NethServer Version: NS8, Rocky Linux 9.6
Module: Mail 1.6.1
Module: WebTop 1.4.3
Module: Imapsync 1.1.0
Hello, I have issues with Mail-Relay Function:
As I understood from ns8-smarthost-for-sending-mail , the Mail-Relay should be usable for sending mails for different users via different external accounts.
Now I have to transfer the sending mails to several different accounts/hosts, where some of them are using the same host:port, but a different Authentication (user/PW).
(Actually I used a custom sender dependent relay function in NS7 via postfix custom files for sender_relayhost, sender_passwd, which I need now on NS8)
So I have about 10 different Relay-Rules:
Rule 1:
ruleType: Sender:
Sender: User1@domain.a
Hostname: MAILHOST.A:587
authentification: on
Username: Username1@domain.a (differnt from User1, but with same domain)
Password: <PW>
TLS: enforced
Rule 2:
ruleType: Sender:
Sender: User2@domain.a
Hostname: MAILHOST.A:587
authentification: on
Username: Username2@domain.a (different from User2@domain.a) - but with same domain
Password: <PW>
TLS: enforced
....
Situation A: Both (or all) Relay Rules active:
Now when User1 sends a mail (e.g. from Webtop) it gets correctly fowarded via the “smarthost” of RelayRule1:
Jul 14 02:28:07 main-ns8 postfix/smtpd[1146864]: connect from LOCAL_LAN_CLIENT[LOCAL_LAN_IP]
Jul 14 02:28:07 main-ns8 postfix/smtpd[1146864]: Anonymous TLS connection established from LOCAL_LAN_CLIENT[LOCAL_LAN_IP]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Jul 14 02:28:07 main-ns8 postfix/smtpd[1146864]: 9D397160C41D2: client=LOCAL_LAN_CLIENT[LOCAL_LAN_IP], sasl_method=PLAIN, sasl_username=USER1_AD_NAME
Jul 14 02:28:07 main-ns8 postfix/cleanup[1146872]: 9D397160C41D2: message-id=<b836957c-77e8-44a9-b662-0a911e0dd92b@aon.at>
Jul 14 02:28:12 main-ns8 postfix/qmgr[924582]: 9D397160C41D2: from=<USER1@DOMAIN.A>, size=915, nrcpt=1 (queue active)
Jul 14 02:28:12 main-ns8 postfix/smtp[1146895]: Untrusted TLS connection established to MAILHOST.A[IP_MAILHOST.A]:587: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Jul 14 02:28:14 main-ns8 postfix/smtp[1146895]: 9D397160C41D2: to=<USER1@DOMAIN.A>, relay=MAILHOST.A[IP_MAILHOST.A]:587, delay=6.7, delays=4.6/0.05/0.21/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4bgR7c3BDqzGrqnn)
Jul 14 02:28:14 main-ns8 postfix/qmgr[924582]: 9D397160C41D2: removed
Jul 14 02:28:17 main-ns8 postfix/smtpd[1146864]: disconnect from LOCAL_LAN_CLIENT[LOCAL_LAN_IP] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
When User2 sends a mail it gets rejected from foreign host
Jul 14 02:35:28 main-ns8 postfix/smtpd[1151579]: connect from cluster-localnode[10.5.4.1]
Jul 14 02:35:28 main-ns8 postfix/smtpd[1151579]: F2BC0160C41DA: client=cluster-localnode[10.5.4.1], sasl_method=LOGIN, sasl_username=angelika
Jul 14 02:35:29 main-ns8 postfix/cleanup[1151582]: F2BC0160C41DA: message-id=<1447675978.146.1752460528457@webtop>
Jul 14 02:35:30 main-ns8 postfix/qmgr[924582]: F2BC0160C41DA: from=<USER2@DOMAIN.A>, size=1365, nrcpt=1 (queue active)
Jul 14 02:35:30 main-ns8 postfix/smtpd[1151579]: disconnect from cluster-localnode[10.5.4.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Jul 14 02:35:30 main-ns8 postfix/smtp[1151584]: Untrusted TLS connection established to MAILHOST.A[IP_MAILHOST.A]:587: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Jul 14 02:35:31 main-ns8 postfix/smtp[1151584]: F2BC0160C41DA: to=<<MAIL_TARGET_ADDRESS@DOMAIN.A>>, relay=MAILHOST.A[IP_MAILHOST.A]:587, delay=2.2, delays=1.8/0.05/0.21/0.08, dsn=5.7.1, status=bounced (host MAILHOST.A[IP_MAILHOST.A] said: 553 5.7.1 <USER2@DOMAIN.A>: Sender address rejected: not owned by user USERNAME1 (in reply to RCPT TO command))
Jul 14 02:35:31 main-ns8 postfix/cleanup[1151582]: 0E56C160C41DB: message-id=<20250714023531.0E56C160C41DB@mail.wf1.dynip.online>
Jul 14 02:35:31 main-ns8 postfix/qmgr[924582]: 0E56C160C41DB: from=<>, size=4152, nrcpt=1 (queue active)
Jul 14 02:35:31 main-ns8 postfix/bounce[1151585]: F2BC0160C41DA: sender non-delivery notification: 0E56C160C41DB
Jul 14 02:35:31 main-ns8 postfix/qmgr[924582]: F2BC0160C41DA: removed
Jul 14 02:35:37 main-ns8 postfix/smtp[1151584]: 0E56C160C41DB: to=<USER2@DOMAIN.A>, relay=<??MAILRELAYHOST.A??>[IP_MAILRELAYHOST??]:25, delay=6.2, delays=0.04/0/6.2/0, dsn=4.7.1, status=deferred (host <??MAILRELAYHOST.A??>[IP_MAILRELAYHOST??] refused to talk to me: 220-<??MAILRELAYHOST.A??> ESMTP (1) 521 5.7.1 Service unavailable; client [<NS8_EXTERNAL_SERVER_IP>] blocked using zen.spamhaus.org)
From following line
Jul 14 02:35:31 main-ns8 postfix/smtp[1151584]: F2BC0160C41DA: to=<<MAIL_TARGET_ADDRESS@DOMAIN.A>>, relay=MAILHOST.A[IP_MAILHOST.A]:587, delay=2.2, delays=1.8/0.05/0.21/0.08, dsn=5.7.1, status=bounced (host MAILHOST.A[IP_MAILHOST.A] said: 553 5.7.1 <USER2@DOMAIN.A>: Sender address rejected: not owned by user USERNAME1 (in reply to RCPT TO command))
it can be deduced that postfix uses the wrong relay rule (still USERNAME1 is used, whereas actually USERNAME2 (for authentication via Rule 2) should be used.
Why at the and another error via the <??MAILRELAYHOST.A??> is coming, I don’t know either - but seems to be a followup issue after the first one - due to in situation B below it is working.
Situation B: Only relay rule for User2 is active - all other rules deactivated (on Mail-Relay NS8 GUI):
Now User2 can send mails without issues and they get forwarded as per mail-rule correctly
Jul 14 02:39:58 main-ns8 postfix/smtpd[1154637]: connect from cluster-localnode[10.5.4.1]
Jul 14 02:39:59 main-ns8 postfix/smtpd[1154637]: 0B151160C41E2: client=cluster-localnode[10.5.4.1], sasl_method=LOGIN, sasl_username=angelika
Jul 14 02:39:59 main-ns8 postfix/cleanup[1154641]: 0B151160C41E2: message-id=<1611342954.167.1752460798618@webtop>
Jul 14 02:40:00 main-ns8 postfix/qmgr[1154338]: 0B151160C41E2: from=<USER2@DOMAIN.A>, size=1362, nrcpt=1 (queue active)
Jul 14 02:40:00 main-ns8 postfix/smtpd[1154637]: disconnect from cluster-localnode[10.5.4.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Jul 14 02:40:00 main-ns8 postfix/smtp[1154647]: Untrusted TLS connection established to MAILHOST.A[IP_MAILHOST.A]:587: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Jul 14 02:40:02 main-ns8 postfix/smtp[1154647]: 0B151160C41E2: to=<<MAIL_TARGET_ADDRESS@DOMAIN.A>>, relay=MAILHOST.A[IP_MAILHOST.A]:587, delay=3.3, delays=1.3/0.06/0.19/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4bgRPD3kQdzGrqnr)
Jul 14 02:40:02 main-ns8 postfix/qmgr[1154338]: 0B151160C41E2: removed
Note the following regarding the authentication usernames:
"Username2@domain.a"
looks actually like "Username1.xxx_yyy@domain.a"
So Username2 has the Username1 as part of its username, but is appended with another string (actually the name connected via underscore)
Not sure this is relevant, but maybe…
But for some other mail rules, a completely different username is used (not composed out of username1), but still with same hostname:port for the external mail server (actually many rules - but not all - are for the same external mail provider).
So somehow it seems when multiple rules are active (maybe only with same Hostname:port for external mailserver?) - the wrong authentication (or even wrong relay rule - as the hostname:port is the same I cannot distinguish this really) is used?
How can I debug further here?
How can I make sure the correct rule is used for each user?
Many thanks for help in advance!