Re: AW: Send email to one @domain.com via authenticated relay?

2022-12-03 Thread John Stoffel 
> "Joachim" == Joachim Lindenberg  writes:

> UCEProtect are gangsters, even the founder admits:
> https://uceprotect.wtf/. You don´t want to do anything about it,
> except you are located in Europe and can complain to their customers
> and authorities violating GDPR.

Yup, I wish I could do something about them since they are doing a
disservice, but it's charter.net in the US who are really to blame
here for blocking my IP by being lazy.  

This is why I hate the US telecoms market in alot of ways...

> -Ursprüngliche Nachricht-
> Von: owner-postfix-us...@postfix.org  Im 
> Auftrag von John Stoffel
> Gesendet: Freitag, 2. Dezember 2022 17:37
> An: Postfix users 
> Betreff: Send email to one @domain.com via authenticated relay?


> Hi all,
> I run my own domain @stoffel.org and I'm trying to fix a problem sending 
> email to @charter.net users, since Spectrum has blocked my Linode's ASN 
> number completely.  My IP passes all the RBL blacklists their first line 
> support suggested I check, but I find my IP for mail.stoffel.org in the 
> UCEPROTECT-3 spam list.  Nothing I can do about it.  Running postfix 3.5.13

> Since I'm also a charter customer for my internet, I've got an email account 
> with them, so I'd like to just route all email for @charter.net addresses 
> through their transport.  

> Everything else should just route naturally to where ever the MX
> record points.   

> My host also has dovecot for local virtual users, with postscreen and 
> spamassasin setup as well.

> I tried setting up /etc/postfix/transport_maps like this:

>charter.net  [mobile.charter.net]:587

> But it started routing all my outgoing email through them, which isn't going 
> to work.  So I'm missing something here.  Do I need to setup a seperate 
> instance for sending email to @charter.net through an authenticated 
> connection?

> I though about using relay_domains = charter.net, but I certainly don't want 
> anyone to be able to use my host to try and spam that domain.  I really just 
> want SASL authenticated clients who send email from my stoffel.org domain to 
> be routed (and possibly have the from:
> header re-written and a reply-to: header added) through an authenticated path 
> into charter.net.

> I know this should be possible, just not finding the setting in my personal 
> mail archive of the list, or in google-foo.



>   $ postconf -nf
>   alias_database = hash:/etc/aliases
>   alias_maps = hash:/etc/aliases
>   append_dot_mydomain = no
>   biff = no
>   compatibility_level = 3.5
>   disable_vrfy_command = yes
>   html_directory = /usr/share/doc/postfix/html
>   inet_interfaces = all
>   inet_protocols = ipv4
>   local_recipient_maps = $virtual_mailbox_maps
>   message_size_limit = 5500
>   milter_connect_macros = i j {daemon_name} v {if_name} _
>   milter_default_action = accept
>   milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
>   milter_protocol = 6
>   mydestination = localhost
>   myhostname = mail.stoffel.org
>   mynetworks_style = host
>   myorigin = $myhostname
>   non_smtpd_milters = inet:127.0.0.1:8891
>   postscreen_access_list = permit_mynetworks
>   postscreen_greet_action = enforce
>   readme_directory = /usr/share/doc/postfix
>   recipient_delimiter = +
>   sender_bcc_maps = hash:/etc/postfix/sender_bcc
>   smtp_sasl_password_maps = hash /etc/postfix/saslpass
>   smtp_tls_loglevel = 1
>   smtp_tls_security_level = may
>   smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>   smtp_tls_wrappermode = yes
>   smtpd_banner = $myhostname ESMTP $mail_name
>   smtpd_client_restrictions = permit_mynetworks, reject_rbl_client
>   zen.spamhaus.org
>   smtpd_milters = inet:127.0.0.1:8891
>   smtpd_recipient_restrictions = permit_mynetworks,
>   permit_sasl_authenticated,
>   reject_unauth_destination, check_sender_access
>   hash:/etc/postfix/local_domains
>   smtpd_tls_auth_only = yes
>   smtpd_tls_cert_file = /etc/letsencrypt/live/mail.stoffel.org/fullchain.pem
>   smtpd_tls_key_file = /etc/letsencrypt/live/mail.stoffel.org/privkey.pem
>   smtpd_tls_loglevel = 1
>   smtpd_tls_received_header = yes
>   smtpd_tls_session_cache_database =
>   btree:${data_directory}/smtpd_scache
>   smtpd_use_tls = yes
>   spamass-dovecot_destination_recipient_limit = 1
>   transport_maps = hash:/etc/postfix/transport_maps
>   virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps
>   virtual_mailbox_domains = stoffel.org play.stoffel.org mail.stoffel.org
>   virtual_mailbox_maps = sqlite:/etc/postfix/virtual_users.cf
>   virtual_transport = spamass-dovecot



> =
>   $ postconf -Mf
>   smtp   inet  n   -   n   -   1   postscreen
>   smtpd  pass  -   -   n   -   -   smtpd
>   dnsblogunix  -   -   n   -   0   dnsblog
>   tlsproxy   unix  -   -   n   -   0   tlsproxy
>   sub

AW: Send email to one @domain.com via authenticated relay?

2022-12-02 Thread Joachim Lindenberg 
UCEProtect are gangsters, even the founder admits: https://uceprotect.wtf/. You 
don´t want to do anything about it, except you are located in Europe and can 
complain to their customers and authorities violating GDPR.
Greetings, 
Joachim



-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org  Im 
Auftrag von John Stoffel
Gesendet: Freitag, 2. Dezember 2022 17:37
An: Postfix users 
Betreff: Send email to one @domain.com via authenticated relay?


Hi all,
I run my own domain @stoffel.org and I'm trying to fix a problem sending email 
to @charter.net users, since Spectrum has blocked my Linode's ASN number 
completely.  My IP passes all the RBL blacklists their first line support 
suggested I check, but I find my IP for mail.stoffel.org in the UCEPROTECT-3 
spam list.  Nothing I can do about it.  Running postfix 3.5.13

Since I'm also a charter customer for my internet, I've got an email account 
with them, so I'd like to just route all email for @charter.net addresses 
through their transport.  

Everything else should just route naturally to where ever the MX
record points.   

My host also has dovecot for local virtual users, with postscreen and 
spamassasin setup as well.

I tried setting up /etc/postfix/transport_maps like this:

   charter.net  [mobile.charter.net]:587

But it started routing all my outgoing email through them, which isn't going to 
work.  So I'm missing something here.  Do I need to setup a seperate instance 
for sending email to @charter.net through an authenticated connection?

I though about using relay_domains = charter.net, but I certainly don't want 
anyone to be able to use my host to try and spam that domain.  I really just 
want SASL authenticated clients who send email from my stoffel.org domain to be 
routed (and possibly have the from:
header re-written and a reply-to: header added) through an authenticated path 
into charter.net.

I know this should be possible, just not finding the setting in my personal 
mail archive of the list, or in google-foo.



  $ postconf -nf
  alias_database = hash:/etc/aliases
  alias_maps = hash:/etc/aliases
  append_dot_mydomain = no
  biff = no
  compatibility_level = 3.5
  disable_vrfy_command = yes
  html_directory = /usr/share/doc/postfix/html
  inet_interfaces = all
  inet_protocols = ipv4
  local_recipient_maps = $virtual_mailbox_maps
  message_size_limit = 5500
  milter_connect_macros = i j {daemon_name} v {if_name} _
  milter_default_action = accept
  milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
  milter_protocol = 6
  mydestination = localhost
  myhostname = mail.stoffel.org
  mynetworks_style = host
  myorigin = $myhostname
  non_smtpd_milters = inet:127.0.0.1:8891
  postscreen_access_list = permit_mynetworks
  postscreen_greet_action = enforce
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sender_bcc_maps = hash:/etc/postfix/sender_bcc
  smtp_sasl_password_maps = hash /etc/postfix/saslpass
  smtp_tls_loglevel = 1
  smtp_tls_security_level = may
  smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  smtp_tls_wrappermode = yes
  smtpd_banner = $myhostname ESMTP $mail_name
  smtpd_client_restrictions = permit_mynetworks, reject_rbl_client
  zen.spamhaus.org
  smtpd_milters = inet:127.0.0.1:8891
  smtpd_recipient_restrictions = permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination, check_sender_access
  hash:/etc/postfix/local_domains
  smtpd_tls_auth_only = yes
  smtpd_tls_cert_file = /etc/letsencrypt/live/mail.stoffel.org/fullchain.pem
  smtpd_tls_key_file = /etc/letsencrypt/live/mail.stoffel.org/privkey.pem
  smtpd_tls_loglevel = 1
  smtpd_tls_received_header = yes
  smtpd_tls_session_cache_database =
  btree:${data_directory}/smtpd_scache
  smtpd_use_tls = yes
  spamass-dovecot_destination_recipient_limit = 1
  transport_maps = hash:/etc/postfix/transport_maps
  virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps
  virtual_mailbox_domains = stoffel.org play.stoffel.org mail.stoffel.org
  virtual_mailbox_maps = sqlite:/etc/postfix/virtual_users.cf
  virtual_transport = spamass-dovecot



=
  $ postconf -Mf
  smtp   inet  n   -   n   -   1   postscreen
  smtpd  pass  -   -   n   -   -   smtpd
  dnsblogunix  -   -   n   -   0   dnsblog
  tlsproxy   unix  -   -   n   -   0   tlsproxy
  submission inet  n   -   y   -   -   smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o header_checks=regexp:/etc/postfix/header_checks
  -o 
smtpd_recipient_restrict