Smarthost enhancement

I don’t know if this has been discussed, but I would like to see the following enhancement on smarthost.

For now there is only one account configurable to send mails through smarthost. Now our mailservice provider does not accept a generic account lets call it sender@ourdomain.com for sending mails for all users@ourdomain.com, but only individual emailaccounts as users to send throughtheir smtp server.

Thus I have configured imap on our nethserver and connectors to download mails for our users, but we send mails directly through external smtp server of our email provider.

My idea is: As we have configured all individual external user credentials in email connector settings, wouldn’t it be nice, if smarthost would be able use those credentials also for sending emails? That way our users could use internal smtp and the mails would be sent through smarthost with the configured credentials in connector settings.

Why using a provider? You can centralize all your email accounts on NethServer and use it to receive and send email.

@alefattorini

Hi Alessio

As I know Elleni here and his situation, and I myself have two clients using a Mail Provider and collecting the mails with POP3/IMAP to their Inhouse NethServer, I’ll take the liberty to answer…

Sometimes reasons are historic, like an old Exchange Server 2003 not fit to expose to the Internet…
Sometimes it’s politics or business
and sometimes there are “Holy Cows”, which you can’t touch…

I can live with reasons 1 and 2, but have a bit of problems with Nr.3… :slight_smile:

And sometimes it’s all in movement, but certain things take longer than expected!

My 2 cents
Andy

Our boss is afraid that if our mailserver serves the domain, we could run into problems like bad reputation of the ip thus non-delivery so he did decide that he wants to keep our mailprovider, while he still wants us to do additonal email filtering. I had thought about looking into mailproxy, but when I read that it will not be ported to new cockpit webinterface, I thought, its not worth it as it maybe be soon obsolete? Thus we have an additional domain for our imap server, and configured connectors for users to their external mailbox. We have to send mails through our provider, at least for now. Maybe later - if he gains confidence in our new systems, we will upgrade to a full blown mailserver with smtp directly to the outside and serve our real domain. I know, that this setup can be problematic, as for example the sender will not be notified on blocked mails from nethserver, but we will workaround that for the time being by monitor rspamd and download those mails through webamail of the mailprovider. Maybe there is even a way to get a mailnotificaton whenever a mail is blocked; I asked if this could be easily configured in this forum but did not get a reply yet.

So for now, we setup our mailclients to connect to nethserver imap server, but send mails directly by external smtp server. I had tried to use smarthost, but our mailprovider does not allow one generic account to send mails for all our users, thus my idea asked here. But if this is such an uncommon usecase and it is of no real advantage or too complicated to implement, it is no problem, I just thought, I should ask. Thanks for providing us such a great product. :slight_smile:

Afaik it is like this office365 works, you cannot send an email with a generic smtp but with the smtp account of the user.
Gmail has also a quite similar behavior because the header of the sender is modified by the email name of the smtp account, so you cannot use a generic gmail smtp account.

I do use also a smtp relayhost mainly because it is a nightmare to send email now to Office365 and I have other hobbies in the life.

Therefore it is for me a valid feature request however I am sure you can find a smtp provider that allows you to use one generic account for all your emails…we call this a workaround :slight_smile:

1 Like

@Elleni

I use KreativMedia as SMTP, they allow a generic SMTP user (for outgoing) and have very moderate prices.
You could use this, and leave yor existing Provider “as is”!

It only needs correct DNS entries!

My 2 cents
Andy

I doubt, our boss wants to risk this change. I think, we stay the way I have setup the system by configuring emailclients with external smtp server, but nethserver as imap, until my boss gained enough confidence to allow our nethmailserver directly serve as smtp server too.

The client is king, even if that’s your boss!

Try this:

Create /etc/e-smith/templates-custom/etc/postfix/main.cf/29Authentication

mkdir -p /etc/e-smith/templates-custom/etc/postfix/main.cf
cd /etc/e-smith/templates-custom/etc/postfix/main.cf
vi 29Authentication

#
# custom
#
# 29Authentication
#

{
    if($postfix{SmartHostStatus} ne 'enabled') {
    return <<FRAGMENT
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_security_options =
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
FRAGMENT
    }
}

#smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtp_sasl_mechanism_filter = plain, login
#smtp_sasl_security_options =
#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps

:

Create /etc/e-smith/templates-custom/etc/postfix/relayhost_maps/20Relayhosts_map

mkdir -p /etc/e-smith/templates-custom/etc/postfix/relayhost_maps
cd /etc/e-smith/templates-custom/etc/postfix/relayhost_maps
vi 29Relayhosts_map

#
# custom
#
# 20Relayhost_maps
#

yourdomain.tld	[smarthost.yourdomain.tld]:25

Create /etc/e-smith/templates-custom/etc/postfix/sasl_passwd/30Authentication

mkdir -p /etc/e-smith/templates-custom/etc/postfix/sasl_passwd
cd /etc/e-smith/templates-custom/etc/postfix/sasl_passwd
vi 30Authentication

#
# custom
#
# 30Authentication

user1@yourdomain.tld		login_user1:password_user1
user2@yourdomain.tld		login_user2:password_user2
user3@yourdomain.tld		login_user3:password_user3

finally give these commands to activate the changes

expand-template /etc/postfix/relayhost_maps
postmap /etc/postfix/relayhost_maps

expand-template /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd

signal-event nethserver-mail-server-update

the same commands marked above should be given after making changes to the above configuration files

4 Likes

Cool, thanks for this. I will have a look but it will take me some time, as I am on vacation for two weeks. One question though. As I want to avoid putting users passwords in a config file manually - would it be possible to get them from the system? I am asking as the smtp passwords are already stored in nethserver because for every user a connector is configured for download emails from external domain.

This script generate sasl_passwd fragment from getmail data:

vi importpop3c

#!/bin/sh
#

GRDir=/etc/e-smith/templates-custom/etc/postfix/sasl_passwd
GRFile=30Authentication

mkdir -p ${GRDir}

echo "#" > ${GRDir}/${GRFile}
echo "# custom" >> ${GRDir}/${GRFile}
echo "#" >> ${GRDir}/${GRFile}
echo "# ${GRFile}" >> ${GRDir}/${GRFile}
echo "#" >> ${GRDir}/${GRFile}
echo >> ${GRDir}/${GRFile}

for l in `/sbin/e-smith/db getmail print`
do
        GRKey=`echo $l | cut -f 1 -d =`
        GRAccount=`/sbin/e-smith/db getmail getprop ${GRKey} Account`
        GRPassword=`/sbin/e-smith/db getmail getprop ${GRKey} Password`
        echo -e ${GRKey}'\t'${GRAccount}:${GRPassword} >> ${GRDir}/${GRFile}
done

This script takes the data from the configuration of the pop3 connector so, every time you make a change to the popo3 connector, remember to launch this script and postfix reconfiguration

importpop3c

expand-template /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd

signal-event nethserver-mail-server-update
2 Likes