Setup Mail Relay server

,

I have setup a nethserver with internal domain mydomain.local. Now my boss asked, me to setup a mailrelay server that is between our domain users and our external mailserver hosted at a provider. He does not want us to host a mailserver ourselves. Thats a pitty, as for my private domain, I already have setup a mailserver with postfix, dovecot and rspamd on a gentoo server, and it works very nice.

Anyway - is it possible, to configure nethserver to sit inbetween and fetch mails from our official domain from our mailhosting server, scan them with rspamd, and deliver them to our users, and then get mails from our users, to forward them to the mailhoster so they are sent by the hosted mailserver?

How would I set this up, if possible?

It’s not the best configuration, but you can download and scan emails with POP3 Connector (http://docs.nethserver.org/en/latest/pop3_connector.html) and then send them to users.

For sending, you can try to configure a smarthost, and force NethServer to use it. Refer here: http://docs.nethserver.org/en/v7/mail.html#smarthost

Or as an alternative, use the POP3 Proxy (http://docs.nethserver.org/en/v7/pop3_proxy.html)

Cheers.

Thanks for your suggestions, from reading in documentation, POP3 proxy seems interesting, but as it will not be ported to the new server manager, I will first try out POP3 connector. After creating it, I see mails under: /var/lib/nethserver/vmail/username@local.domain/Maildir/new.

Then I was successful configuring thunderbird to see those fetched mails. I also installed roundcube webmail (when will the new version 1.4.2 with excellent elastic skin be available in nethserver?), and can see incoming mails there, so this works. What I still need to figure out though, is if I can send through smarthost, as this does not work yet.

What I don’t understand is, how this is meant to work. First I only put hostname: smtp.external.comain and port: 587 in smarthost configuration, thinking of every user has to send mails with his indivitial username and password. I thought, logically the credentials put in connector would be used.

Result was: sender rejected, authentication required (420).

I then configured my mail account credentials for testing purpose within smarthost settings. This time the error was: sender rejected, invalid domain (430).

The hosted mail server does not allow unauthenticated mail sending, so how can I configure nethserver so it sends mails with credentials provided in connector settings? And even if this would be possible, do we really need an external domain for being able to enable our nethserver to relay mails to our external hoster? I mean, isn’t it possible that nethserver acts as a mailclient and connects to smtp server for sending mails, just like every mailclient would do? I hope, there is some configuration change possible to accomplish that :sweat:

I can’t find the reply right now, but it has been stated that even with the (new) Cockpit based interface now the one being enhanced, the original interface would not be going away.

Cheers.

Hi EddieA,

ok, thanks for information. But as for retreiving mails with POP3 connector, which is configurable in cockpit interface, works fine, I would rather try to enable sending mails through smarthost. I hope, someone can help me on that. If thats not possible at all, I may consider POP3 proxy.

Hi
I usually have a fixed IP Adress at my clients, but a couple have dynamic IP Adresses and a external webhoster. These are in a similiar position as you are.

The Domain and Mail are hosted externally.

Mail is picked up by NethServer and the POP3 Connector, which drops the picked up mails from the provider into the corresponding local account.

The NethServer sends all mail using it’s Smarthost.
On the external Webhost, a user was created with the username smtpuser (not important) and a corresponding password SMTPUSER-PASSWORD.

Here are the settings in NethServer.
Note: The provider here allows Authentification on Port 25, no need for using 587 or whatever…
Here the provider also requires a USER@DOMAIN type Username, check your provider what is required.
Tip: Check instructions like manual installation for thunderbird from your Hosting-Provider

The said user can send mails for ALL the local users. The server sees the user as authenticated, and the passed maildommain is registered and OK, so it’s passed…

This works quite well.

My client even moved the whole setup 100km, new local provider for internet, and everything works!

My 2 cents
Andy

Its a good idea, to have a user created named smtpuser for expample. But having tested it with my user, the hosted server complained, because mydomain.local is not a valid domain. (sender rejected, invalid domain (430)

We have registered a domain company.work. So I would like to use this domain as registered and valid sender domain. But how would I setup this within nethserver, so it does not use the internal domain, but said external and valid domain?

Correctly configuring the email client. Login name and email address should not be the same.

I just configured the nethserver to be as though “officially” in the domain.
Under Servername…
This should be done BEFORE setting up an Account Provider (much easier!)

Then the correct domain name are amended in NethServer, and the Provider-Server sees the correct names.

In the last 20 years I have NEVER set up a server with the domain name .local.
I always used correct domain names, added all external DNS names to the local DNS, and everything works…

My 2 cents

Andy

Hi pike, yes, I am trying to find out, what the correct mailclient configuration may be. login name and adress are not set the same. As my mailclient connects to local mailserver dc.mylocaldomain.local, I have to setup the credentials of the active directory user, right? But then I get answer of the hosted serve: sender rejected, invalid domain (430).

On my local client I have set the following smtp settings:
server: localhostname.localdomain.local
connection security: STARTTLS
Port 587
username: localdomainuser@localdomain.local

Smarthost:
Hostname: smpt.externelmaildomain
Port 587
username: myexternalmailadress (temporary to test, later I will request a generic mailuser for production)
Password: Mymailpassword of the external mailserver.

And aparently the mail is trying to be sent through smarthost, elseway I would not get a replay from the hosted mailserver.

Andy_Wismer, configuring our external domain would probably not be correct, as it is hosted externally, so neither our webserver nor our mailserver are hosted by us. We have two different external providers for that.

I just dont know, how I can configure smarthost or my local mailclients smtp settings in order to have it send the mail correctly, as the hosted mailserver expects it coming from a real domain. Is it not possible that smarthost acts as a mailclient, and just connects to hosted mailserver just as thunderbird would do? Is for smarthost configuration really a working external domain necessary? Do I have to set an alias somewhere? Why is smarthost passing mylocaldomain.local as sending domain?

You’re right in th sense that’s it’s not 100% correct. DNS Wise, but then again, for that to be correct requires a fix IP for mail, and that your boss doesn’t want.

My solution does work, however. The server isn’t directly accessible from the internet, no one will access it for web or mail (even another mailserver). It isn’t accessible.

You do need to make all needed DNS entries (All your provider has!) and point them to the right IP - basically a copy of what the external (and authoritive) DNS server has.

However, as your server is called SERVERNAME.YOURDOMAIN.COM, that’s what your server will send, and that will be accepted by your provider.

The Trick is getting (almost) all DNS right. Mail would point for clients to your NethServer, the NethServer points with smarthost to the external provider.

But this concept works for currently three of my clients. External hosting provider, external mail provider (both the same), and someone else as Internetprovider. Internally, Mail appear on the nethServer, the external DNS MX points to the provider as until now…

Note 2:
As it’s not working as is, you’ve almost nothing besides a few minutes to lose!
The config can be easily manually restored…
A full backup or image would be nicer for safety reasons.

My 2 cents
Andy

Do I understand you correctly? You mean, recreate domain with our external domain? I’d rather not do that., because even if my server would act as it is hosting the external domain, the certificate is only a self signed one, and then again, we have two external hosters, one for the website and one for mail hosting. So its not so easy to setup it up this way. And I don’t want to mess with existing external and productive infrastructure.

I still dont understand, why smarthost cannot act like a mailclient would. Just connect with the (external) credentials, I have configured in POP3 connector, and act as a mailclient, just send mail as thunderbird would do, when configured to send directly connecting to hosted mailserver. Is smarthost not configurable to do just that?

If that s not possible, I only see two other options to try: POP3 Proxy - although I hesitate, as it is not configurable within cockpit, so it seems it will sometime be depricated, or to register a real domain, like ourdomain.work, so we would have ourdomain.com untouched, and ourdomain.work for our nethserver, officially registered and with letsencrypt certificate and everything.

ourdomain.work would relieve you of plenty of headaches!

But still:

The only real issue with this is
A) The internal AD with Users / Groups / PCs. If that contains one user and one PC, go for it. That one account is quickly recreated!
If you have say 20 Users, that’s much more work involved!
B) you can use a LetsEncrypt Certificate for NETHSERVER.ourdomain.com
C) Internal and External users would still be pointed to the external hoster for web, and to the external hoster for mail…

So that would mean, I’d have to let our external domain hoster add an A record for the nethserver.ourdomain.com ipadress. Hm… I have to think about wether I will go this way, or the ourdomain.work.

Sorry to ask again, but why can’t smarthost just act as a mailclient? Is smarthost something nethserver specific? I will dig the net just to see, if such a configuration would not be possible. I mean, if it could be done, I could stay with ourdomain.local and everything would work.

And another question, if I also want to use cloud.ourdomain.work, I don’t have to delete domain.local and setup new Active Directory domain ourdomain.work for email and for nextcloud as additional domain, right?

Adding an email domain and virtual host should do, right? No need to replace ourdomain.internal with ourdomain.work?

We don’t plan to send mails from ourdomain.work, it’s just setup so that external webserver sees, it is a real domain.

Hi
The server needs to use the name nethserver.ourdomain.work (or whatever hstname, the domain part of the fqdn is what’s important. You can easily use a virtual domain for or hostname for Nextcloud.
You can keep the AD as it is, but AFAIK there’s a little more work involved.
My 2 cents
Andy

Coming back to one question, I asked top the thread. Can someone please estimate when roundcube webmail (when will the new version 1.4.2 with excellent elastic skin be available in nethserver? Or is there already a way to install it, even if it is still testing?