Relaymaps for outgoing mails to providers

Linux4All · 2015-12-04 22:40:01 UTC

Hello,
i am migrating from my opensuse to nethserver.
I need some settings for postfix for example relaymaps for outgoing mails to my providers web.de and gmx.de. Also I need saslauth for authenticating via smtp.

I learned that I have to use templates for persistent settings. But if I create a template in /etc/e-smith/templates-custom/etc/postfix/relaymaps/00relaymaps it isn’t used.
I have created a folder main.cf with a file called 70relay. That doesn’t work too.

Could you tell me in which logfile I have to look into to find some error?
What service do I have to restart to apply my changes in the template folder?

I am using Nethserver 6.7

Thank you for your help.

Benjamin

davidep · 2015-12-05 09:18:07 UTC

Did you try the smarthost settings in the web UI? Perhaps a custom template is not needed…

http://docs.nethserver.org/en/latest/mail.html#messages

Log files are
/var/log/maillog (described in the same link)
/var/log/messages

AFAIK relaymaps is not a template, thus the update events don’t expand it even if a custom-template is defined.

Linux4All · 2015-12-05 10:24:59 UTC

I need several smarthosts. One for Web.de, one for Google.com, …
This will only work with relaymaps in my opinion.

The logfiles are only for mail itself as far as I know.
I am searching for the logfiles which build the postfix config from the templates. Is there any?

Which process do I have to start to build the config from templates ?

Thanks

davidep · 2015-12-05 10:27:55 UTC

This is not implemented at he moment. Could you explain your use case in depth? Why multiple smarthosts are needed?

Linux4All · 2015-12-05 11:10:24 UTC

I use nethserver as my one mailserver for incoming and outgoing Mails. I do not want to allow my Clients a direct connection to the providers via smtp. All Emails must pass my nethserver.

davidep · 2015-12-05 11:51:39 UTC

This is a common scenario, but I still don’t get why multiple smarthosts are needed

AFAIK the typical setup is:

authenticated/authorized clients send mail through the submission port of NethServer.
NethServer relays messages (with o without smart host)
The network firewall blocks mail ports to clients

alefattorini · 2015-12-05 14:51:00 UTC

I’m curious too, others asked it in the past but I can’t get the need. One smarthost isn’t enough?

Linux4All · 2015-12-06 10:19:20 UTC

I have to authenticate on some smtp servers.
Where can I define the credentials for these domains?
I found only one at the smarthost configuration.

These szenario exists mostly with freemail accounts.
Example: User1 has an account at google.com.
User2 has an account at gmx.com
Both have to authenticate before they can use the smtp from these providers.

zamboni · 2015-12-06 10:57:59 UTC

this doesn’t answer to the question: why do you need to auth to many external smtp servers?

I mean: usually you need only a single smarthost… this is true in 99% of cases… I know that if you’re using a solution like office365 it won’t work, as you must auth each user with its own credentials (this is how at Redmond try to fight spam…)

davidep · 2015-12-06 16:32:04 UTC

So what are the advantages of configuring the external providers as smarthosts on NethServer?

IMO it seems hard to maintain each account credentials. This configuration requires additional development of Postfix configuration and UI forms; I’m still not sure it is worth the effort.

However I like new ideas Could you share the Postfix configuration you have on OpenSuse?

Linux4All · 2015-12-06 21:25:12 UTC

I had written an really long explanation but if I click on reply I get the following error message:
Sorry, new users can only mention 2 users in a post.

Can I send you a PM Davidep?

davidep · 2015-12-06 21:58:06 UTC

I don’t like PM

Why not avoiding the mentions?

Linux4All · 2015-12-06 22:34:12 UTC

Sorry I do not know what as mention is interpreted.

davidep · 2015-12-07 08:06:56 UTC

A “mention” on Discourse is a @ followed by a username. A newly registered user has some limitations on the available features. Perhaps your text contains strings of that form?

Linux4All · 2015-12-07 22:25:07 UTC

Perhaps I explained the situation not detailed enough.
I have no idea how I can solve my situation without relaymaps and
sasl_passwd. If anybody has one please tell me.

The situation is the following. I cannot use only one smarthost because
all spamfilter would block the connection if you send mails with an open
relay.
So all mails have to send with the corresponding mailserver from which
domain you are sending the mail. Additional to that you have to
configure sasl_passwd for each emailaccount. I have replaced all @ with at.

So if you have the following emailadresses:
abcd at web.de
efgh at web.de
efgh at gmx.de
abcd at googlemail.com
efgh at googlemail.com

you have to send the one from abcd at web.de with the mailserver from
web.de with the smtp authentication user:abcd at webde pass: 123456

If you send from efgh at gmx.de the email has to send with the mailserver
from gmx.de with the corresponding authentication via smtp

I solved my situation by using sasl_passwd and relaymaps.
Here is an example strucure of both config files.

sasl_paswd:
Example:
username at foo.com username:password

relaymaps:
Example:
john at foo.com smtp.foo.com

main.cf:
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relaymaps
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

What have I to do for a persistent nethserver configuration?

Thank you for your help and being interested at my case.

WillZen · 2015-12-08 08:47:32 UTC

I would like to know a solution as well. I have the same situation and couldn’t find the time to look further.

davidep · 2015-12-08 09:28:14 UTC

First of all I’m happy to say welcome on our community @Linux4All! Our community guy @alefattorini uses to greet newcomers every week but I bet he’s on holiday (as me and many others from Italy).

Before analyzing the configuration, I have a question here: why you say “open relay”? By default NethServer allows relaying only to authenticated clients. In other words it knows the sender identity before sending the message to an external domain.

This is exactly what the other mail providers do, gmail, for instance.

However I’m assuming you have a registered MX in DNS

zamboni · 2015-12-08 09:37:44 UTC

Davide, some providers needs 1:1 mapping between sending address “From:” and the auth credentials…

for example, almost all providers offering office365 services need so

for reference, take a look here: http://bugs.contribs.org/show_bug.cgi?id=9050

davidep · 2015-12-08 09:52:26 UTC

Thank you @zamboni for the hint!

@Linux4All could you confirm this is the scenario you’re fighting against ?

BTW I hope Linux will be 4all soon!

Linux4All · 2015-12-08 20:33:43 UTC

Thank you for friendly welcome

That’s exactly what I fighting against and what I try to explain all the time.
Hopefully there will be a solution with Nethserver.
I tried a lot of distributions and SBS editions. Nethserver was the only one which survived more than 30 minutes
I think I will find some more enhancements which I need but the base is very good.

@davidep avidep: What can I do to have a persistent postfix config, until this feature is implemented, hopefully it will.