Hi to everyone. I’m testing various Netserver 8 vm as a internal mailserver (on Proxmox) and i’m having a strange issue with a couple of them. I’m using a dedicated relay setup for every internal account (three in total)
and what happen it’s very strange. Here’s my configuration:
Nethserver/on external domain (Aruba, used as relay)
account A >>> account A2
account B >>> account B2
account C >>> account C3
First off: i configured only account A to use A2 as a relay to send mail, with no problem at all (obviously account B and C cannot send mail correctly because there’s no relay configured for them).
Then, i configured account B to use B2 as a relay and this time it does not work: i have a return message with “sender not allowed” error and that is normal due to relay not configured. But (and here it starts to get strange), if now i remove relay configuration from account A > A2 , even without touching anything else, leaving previous setuo as is, account B starts to work.
In a few words, as established by further evidence: all accounts are working if configured singularly with dedicated relay and the others ones disabled (relay A > A2 works well IF there is no other configuration, same thing if i configure only B > B2, or C > C2) but if i configure all accounts on Nethserver 8 with the corrispondent separate relay (one for account, as mentioned before) i will have “sender not allowed error” on all account while sending mail.
Hi Davide, thanks for you reply. I checked documentation but i do not understand this behaviour. All my Nethserver 7 mailservers worked well with one single relay for every single internal mail account (i mean: three internal account = three relays). This time with NS8 i notice that account B, for example, does not work only if there is another different account configured with his paired relay. I can’t understand why suddently stop working…
In reference to the the documentation, what type of rules did you set up? Recipient, Sender, Default?
Please, consider this documented behavior:
When a Default or Recipient rule is created or modified, existing rules of the same type with the same Hostname and Port combination are updated automatically. The new TLS and Authentication settings are applied collectively to these rules. This ensures that messages sent through a given Hostname and Port use consistent credentials and TLS preferences, regardless of the destination address.
I can’t understand this behaviour, it’s a complete nonsense to me. Three mail accounts on Nethserver, only one of them (commerciale@) configured with a specific rule for this sender: and it works. If now active a second specific rule for another account (amministrazione@) leaving setup of first account as is, commerciale@ stop working. Obviously, if i disable relay setup for amministrazione@ , then commerciale@ return operative.
I think I could reproduce it. If Enforce sender/login match is disabled then postfix searches for the first matching host in the enabled relay rules so it’s trying to authenticate with the credentials of the first entry amministrazione instead of the right commerciale and therefore the Aruba mailserver complains about “sender not allowed”.
If Enforce sender/login match is enabled then postfix searches for the first matching sender address and is able to get the right credentials, see also smtp_sasl_password_maps in Postfix Configuration Parameters
In other words, without Enforce sender/login match it is assumed that there’s just one sender for all aruba accounts which is not your case.
To allow different senders for the same (aruba) host:
Add the addresses for amministrazione, commerciale and segreteria at the “Addresses” page and set the users that should be allowed to send as destination, see also Mail — NS8 documentation
