder if I need to re-generate /etc/aliases.db and how can 
> I do it without actually starting container?

You might indeed want to generate your aliases.db for each container, 
and chroot(1) might be a means to do that.

> I can run `newaliases -oAhash:/container/rootfs/etc/aliases` from
> host, but then there's a name of the host system in aliases.db,
> not container's.

See also postalias(1), but I'm still not sure that this is a real 
problem.  Does something in the container not work properly with 
host-generated aliases.db?

> I can also re-generate it from within a container after starting
> it and then reload postfix, but it is kludgy. Is there some better 
> way?

The better way would probably be to simplify your mail 
infrastructure, using null clients where appropriate.

I have nothing against containerizing Postfix nor running it in 
virtual machines, but unless your organization is very huge you do 
not need more than 1-2 MX hosts and perhaps a per-site MSA (which 
often can coexist on the submission port with MX instances.)
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

hostname in aliases.db

[Marat Khalili]

I've got the following problem which is not critical but still 
interesting. I'm cloning an LXC container which optionally can contain 
postfix installation. After cloning the filesystem there's a number of 
places I need to change the hostname in.


I used grep to search for these places and unexpectedly found mentioning 
of hostname in /etc/aliases.db, even though /etc/aliases does not 
include it. Thus I wonder if I need to re-generate /etc/aliases.db and 
how can I do it without actually starting container?


I can run `newaliases -oAhash:/container/rootfs/etc/aliases` from host, 
but then there's a name of the host system in aliases.db, not 
container's. I can also re-generate it from within a container after 
starting it and then reload postfix, but it is kludgy. Is there some 
better way?



--

With Best Regards,
Marat Khalili

Re: setup for personal computer, no domain, smarthost

[Wietse Venema]

Wietse Venema:
> rea...@newsguy.com:
> > Single user home machine on home lan.
> > No real domain (my ISP is comcast but does not offer Static IP for its
> > users .. or any kind of personal domain name)
> 
> /etc/postfix/main.cf:
> myhostname = localhost.localdomain
> myorigin = localhost.localdomain
> 
> See http://www.postfix.org/BASIC_CONFIGURATION_README.html
> 
> > I want to be able to pull mail from various pop3 and imap accounts.
> > Probably with fetchmail (I've used for many years)
> > AND be able to send mail out thru a smarthost, also done for many
> > years but it is becoming increasingly difficult to setup.
> 
> There must be lots of writeups for fetchmail doing this.
> 
> > Smarthost is probabably smtp.newsguy.com.  That is what I've been
> > using for some time, and I have a very old account with them for
> > pop3. 
> 
> /etc/postfix/main.cf:
> # Include the [] to suppress MS lookups.
> relayhost = [smtp.newsguy.com]

I forgot about authentication.

relayhost = [smtp.newsguy.com]:587

See http://www.postfix.org/SOHO_README.html for this and other 
information of interest.

Wietse

Re: setup for personal computer, no domain, smarthost

[Wietse Venema]

rea...@newsguy.com:
> Single user home machine on home lan.
> No real domain (my ISP is comcast but does not offer Static IP for its
> users .. or any kind of personal domain name)

/etc/postfix/main.cf:
myhostname = localhost.localdomain
myorigin = localhost.localdomain

See http://www.postfix.org/BASIC_CONFIGURATION_README.html

> I want to be able to pull mail from various pop3 and imap accounts.
> Probably with fetchmail (I've used for many years)
> AND be able to send mail out thru a smarthost, also done for many
> years but it is becoming increasingly difficult to setup.

There must be lots of writeups for fetchmail doing this.

> Smarthost is probabably smtp.newsguy.com.  That is what I've been
> using for some time, and I have a very old account with them for
> pop3. 

/etc/postfix/main.cf:
# Include the [] to suppress MS lookups.
relayhost = [smtp.newsguy.com]

> With sendmail:
> I used the smarthost method by masquerading as newsguy.

See http://www.postfix.org/STANDARD_CONFIGURATION_README.html#fantasy
This has examples to map user@localhost.localdomain to your ISP account.

Wietse

Re: setup for personal computer, no domain, smarthost

[Richard]

> Date: Saturday, August 05, 2017 07:05:22 -0700
> From: rea...@newsguy.com
>
> Single user home machine on home lan.
> No real domain (my ISP is comcast but does not offer Static IP for
> its users .. or any kind of personal domain name).
> 
> I want to be able to pull mail from various pop3 and imap accounts.
> Probably with fetchmail (I've used for many years)
> AND be able to send mail out thru a smarthost, also done for many
> years but it is becoming increasingly difficult to setup.

Generally port 25 is blocked (both directions) on Comcast dynamic IP
assignments. So, to send mail you'll likely need to configure your
MTA (postfix or sendmail) to use port 587/starttls (with
authentication) to send mail via your account on your mail provider's
server (or simply have your MUA do that and not bother with an MTA).

Comcast does offer a business-grade service that includes static IP
assignment and port 25 access.

Re: setup for personal computer, no domain, smarthost

[Marat Khalili]

On 05/08/17 17:05, rea...@newsguy.com wrote:

Details:
Setup: Newish install of ubuntu-26 (still making settings etc)
Not sure what ubuntu-26 is, but I'm using smarthost configuration in 
Ubuntu. Local gurus can advice on installing from source, but it is not 
necessary.



I want to be able to pull mail from various pop3 and imap accounts.
Probably with fetchmail (I've used for many years)

Nothing to do with postfix.


With sendmail:
I used the smarthost method by masquerading as newsguy.
Not sure how to do it with postfix. Or if something
else entirely is needed.
Ubuntu has interactive installer for package postfix that allows you to 
create smarthost configuration. Did you try it? The only thing you may 
need tweaking is authentication. Read about smtp_sasl_auth_enable, 
smtp_sasl_security_options and smtp_sasl_password_maps . As soon as you 
get it working, ramp up the encryption using smtp_tls_*


--

With Best Regards,
Marat Khalili

setup for personal computer, no domain, smarthost

[reader]

Summary:
Setup postfix for single user home machine.
Receive mail for single user
Send out mail from single user (Thru smarthost)
(I do have credentials for a few online smtp servers)

Details:
Setup: Newish install of ubuntu-26 (still making settings etc)

I'm a long time sendmail user but recently have not been able to get
it working... as has happened many times, something has changed
somewhere in the chain and my setup no longer works.

After being told many times to ditch sendmail and use postfix ...
I'm only starting to try to understand postfix but my situation is:

Single user home machine on home lan.
No real domain (my ISP is comcast but does not offer Static IP for its
users .. or any kind of personal domain name)

I want to be able to pull mail from various pop3 and imap accounts.
Probably with fetchmail (I've used for many years)
AND be able to send mail out thru a smarthost, also done for many
years but it is becoming increasingly difficult to setup.

Smarthost is probabably smtp.newsguy.com.  That is what I've been
using for some time, and I have a very old account with them for
pop3. 

With sendmail:
I used the smarthost method by masquerading as newsguy.
Not sure how to do it with postfix. Or if something 
else entirely is needed.
  

Re: Why there is no `reject_rbl_sender` restriction?

[Martin Jiřička]

> What I was trying to say is that (if there was 1 A record per domain), the
> number of spamhaus lookups would increase two times.
> If you check MX records, number of lookups can increase even more.

I am afraid I still do not understand how you count it :-( But it does
not matter, thank you very much for your effort! :-)

> hopefully you find it out before get blocked by spamhaus :-)

Spamhaus allows 300,000 queries per day. I am still waaay behind it.
Moreover 70% of all spam ends on my first Spamhaus restriction anyway.

But once again thank you for your notice, Matus! I will be carefull
with the restrictions :-)