So what are the advantages of configuring the external providers as smarthosts on NethServer?
IMO it seems hard to maintain each account credentials. This configuration requires additional development of Postfix configuration and UI forms; I’m still not sure it is worth the effort.
However I like new ideas 
Could you share the Postfix configuration you have on OpenSuse?
I had written an really long explanation but if I click on reply I get the following error message:
Sorry, new users can only mention 2 users in a post.
Can I send you a PM Davidep?
I don’t like PM 
Why not avoiding the mentions?
Sorry I do not know what as mention is interpreted.
A “mention” on Discourse is a @ followed by a username. A newly registered user has some limitations on the available features. Perhaps your text contains strings of that form?
Perhaps I explained the situation not detailed enough.
I have no idea how I can solve my situation without relaymaps and
sasl_passwd. If anybody has one please tell me.
The situation is the following. I cannot use only one smarthost because
all spamfilter would block the connection if you send mails with an open
relay.
So all mails have to send with the corresponding mailserver from which
domain you are sending the mail. Additional to that you have to
configure sasl_passwd for each emailaccount. I have replaced all @ with at.
So if you have the following emailadresses:
abcd at web.de
efgh at web.de
efgh at gmx.de
abcd at googlemail.com
efgh at googlemail.com
you have to send the one from abcd at web.de with the mailserver from
web.de with the smtp authentication user:abcd at webde pass: 123456
If you send from efgh at gmx.de the email has to send with the mailserver
from gmx.de with the corresponding authentication via smtp
I solved my situation by using sasl_passwd and relaymaps.
Here is an example strucure of both config files.
sasl_paswd:
Example:
username at foo.com username:password
relaymaps:
Example:
john at foo.com smtp.foo.com
main.cf:
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relaymaps
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
What have I to do for a persistent nethserver configuration?
Thank you for your help and being interested at my case.
I would like to know a solution as well. I have the same situation and couldn’t find the time to look further.
First of all I’m happy to say welcome on our community @Linux4All! Our community guy @alefattorini uses to greet newcomers every week but I bet he’s on holiday (as me and many others from Italy).
Before analyzing the configuration, I have a question here: why you say “open relay”? By default NethServer allows relaying only to authenticated clients. In other words it knows the sender identity before sending the message to an external domain.
This is exactly what the other mail providers do, gmail, for instance.
However I’m assuming you have a registered MX in DNS 
Davide, some providers needs 1:1 mapping between sending address “From:” and the auth credentials…
for example, almost all providers offering office365 services need so
for reference, take a look here: http://bugs.contribs.org/show_bug.cgi?id=9050
Thank you @zamboni for the hint!
@Linux4All could you confirm this is the scenario you’re fighting against ?
BTW I hope Linux will be 4all soon!
Thank you for friendly welcome 
That’s exactly what I fighting against and what I try to explain all the time.
Hopefully there will be a solution with Nethserver.
I tried a lot of distributions and SBS editions. Nethserver was the only one which survived more than 30 minutes
I think I will find some more enhancements which I need but the base is very good.
@davidep avidep: What can I do to have a persistent postfix config, until this feature is implemented, hopefully it will.
I’m glad to help you with custom templates, or any other mean. If we find a workable solution we could write down an howto “NethServer vs Office365”
I ask only to be patient, I’ll be back next days.
Cool! Thank you very much!
This is just an experiment, please let me know if it works for you!
This is an experiment DON’T use it on production
templates-custom, as reported in the comment
expand-template /etc/postfix/relaymaps
signal-event nethserver-mail-common-save
Hey @davidep thank you for the quick solution.
I tested with gmail.com and web.de
Gmail is working!
web.de throws the following error:
Dec 10 23:22:46 asterix default/smtp[19439]: warning: SASL authentication failure: No worthy mechs found
Dec 10 23:22:46 asterix default/smtp[19439]: 1E6A9A807E9: SASL authentication failed; cannot authenticate to server smtp.web.de[213.165.67.108]: no mechanism available
Dec 10 23:22:46 asterix default/smtp[19439]: warning: SASL authentication failure: No worthy mechs found
Dec 10 23:22:46 asterix default/smtp[19439]: 1E6A9A807E9: to=abc@nothing.com, relay=smtp.web.de[213.165.67.124]:25, delay=0.52, delays=0.3/0.01/0.2/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.web.de[213.165.67.124]: no mechanism available)
telnet to smtp.web.de 587 is working.
Do you have an idea whats wrong?
I tried to connect with your smtp proxy; on port 587 all seems OK:
$ openssl s_client -starttls smtp -crlf -connect smtp.web.de:587
[…]
250 STARTTLS
ehlo nethserver.org
250-web.de Hello nethserver.org [93.57.48.68]
250-SIZE 141557760
250 AUTH LOGIN PLAIN
Did you add one line for gmx.de to [tls_policy fragment][tls]?
[tls]:https://gist.githubusercontent.com/DavidePrincipi/b557fddba1554dabe857/raw/c54dcfd334bd29caf268011e0d674dabc22f8959/tls_policy
Edit: ok perhaps I got it:
It seems the port is wrong!
Whoa! that’s a great news
Sorry for the delay. I will do an update the next days. I am very busy at the moment.
Here my update:
With tls-enabled no mail could be send. You will get the following error message:
Dec 15 23:45:09 asterix default/smtp[11678]: warning: SASL authentication failure: No worthy mechs found
Dec 15 23:45:09 asterix default/smtp[11678]: 84BEEA8081B: SASL authentication failed; cannot authenticate to server smtp.gmail.com[173.194.65.109]: no mechanism available
Dec 15 23:45:10 asterix default/smtp[11678]: warning: SASL authentication failure: No worthy mechs found
Dec 15 23:45:10 asterix default/smtp[11678]: 84BEEA8081B: to=abcd@gmx.de, relay=smtp.gmail.com[173.194.65.108]:587, delay=0.88, delays=0.28/0/0.6/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[173.194.65.108]: no mechanism available)
Without TLS, gmail.com is working!
Other accounts won’t work with or without TLS. I get the same error message as above.
Thank you for your help!
The message to abcd@gmx.de is relayed to smtp.gmail.com, and is not what we expected. Could you fork NethServer mail configuration for Office365 (experimental) · GitHub and show your actual setup (of course, without secrets)?
A want to point out a limitation of the current setup: any authenticated user can send messages through any smarthost, because there’s no restriction on envelope sender address. Anyway we can address this problem in as a second step.