Using Postfix to send home server alerts

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Using Postfix to send home server alerts

Ian Evans
Hi,

Just looking for a pointer to a recommended tutorial on setting up Postfix as a send only service to be able to send alert emails from a home server like smartmontools drive warnings etc.

I have seen several tutorials that touch on this, but the part I'm not clear on is the FQDN setting. It's home server so it doesn't have a public domain name. If my dynamic DNS provider reaches my home server at myhome.example.com, would that be the FQDN?

If this makes it easier, I do have a fully functional Postfix mail server on my website server. Is there a way for the home server to send its alert emails via the business server? Or should the home send-only Postfix send through Gmail somehow? 

Thanks. 
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Ansgar Wiechers
On 2020-02-14 Ian Evans wrote:
> Just looking for a pointer to a recommended tutorial on setting up
> Postfix as a send only service to be able to send alert emails from a
> home server like smartmontools drive warnings etc.

What you're looking for is called a "null client."

<http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client>

> If this makes it easier, I do have a fully functional Postfix mail
> server on my website server. Is there a way for the home server to
> send its alert emails via the business server?

Yes. Configure that server as the relayhost on your null client. You may
want to set up authentication between the client and server too.

<http://www.postfix.org/SASL_README.html>

> Or should the home send-only Postfix send through Gmail somehow?

That would be another option, yes.

<https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/>

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Peter Ajamian
In reply to this post by Ian Evans
On 15/02/20 10:31 am, Ian Evans wrote:

> Hi,
>
> Just looking for a pointer to a recommended tutorial on setting up
> Postfix as a send only service to be able to send alert emails from a
> home server like smartmontools drive warnings etc.
>
> If this makes it easier, I do have a fully functional Postfix mail
> server on my website server. Is there a way for the home server to send
> its alert emails via the business server? Or should the home send-only
> Postfix send through Gmail somehow?

You're basically asking postfix to fill the roll of a null mailer.
Postfix can do this but there are other tools that are simpler to
configure and better suited to that roll.  I recommend msmtp:

https://marlam.de/msmtp/


Peter
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Chris Green-11
On Sat, Feb 15, 2020 at 07:59:21PM +1300, Peter wrote:

> On 15/02/20 10:31 am, Ian Evans wrote:
> > Hi,
> >
> > Just looking for a pointer to a recommended tutorial on setting up
> > Postfix as a send only service to be able to send alert emails from a
> > home server like smartmontools drive warnings etc.
> >
> > If this makes it easier, I do have a fully functional Postfix mail
> > server on my website server. Is there a way for the home server to send
> > its alert emails via the business server? Or should the home send-only
> > Postfix send through Gmail somehow?
>
> You're basically asking postfix to fill the roll of a null mailer. Postfix
> can do this but there are other tools that are simpler to configure and
> better suited to that roll.  I recommend msmtp:
>
> https://marlam.de/msmtp/
>
I'm not totally convinced that any of the simple/null mailers does the
job either easily or well.  I have a Beaglebone Black SBC on a small
boat in France and it records data such as the battery voltages.  I
needed to set up outgoing mail so that if/when things went wrong I
would receive E-Mail telling me.  After trying several 'simple'
mailers I ended up installing Postfix and, after somw quite simple
configuration, it has 'just worked' ever since.

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Ian Evans


On Sat, Feb 15, 2020, 11:09 AM Chris Green, <[hidden email]> wrote:
On Sat, Feb 15, 2020 at 07:59:21PM +1300, Peter wrote:
> On 15/02/20 10:31 am, Ian Evans wrote:
> > Hi,
> >
> > Just looking for a pointer to a recommended tutorial on setting up
> > Postfix as a send only service to be able to send alert emails from a
> > home server like smartmontools drive warnings etc.
> >
> > If this makes it easier, I do have a fully functional Postfix mail
> > server on my website server. Is there a way for the home server to send
> > its alert emails via the business server? Or should the home send-only
> > Postfix send through Gmail somehow?
>
> You're basically asking postfix to fill the roll of a null mailer. Postfix
> can do this but there are other tools that are simpler to configure and
> better suited to that roll.  I recommend msmtp:
>
> https://marlam.de/msmtp/
>
I'm not totally convinced that any of the simple/null mailers does the
job either easily or well.  I have a Beaglebone Black SBC on a small
boat in France and it records data such as the battery voltages.  I
needed to set up outgoing mail so that if/when things went wrong I
would receive E-Mail telling me.  After trying several 'simple'
mailers I ended up installing Postfix and, after somw quite simple
configuration, it has 'just worked' ever since.

--
Chris Green

Thanks. Getting back to another part of my question, it's a bit unclear what I should set as the myhostname and mydomain in the config files. 

The machine name is buster. But its dynamic DNS address is anothername.example.com.
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Bob Proulx
In reply to this post by Ian Evans
Ian Evans wrote:
> Just looking for a pointer to a recommended tutorial on setting up Postfix
> as a send only service to be able to send alert emails from a home server
> like smartmontools drive warnings etc.

The problem won't be finding one.  The problem will be finding less
than several dozen.  And selecting a "good" one from the collection.

> I have seen several tutorials that touch on this, but the part I'm not
> clear on is the FQDN setting. It's home server so it doesn't have a public
> domain name.

If everything is completely private on a local area network then one
can generate any random thing.  But since you are wanting to interact
on the global public Internet wide area network then you must use an
existing valid domain name.

> If my dynamic DNS provider reaches my home server at
> myhome.example.com, would that be the FQDN?

I suggest yes.  Since the dynamic dns provider "example.com" is a
valid domain name and they are providing you with the valid FQDN name
of "myhome.example.com" then yes that would be okay to use that name
as your FQDN in this case.  I say suggest because there are many ways
to do things and this is simply one possible way.

However there are limitations.  I will avoid trying to describe all of
the possibilities.  But just note that things stretch to a certain
extent.  If stretched too far then anything breaks.  But in exactly
the above case you are talking about this will work.

I am going to suggest something different.  You have a web site and it
has a domain name.  Or you will have your own domain name for many
reasons.  You might want to use one of those.  So *either* the dynamic
dns provider name as above *or* use a name from a domain you own.  In
either case relay through your Internet server.

> If this makes it easier, I do have a fully functional Postfix mail server
> on my website server. Is there a way for the home server to send its alert
> emails via the business server? Or should the home send-only Postfix send
> through Gmail somehow?

Using your website server solves a very important problem.  The
problem of needing either 1) a static IP address assignment of an IP
address that is not going to be blocked by the receiving end for being
in a dynamic address space or being in a blocked IP space And/Or 2)
needing to control both systems on the ends of the network connection
so that the remote client can authenticate and authorize the sending
of email from a dynamic IP address to the server.  Therefore if it
were me in your position I would use your website server to receive
the email connection from your home client.  And then have the website
server send the mail to Gmail or wherever.  (Google may still be a
problem for robustly accepting the email.  They often are.  But can
only start somewhere and then cross each bridge problem as you come to
them.)

Your myhome.example.com client will not be able to send to Google's
Gmail or practically anywhere else because it will have a dynamic IP
assignment.  As a practical matter almost every mail service blocks
mail from dynamic IP address assignments.  To block hostile agents
abusing the network from virus infected systems and other compromised
devices.  Soo...  Don't even try it.  It will just be an exercise in
frustration for you.

Your business server website will have a static IP assignment.  That
will allow it to send email to other systems on the Internet such as
Google's Gmail.  It can operate as your mail relay.  It can be
configured to authorize mail from your home dynamic IP client and your
home dynamic IP client can be configured to authenticate to it.

With your dynamic IP home client authenticating to your website server
and your website server authorizing the email relay then automated
notifications from your home client can be sent to your Gmail
account.  That will work.  That is probably the best way for you to
configure your setup.

Hopefully that clears up the problems you will face.  With that
discussion in place the next question you SHOULD be asking is what is
the simplest and most robust way for you to set up the communication
connection between your home client and your Internet server in order
to authenticate your client and authorize the relay of mail through
the server?  That is the much more interesting discussion to have
here.  Because there are several possibilities with pros and cons to
the selection.  SASL with shared private keys?  Public keys using
certificates?  Encrypted or non-encrypted connections?  VPN?  Several
good possibilities to choose from in just as many sentences.

Personally for exactly the situation you are describing I think the
easiest and simplest is using a VPN.  A VPN (virtual private network)
connects over the Internet my remote dynamic IP clients with my static
IP server.  Then I configure Postfix to send the remote client email
over the VPN.  The server allows local (vpn-local) network connections
(permit_mynetworks) and relays the mail.  The authentication and
authorization is done by the VPN connection.  All communication over
the VPN is fully encrypted.  So for me that is one easy way to set
things up.  And then the VPN is useful for other aspects of the
problem such as being able to connect out to the remote client over
the VPN too.  Since the VPN is connecting to your Internet server this
allows you to use either the FQDN of the dynamic dns provider or to
use a FQDN of own domain name.  Since the VPN is connecting your
systems.  A good all purpose VPN suggestion would be OpenVPN but a
very simple and effective one might be 'sshuttle' or 'autossh' to set
up a tunnel.  Three good possibilities in that one sentence.  In
different places I have made good use of all three of those.  Pros and
cons to each.

The best solution for you is the one you understand the best.  That is
the one you can manage the easiest.

Sorry if one question begets quite a few more.  But that is the nature
of these things! :-)

Bob
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Ian Evans


On Sat, Feb 15, 2020, 1:55 PM Bob Proulx, <[hidden email]> wrote:
Ian Evans wrote:
> Just looking for a pointer to a recommended tutorial on setting up Postfix
> as a send only service to be able to send alert emails from a home server
> like smartmontools drive warnings etc.

The problem won't be finding one.  The problem will be finding less
than several dozen.  And selecting a "good" one from the collection.

> I have seen several tutorials that touch on this, but the part I'm not
> clear on is the FQDN setting. It's home server so it doesn't have a public
> domain name.

If everything is completely private on a local area network then one
can generate any random thing.  But since you are wanting to interact
on the global public Internet wide area network then you must use an
existing valid domain name.

> If my dynamic DNS provider reaches my home server at
> myhome.example.com, would that be the FQDN?

I suggest yes.  Since the dynamic dns provider "example.com" is a
valid domain name and they are providing you with the valid FQDN name
of "myhome.example.com" then yes that would be okay to use that name
as your FQDN in this case.  I say suggest because there are many ways
to do things and this is simply one possible way.

However there are limitations.  I will avoid trying to describe all of
the possibilities.  But just note that things stretch to a certain
extent.  If stretched too far then anything breaks.  But in exactly
the above case you are talking about this will work.

I am going to suggest something different.  You have a web site and it
has a domain name.  Or you will have your own domain name for many
reasons.  You might want to use one of those.  So *either* the dynamic
dns provider name as above *or* use a name from a domain you own.  In
either case relay through your Internet server.

> If this makes it easier, I do have a fully functional Postfix mail server
> on my website server. Is there a way for the home server to send its alert
> emails via the business server? Or should the home send-only Postfix send
> through Gmail somehow?

Using your website server solves a very important problem.  The
problem of needing either 1) a static IP address assignment of an IP
address that is not going to be blocked by the receiving end for being
in a dynamic address space or being in a blocked IP space And/Or 2)
needing to control both systems on the ends of the network connection
so that the remote client can authenticate and authorize the sending
of email from a dynamic IP address to the server.  Therefore if it
were me in your position I would use your website server to receive
the email connection from your home client.  And then have the website
server send the mail to Gmail or wherever.  (Google may still be a
problem for robustly accepting the email.  They often are.  But can
only start somewhere and then cross each bridge problem as you come to
them.)

Your myhome.example.com client will not be able to send to Google's
Gmail or practically anywhere else because it will have a dynamic IP
assignment.  As a practical matter almost every mail service blocks
mail from dynamic IP address assignments.  To block hostile agents
abusing the network from virus infected systems and other compromised
devices.  Soo...  Don't even try it.  It will just be an exercise in
frustration for you.

Your business server website will have a static IP assignment.  That
will allow it to send email to other systems on the Internet such as
Google's Gmail.  It can operate as your mail relay.  It can be
configured to authorize mail from your home dynamic IP client and your
home dynamic IP client can be configured to authenticate to it.

With your dynamic IP home client authenticating to your website server
and your website server authorizing the email relay then automated
notifications from your home client can be sent to your Gmail
account.  That will work.  That is probably the best way for you to
configure your setup.

Hopefully that clears up the problems you will face.  With that
discussion in place the next question you SHOULD be asking is what is
the simplest and most robust way for you to set up the communication
connection between your home client and your Internet server in order
to authenticate your client and authorize the relay of mail through
the server?  That is the much more interesting discussion to have
here.  Because there are several possibilities with pros and cons to
the selection.  SASL with shared private keys?  Public keys using
certificates?  Encrypted or non-encrypted connections?  VPN?  Several
good possibilities to choose from in just as many sentences.

Personally for exactly the situation you are describing I think the
easiest and simplest is using a VPN.  A VPN (virtual private network)
connects over the Internet my remote dynamic IP clients with my static
IP server.  Then I configure Postfix to send the remote client email
over the VPN.  The server allows local (vpn-local) network connections
(permit_mynetworks) and relays the mail.  The authentication and
authorization is done by the VPN connection.  All communication over
the VPN is fully encrypted.  So for me that is one easy way to set
things up.  And then the VPN is useful for other aspects of the
problem such as being able to connect out to the remote client over
the VPN too.  Since the VPN is connecting to your Internet server this
allows you to use either the FQDN of the dynamic dns provider or to
use a FQDN of own domain name.  Since the VPN is connecting your
systems.  A good all purpose VPN suggestion would be OpenVPN but a
very simple and effective one might be 'sshuttle' or 'autossh' to set
up a tunnel.  Three good possibilities in that one sentence.  In
different places I have made good use of all three of those.  Pros and
cons to each.

The best solution for you is the one you understand the best.  That is
the one you can manage the easiest.

Sorry if one question begets quite a few more.  But that is the nature
of these things! :-)

Bob

Egads. 😊

You're right. A million questions and not a "will have this project finished in half an hour." Will have to set aside a clearer weekend day. 

It's so easy for projects like, say, zoneminder to say "check this box to send alerts" without putting a giant asterisk next to it and suggesting you'll need to invest in a lot of coffee. 

Thanks for outlining possible solutions. I'll look into them soon. 
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Bob Proulx
Ian Evans wrote:
> Bob Proulx wrote:
> > The best solution for you is the one you understand the best.  That is
> > the one you can manage the easiest.
> >
> > Sorry if one question begets quite a few more.  But that is the nature
> > of these things! :-)
>
> Egads. 😊

Sorry! :-)

> You're right. A million questions and not a "will have this project
> finished in half an hour." Will have to set aside a clearer weekend day.
>
> It's so easy for projects like, say, zoneminder to say "check this box to
> send alerts" without putting a giant asterisk next to it and suggesting
> you'll need to invest in a lot of coffee.
>
> Thanks for outlining possible solutions. I'll look into them soon.

Another possibility I didn't think to write originally is this.  Since
you are already using a Gmail account and wanting to deliver to your
own account there.

Configure your dynamic IP home client to login into Gmail using your
Google credentials and send mail that way.  It might work for you just
fine and be a simpler solution for you than other things.

Search the web for HOWTO Configure Postfix To Send Mail Using Gmail.
That should turn up a number of guides on the topic!  Might be just
what you need.

Bob
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Larry Stone
In an earlier note, Bob Proulx said "The best solution for you is the one you understand the best.  That is
the one you can manage the easiest.” For me, for historical reasons, that has been Postfix.

For several years, I ran a full-fledged Postfix server on a Macintosh running at home. Static IP on DSL. Worked great. About four years ago, the cost to keep the DSL at a decent speed was getting too high so I switched to cable with a dynamic IP and outsourced the mail and web hosting of my domain.

But I had processes running on the computer at home that needed to send mail. Easiest thing was to just leave Postfix running and as the cable company does not allow outgoing to port 25, have Postfix relay to my new mail provider using relayhost to the submission port. Other than adding relayhost and a password file referenced by smtp_sasl_password_maps, the only other change I needed to make to Postfix was to add Cyrus SASL (I has been using dovecot for smtpd but only Cyrus is supported for smtp (client)).

Even though my computer at home is now on dynamic IP, it has a host name in my domain. The IP address has only changed once in those four years and one of those processes lets me know if it changes so I can quickly update DNS.

Most of the processes on my computer send via the Postfix sendmail command although there is one that sends via SMTP so having a local STMP daemon is important (it looks like MSMTP that Peter recommended only works as sendmail command replacement).

I’ve only had one issue which is one of those processes at home tries to send me a text message via T-Mobile’s email to text gateway (send email to [hidden email]). At some point in the last year, they started detecting that the mail was being double-relayed (home to mail ISP and the mail ISP to them) and rejecting it. My workaround is to have that process send directly to my mail ISP via CURL but that’s error-prone as a network outage will cause it to fail rather than being held for retry (but since this process retrieves mail from the mail ISP via fetchmail, analyzes it for some keywords, and immediately send the mail via CURL, the outage would have to happen in that fraction of a second between fetch and send). But I just tried it right now via the Sendmail command and it worked so maybe T-Mobile realized that this was rejecting too much legitimate messages.

--
Larry Stone
[hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Chris Green-11
In reply to this post by Ian Evans
On Sat, Feb 15, 2020 at 01:53:37PM -0500, Ian Evans wrote:

>      > [2]https://marlam.de/msmtp/
>      >
>      I'm not totally convinced that any of the simple/null mailers does
>      the
>      job either easily or well.  I have a Beaglebone Black SBC on a small
>      boat in France and it records data such as the battery voltages.  I
>      needed to set up outgoing mail so that if/when things went wrong I
>      would receive E-Mail telling me.  After trying several 'simple'
>      mailers I ended up installing Postfix and, after somw quite simple
>      configuration, it has 'just worked' ever since.
>      --
>      Chris Green
>
>    Thanks. Getting back to another part of my question, it's a bit unclear
>    what I should set as the myhostname and mydomain in the config files.
>    The machine name is buster. But its dynamic DNS address is
>    [3]anothername.example.com.
>
My Beaglebone Black is connected via a WiFi hotspot and isn't visible
from outside at all.  I just have myhostname set to a subdomain of a
domain I own, mydomain isn't explicitly set at all.

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: Using Postfix to send home server alerts

Chris Green-11
On Sat, Feb 15, 2020 at 09:23:18PM +0000, Chris Green wrote:

> On Sat, Feb 15, 2020 at 01:53:37PM -0500, Ian Evans wrote:
> >      > [2]https://marlam.de/msmtp/
> >      >
> >      I'm not totally convinced that any of the simple/null mailers does
> >      the
> >      job either easily or well.  I have a Beaglebone Black SBC on a small
> >      boat in France and it records data such as the battery voltages.  I
> >      needed to set up outgoing mail so that if/when things went wrong I
> >      would receive E-Mail telling me.  After trying several 'simple'
> >      mailers I ended up installing Postfix and, after somw quite simple
> >      configuration, it has 'just worked' ever since.
> >      --
> >      Chris Green
> >
> >    Thanks. Getting back to another part of my question, it's a bit unclear
> >    what I should set as the myhostname and mydomain in the config files.
> >    The machine name is buster. But its dynamic DNS address is
> >    [3]anothername.example.com.
> >
> My Beaglebone Black is connected via a WiFi hotspot and isn't visible
> from outside at all.  I just have myhostname set to a subdomain of a
> domain I own, mydomain isn't explicitly set at all.
>
More to the point I see I have a comment at the top of main.cf that
says:-

# N.B. for the aliases in /etc/aliases to work (and thus for cron errors to get
# sent to me) the value in myorigin must match one of the entries in mydestination


--
Chris Green