Perhaps I explained the situation not detailed enough.
I have no idea how I can solve my situation without relaymaps and
sasl_passwd. If anybody has one please tell me.
The situation is the following. I cannot use only one smarthost because
all spamfilter would block the connection if you send mails with an open
relay.
So all mails have to send with the corresponding mailserver from which
domain you are sending the mail. Additional to that you have to
configure sasl_passwd for each emailaccount. I have replaced all @ with at.
First of all Iām happy to say welcome on our community @Linux4All! Our community guy @alefattorini uses to greet newcomers every week but I bet heās on holiday (as me and many others from Italy).
Before analyzing the configuration, I have a question here: why you say āopen relayā? By default NethServer allows relaying only to authenticated clients. In other words it knows the sender identity before sending the message to an external domain.
This is exactly what the other mail providers do, gmail, for instance.
However Iām assuming you have a registered MX in DNS
Thatās exactly what I fighting against and what I try to explain all the time.
Hopefully there will be a solution with Nethserver.
I tried a lot of distributions and SBS editions. Nethserver was the only one which survived more than 30 minutes
I think I will find some more enhancements which I need but the base is very good.
@davidep avidep: What can I do to have a persistent postfix config, until this feature is implemented, hopefully it will.
Iām glad to help you with custom templates, or any other mean. If we find a workable solution we could write down an howto āNethServer vs Office365ā
I ask only to be patient, Iāll be back next days.
Dec 10 23:22:46 asterix default/smtp[19439]: warning: SASL authentication failure: No worthy mechs found
Dec 10 23:22:46 asterix default/smtp[19439]: 1E6A9A807E9: SASL authentication failed; cannot authenticate to server smtp.web.de[213.165.67.108]: no mechanism available
Dec 10 23:22:46 asterix default/smtp[19439]: warning: SASL authentication failure: No worthy mechs found
Dec 10 23:22:46 asterix default/smtp[19439]: 1E6A9A807E9: to=abc@nothing.com, relay=smtp.web.de[213.165.67.124]:25, delay=0.52, delays=0.3/0.01/0.2/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.web.de[213.165.67.124]: no mechanism available)
Here my update:
With tls-enabled no mail could be send. You will get the following error message:
Dec 15 23:45:09 asterix default/smtp[11678]: warning: SASL authentication failure: No worthy mechs found
Dec 15 23:45:09 asterix default/smtp[11678]: 84BEEA8081B: SASL authentication failed; cannot authenticate to server smtp.gmail.com[173.194.65.109]: no mechanism available
Dec 15 23:45:10 asterix default/smtp[11678]: warning: SASL authentication failure: No worthy mechs found
Dec 15 23:45:10 asterix default/smtp[11678]: 84BEEA8081B: to=abcd@gmx.de, relay=smtp.gmail.com[173.194.65.108]:587, delay=0.88, delays=0.28/0/0.6/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[173.194.65.108]: no mechanism available)
Without TLS, gmail.com is working!
Other accounts wonāt work with or without TLS. I get the same error message as above.
A want to point out a limitation of the current setup: any authenticated user can send messages through any smarthost, because thereās no restriction on envelope sender address. Anyway we can address this problem in as a second step.
That is correct because I am sending from my google account. In that case you have to use smtp.gmail.com as relayhost.
Does the config work at your testing environment?
I will check my opensuse environment if there is any other behavior.
It worked for a single gmail account. I canāt set up a more complex scenario at the moment. I suggest working on a fork of my gist repository and sharing your real-world configuration.
For what is my experience I usually configure just one smarthost that is: smtp.mydomain.xx or smtp.myisp.xx
Butā¦we have always said that NethServer is a multisite server so I think that is correct thinking about the availability of multiple smarthost configuration.
This can prevent SPAM blacklist and unsuccessfully SPF record check? Maybe.
This will mean that you can configure this from the user details page ?
Also this can be faund later in the LDAP if it is set (other than default) for each user ?