NS8 Smarthost for sending mail

I needed to configure a smarthost but I didn’t use smtp_tls_policy_maps so here is what I did for a working smarthost:

Enter the mail instance environment, in my case mail1:

runagent -m mail1

Create the file smarthost.cf by using vi in the container…

podman exec -ti postfix vi main.cf.d/smarthost.cf

…and add following content:

relayhost = [your.smarthost.tld]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = lmdb:/etc/postfix/main.cf.d/relay_pass
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_security_options =

Create the file relay_pass…

podman exec -ti postfix vi main.cf.d/relay_pass

…with following content like smarthost username:password:

your.smarthost.tld markus:SeCrEt

Create the lmdb file:

podman exec -ti postfix postmap main.cf.d/relay_pass

Restart postfix:

systemctl --user restart postfix

Hi @mrmarkuz, I did the steps and would like send a mail from CLI for testing… Could you please tell me the synthax?

P.S. I use Debian12 as OS.

Installing the mail command depends on a smtp server. (in the case of Debian exim is suggested). In the container one can install mail but I think it’s easier to just use a supported mail client like Roundcube for sending a test mail.

If you meant another Debian client and not the NS8 node, here is an explanation how to setup mail for sending a test mail.

Worked perfect, thank you! Tested sending and receiving with roundcube…

i made it to installing the postfix relay server from @mrmarkuz way to describe it. now the postfix try to send the Emails, but by trying to send it it comes to this situation
Apr 21 15:07:43 ns8 postfix/smtp[10116]: 2275B26C86D: to=kai40hh@gmx.de, relay=smtp.ionos.de[213.165.67.97]:465, delay=209, delays=189/0.05/20/0, dsn=4.4.2, status=deferred (lost connection with smtp.ionos.de[213.165.67.97] while receiving the initial server greeting)
any suggestions?

Let’s wait until the new Mail 1.4.0 app is ready. The modifications shouldn’t be necessary anymore.

EDIT:

Maybe wrong encryption?

i returned now the ns8 system to a state before i did the modifications for smtp relay. you think i should give it a try with the test repros? Also for, maybe a little helpful… ? i have to repros
“https://distfeed.nethserver.org/ns8/updates/”
"https://forge.nethserver.org/ns8/updates/ "
do i need to activate both?

Yes, just create a snapshot and give it a try.

No, just for the NethServer base repo (the distfeed one) activating testing is needed.
After activating there’s also a core update, I don’t know if it’s needed.

thanks a lot for your advice !!!

Moin @hucky,

“https://distfeed.nethserver.org/ns8/updates/”

On the right site of this is a Field with Name Testing. You must activate the Testing repro and then the field will be green. Then you can start with the installation of the new smtp modul.

Regards…

Uwe

i activate the repo and update the core and the mail app, is there something new for the configuration or is this all?

i saw there is a new entry at notification:
smarthost.configuration
smarthost.manual_configuration
smarthost.mail_app_instance
which one is the right for smtp relay?

Yes, there are relay rules in the mail app, see Nextcloud (ns8) email notify error - #20 by mrmarkuz

I think if you have mail server installed then smarthost.mail_app_instance is the right one. You can set the smarthost in the mail app now…

if i do the notification change to smarthost.mail_app_ instance i have no possibilities for give relay server adress and the mail dont leave the ques and i got an dont allowed to talk error, if i return to the smarthost_manual_configuration i can do it with a relay server, but it did not work, there is the same error like before.

Did you add a relay rule?

1035×573 29.7 KB

grafik385×733 14.8 KB

Revision Instanzmail1

Version1.4.0-dev.2

Please try to refresh the browser/clear browser cache or maybe switch to English in the browser.
It should be there in German too:

grafik388×668 14.7 KB

If that doesn’t work, maybe you need to remove the mail app and reinstall it for testing.

EDIT:

Thanks for testing!!!

grafik370×670 14.2 KB

here we go, now i have to check what to do ^^

thanks so much for your work and your support !!!

but unfortunately no luck with sending to the relay…
maillog says:
MTPS wrappermode (TCP port 465) requires setting “smtp_tls_wrappermode = yes”, and “smtp_tls_security_level = encrypt” (or stronger)
Apr 21 20:15:46 ns8 postfix/smtp[16535]: 48AA823CDCE: lost connection with smtp.ionos.de[213.165.67.113] while receiving the initial server greeting

You could try to add the options to a custom .cf file for example customtls.cf as explained here.

Content of customtls.cf:

smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

Good Morning, still no luck, also with the customtls.cf
i saw in a log this entrys
Apr 22 07:55:59 ns8 postfix/postqueue[32559]: warning: /etc/postfix/main.cf, line 145: overriding earlier entry: smtp_tls_security_level=may
Apr 22 07:55:59 ns8 postfix/showq[32560]: warning: /etc/postfix/main.cf, line 145: overriding earlier entry: smtp_tls_security_level=may
Apr 22 07:56:09 ns8 postfix/smtp[32539]: 48AA823CDCE: lost connection with smtp.ionos.de[213.165.67.97] while receiving the initial server greeting

After finding a bug in the main.cf i got these results now:
Untrusted TLS connection established to smtp.ionos.de[213.165.67.113]:465: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Apr 22 08:41:13 ns8 postfix/smtp[33572]: 48AA823CDCE: to=kai40hh@gmx.de, relay=smtp.ionos.de[213.165.67.113]:465, delay=50737, delays=50737/0/0.33/0, dsn=4.0.0, status=deferred (SASL authentication failed; server smtp.ionos.de[213.165.67.113] said: 535 Authentication credentials invalid)
Apr 22 08:41:13 ns8 postfix/postqueue[33640]: warning: /etc/postfix/main.cf, line 145: overriding earlier entry: smtp_tls_security_level=may

i saw in the configuration of the relay.title that the pw is always changed into “relay.unchanged” is this maybe a Problem?