Where can I find real examples of /etc/postfix/main.cf setup on host
with no resolvable FQDN relaying throu smtp Smarthost with authentication? I've been experimenting; have setup sasl user password authtication. Hashed it with postmap, encluded the necessay smtp statements and etc in main.cf I've tried using the actual hostname and domain name (even though they are not resolvable anywhere buit my home lan) in main.cf. I wasn't sure about iincluding/attaching it here .. if that is allowed in this newsgroup so left out main.cf for now. My experimental configuration in place, I try sending something with postfix's sendmail as root and as user reader reader > sudo sendmail -vt <tmail.txt Mail Delivery Status Report will be mailed to <root>. reader > sendmail -vt <tmail.txt Mail Delivery Status Report will be mailed to <reader>. tmail.txt contains: To: [hidden email] Subject: test of rough config on postfix From: [hidden email] And here goes the e-mail body test etc etc etc etc. . I tried tmail as shown, and with `From: ' field like this: From: [hidden email] (which is a working email address) smtp.newsguy.com is also the SmartHost where I have credentials; used in `main.cf'. Even though the sendmail message says reports will be mailed, nothing shows up at /var/spool/mail or at [hidden email] iinboxhowubunt ls -l /var/spool/mail/ total 1 - rw------- 1 reader mail 0 Jan 9 23:52 reader empty. Examples of working configs from a situation like mine would really be helpful. Any suggestions at all would be most welcome. |
On Mon, Jan 11, 2021 at 12:18:15PM -0500, Harry wrote:
> Where can I find real examples of /etc/postfix/main.cf setup on host > with no resolvable FQDN relaying throu smtp Smarthost with > authentication? http://www.postfix.org/SOHO_README.html http://www.postfix.org/SOHO_README.html#fantasy > reader > sendmail -vt <tmail.txt > Mail Delivery Status Report will be mailed to <reader>. > > I tried tmail as shown, and with `From: ' field like this: > From: [hidden email] (which is a working email address) The "From:" header has no bearing on the return path of email, which comes from the message envelope. You can set with the "-f sender" option of sendmail(1). > Even though the sendmail message says reports will be mailed, nothing > shows up at /var/spool/mail or at [hidden email] the fate of the probe report is in your logs. If your system is configured to relay all mail to a smarthost, then that's where the notice would have been routed to. Actual delivery requires a working configuration. If you configure a domain for local delivery, and use an address in that domain as the envelope sender, then probe status reports will be delivered locally. mydestination = localhost.local $ sendmail -f [hidden email] -bv [hidden email] -- Viktor. |
Viktor Dukhovni <[hidden email]> writes:
> On Mon, Jan 11, 2021 at 12:18:15PM -0500, Harry wrote: > >> Where can I find real examples of /etc/postfix/main.cf setup on host >> with no resolvable FQDN relaying throu smtp Smarthost with >> authentication? > > http://www.postfix.org/SOHO_README.html > http://www.postfix.org/SOHO_README.html#fantasy Thx, those are helpful but I'm appartently still not getting it right. Still failing like so: (This has been snipped from all lines below: `Jan 14 15:28:54 localhost') postfix/pickup[23288]: 40BBD492: uid=1000 from=<reader> postfix/cleanup[23322]: 40BBD492: message-id=<20210114202854.40BBD492@localhost> postfix/qmgr[23289]: 40BBD492: from=<[hidden email]>, size=374, nrcpt=1 (queue active) postfix/smtp[23324]: connect to smtp.newsguy.com[74.209.136.63]:25: Connection timed out postfix/smtp[23324]: 40BBD492: to=<[hidden email]>, relay=none, delay=30, delays=0.16/0.17/30/0, dsn=4.4.1, status=deferred (connect to smtp.newsguy.com[74.209.136.63]:25: Connection timed out) Does this line from above indicate that messages are still going out with `from=<[hidden email]> as sender from? postfix/qmgr[23289]: 40BBD492: from=<[hidden email]>, size=374, nrcpt=1 (queue active) I ask because I do have a 'generic.db' file in place. (content of generic file below) [...] > The "From:" header has no bearing on the return path of email, > which comes from the message envelope. You can set with the > "-f sender" option of sendmail(1). Is that inserted somewhere in postfix configuration or done with cmdline? > the fate of the probe report is in your logs. If your system is > configured to relay all mail to a smarthost, then that's where > the notice would have been routed to. Actual delivery requires > a working configuration. > > If you configure a domain for local delivery, and use an address > in that domain as the envelope sender, then probe status reports > will be delivered locally. > > mydestination = localhost.local > $ sendmail -f [hidden email] -bv [hidden email] Still not clear where the sendmail -f is done. The way you've written the line ... with leading `$', it appear to be done on command line. But clearly not something you would be doing with each mail... so where is the sendmail -f line set? I'm going to include my full main.cf, generic and munged sasl_passwd since I'm not really clear what is supposed to be in there... I've tried the generic file recommended at one of urls you suggested: http://www.postfix.org/SOHO_README.html#fantasy PS: /etc/postfix/generic and /etc/postfix/sasl_passwd have been postmapped and postfix reloaded. ------- ------- ---=--- ------- ------- main.cf # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level=may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_generic_maps = hash:/etc/postfix/generic smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = localhost alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname **added hp( mailname = newsguy.com ) mydestination = local.lan, $myhostname, localhost, localhost.localdomain, localhost relayhost = [smtp.newsguy.com] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_use_tls = yes mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all ------- ------- ---=--- ------- ------- /etc/postfix/generic ## 4 /etc/postfix/generic: ## 5 [hidden email] [hidden email] ## 6 [hidden email] [hidden email] ## 7 @localdomain.local [hidden email] [hidden email] [hidden email] ------- ------- ---=--- ------- ------- /etc/postfix sasl_passwd [smtp.newsguy.com] reader:XsecretX ------- ------- ---=--- ------- ------- |
On Thu, Jan 14, 2021 at 04:09:30PM -0500, Harry Putnam wrote:
> > http://www.postfix.org/SOHO_README.html > > http://www.postfix.org/SOHO_README.html#fantasy > > Thx, those are helpful but I'm appartently still not getting it > right. Still failing like so: > > postfix/pickup[23288]: 40BBD492: uid=1000 from=<reader> > postfix/cleanup[23322]: 40BBD492: message-id=<20210114202854.40BBD492@localhost> > postfix/qmgr[23289]: 40BBD492: from=<[hidden email]>, size=374, nrcpt=1 (queue active) > postfix/smtp[23324]: connect to smtp.newsguy.com[74.209.136.63]:25: Connection timed out > postfix/smtp[23324]: 40BBD492: to=<[hidden email]>, relay=none, delay=30, delays=0.16/0.17/30/0, dsn=4.4.1, status=deferred (connect to smtp.newsguy.com[74.209.136.63]:25: Connection timed out) Postfix is trying to deliver email to: > smtp.newsguy.com[74.209.136.63]:25: but, after waiting for a SYN-ACK (TCP connection completion) from the server for 30 seconds: > delay=30, delays=0.16/0.17/30/0 gives up: > Connection timed out If your connection is supposed to be to port 25 and 587 or 465, then this is not a Postfix issue, Postfix is doing all the right things, but the network connectivity just isn't there. > Does this line from above indicate that messages are still going out > with `from=<[hidden email]> as sender from? The message envelope in the queued message is "[hidden email]", but if you're using "smtp_generic_maps", logging of the original address form is expected, because the rewrites would happen on the fly during delivery, and so the queued message shows the address pre-rewrite. > I ask because I do have a 'generic.db' file in place. (content of > generic file below) Rewriting via generic happens "post queue" and so is not reflected in local log messages. The new address is only seen by the remote system (to which you never connect). > > The "From:" header has no bearing on the return path of email, > > which comes from the message envelope. You can set with the > > "-f sender" option of sendmail(1). > > Is that inserted somewhere in postfix configuration or done with > cmdline? The "-f sender" option of sendmail(1) is generally understood to be a command-line option. > > $ sendmail -f [hidden email] -bv [hidden email] > > Still not clear where the sendmail -f is done. The way you've written > the line ... with leading `$', it appear to be done on command line. > But clearly not something you would be doing with each mail... so > where is the sendmail -f line set? On the command line when you're want to send a delivery probe and be sure to have results delivered to the right sender address. > I'm going to include my full main.cf, http://www.postfix.org/DEBUG_README.html#mail > mailbox_command = procmail -a "$EXTENSION" I don't recommend this unless you know what you're doing. > mailbox_size_limit = 0 This may be unwise. > myhostname = localhost > mydestination = local.lan, $myhostname, localhost, localhost.localdomain, localhost It is best to set myhostname to a "dotted" name. And use one of the above names for the domain part of the sender address, rather than "localhost.local", which is not listed. > myorigin = /etc/mailname **added hp( mailname = newsguy.com ) I sure hope that "** ..." bit isn't actually there. And support for filenames in myorigin is Debian/Ubuntu specific. > relayhost = [smtp.newsguy.com] Perhaps a submission port number (587? 465?, ...) is needed here? > smtp_generic_maps = hash:/etc/postfix/generic This is fine. > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = You should generally set smtp_sasl_tls_security_options as described in SASL_README. http://www.postfix.org/SASL_README.html#client_sasl_enable http://www.postfix.org/SASL_README.html#client_sasl_policy smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = noanonymous > smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt > smtp_tls_CApath=/etc/ssl/certs > smtp_tls_security_level=may > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > smtp_use_tls = yes You should likely *enforce* TLS to the submission server. > smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination > smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key > smtpd_tls_security_level=may You're unlikely to need an SMTP server, you can just keep it listening only on the loopback interface, or disable it entirely. inet_interfaces = loopback-only master_service_disable = inet > ------- ------- ---=--- ------- ------- > /etc/postfix/generic > [hidden email] [hidden email] Fine. > /etc/postfix sasl_passwd > [smtp.newsguy.com] reader:XsecretX If you add a ":port" suffix to the relay setting, you should also add it here (the SASL password lookup key), and in the TLS policy file. For example: main.cf: smtp_tls_policy_maps = hash:/etc/postfix/tls-policy tls-policy: [smtp.newsguy.com]:587 secure -- Viktor. |
Free forum by Nabble | Edit this page |