NS8 smarthost address

rasi · July 28, 2023, 3:37pm

I have a permanent wireguard tunnel from a pfsense firewall to my VPS with a mail gateway. The VPS has a permanent address but I would like to smtp all mails to the gateway through the wireguard tunnel.
In NS7 this worked fine with [10.10.0.3]:25 as smarthost address. In NS8 this is not accepted, a FQDN is required. But then all mails would be transferred over WAN which I wouldn’t want.
Do I miss something or is there a workaround for this?

Cheers,
Ralph

Andy_Wismer · July 28, 2023, 4:03pm

Hi @rasi

You can set the FQDN on an internal DNS server, pointing to the VPS internal IP. The Internal DNS usually takes precedence over the extern, especially if using DNSmask or Unbound.

This forces the traffic through your VPN, as intended!

My 2 cents
Andy

rasi · July 28, 2023, 5:53pm

Hi,

thanks for the advise. But right now I have the impression that the smarthost entry is not used at all, not even with the correct FQDN for connecting to the mail gateway over WAN.

Cheers,
Ralph

rasi · July 29, 2023, 11:53am

I am not familiar with the containers. Where do I find the postfix file main.cf for editung the relayhost manually?

pike · July 29, 2023, 11:56am

In Nethserver products manual editing of the configuration files might lead to unpredictable results.

rasi · July 29, 2023, 12:18pm

HI, @pike,
is that true for NS8 also?
Here I can just enter a smarthost, what does not have any effect.
BTW, in another a bit older thread you have explained the difference between smarthost and relayhost. In fact I need to set a relayhost. So how can I do that if not manually?

rasi · July 29, 2023, 3:21pm

I found the solution myself. There is a directory mounted like this: /home/mail1/.local/share/containers/storage/volumes/postfix-custom/_data.
In this folder a *.cf file can be stored containing addons to postfix’ main.cf.
I defined the relayhost there. And it works!

pike · July 29, 2023, 3:24pm

I can’t say that for sure: for NS7, you have a tyrant above package management and daemon/service configuration for the OS you install, which is a customized CentOS 7.

NS8 is one o two steps farther from the OS, mostly because it’s a deamon/service with a webinterface for manage platform-specific containers.
So the deeper control is assumed over containers, but configuration file of daemon/service of the containers… easily could be overwritten when you change the configuration of the specific container/service/module.
The same might not totally be for the underlying OS (currently Debian 12?)… but again, still confident with the might lead to unpredictable results version

davidep · July 31, 2023, 7:19am

That’s right! Even if it is not too much promoted, it is documented here GitHub - NethServer/ns8-mail: NS8 Mail module with SMTP, IMAP, Spam/Virus filter

Editing the files from the host user/filesystem namespace might set wrong uid/gid ownership in files and dirs and is generally unadvisable.

The documented procedure uses a container that properly preserves the file ownership.