Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to set up an email server with postfix/cyrus
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Sat Apr 30, 2011 8:09 am    Post subject: Reply with quote

very cool. I am quite happy to update the doc, the ebuild, any of it, if we find something newer or better that works.

I just wish the autocreate patches were consistent; meaning, I wish we had them for every version - 2.3.14, 2.3.15, 2.3.16, every build of 2.4, and so forth.
Because if we had that, I would post a new bug on bugzilla and just get the ebuild incorporated into portage.

Regarding the DB patch, it was my own typo; I was searching for 'config.m4' and not 'cyrus.m4'

I am doing a 3AM session on the grill after the pub, so I have to go flip a burger, but I will play with that patch some more once I have my burger :lol:
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5282

PostPosted: Sat Apr 30, 2011 3:09 pm    Post subject: Reply with quote

I think this is the longest thread I'm responsible for - ever. 8)

Yeah, I know, who cares. I'm just that much of a dork. :P
_________________
Gentoo Studio: http://gentoostudio.org
Facebook: http://www.facebook.com/gentoostudio
G+: https://plus.google.com/113947758237122861689/posts
Pappy's Kernel Seeds: http://kernel-seeds.org
Back to top
View user's profile Send private message
costel78
Apprentice
Apprentice


Joined: 20 Apr 2007
Posts: 203

PostPosted: Sun May 01, 2011 8:00 am    Post subject: Reply with quote

Something unexpected showed up in specifications regarding egroupware, so it will take a little more time. Probably I will be able to finish on monday.
_________________
Sorry for my English. I'm still learning this language.
Back to top
View user's profile Send private message
costel78
Apprentice
Apprentice


Joined: 20 Apr 2007
Posts: 203

PostPosted: Mon May 02, 2011 2:57 pm    Post subject: Reply with quote

Well, there is still work to do, but here is the first beta version.
It's not big dial, but it can be extended. Also design can be changed (more columns, menus etc) via generateHeader() and generateFooter(). I don't know if it worth, there are only few tables, so I didn't use any template system or MVC model. The overload don't worth. I focused on security and functionality rather than design. Anyway, I'm not good at design :).
The initial user it's admin with admin password. Also htaccess pasword, (if you want to use it rename htaccess.txt and htpassword.txt) is admin.
Configuration it's done in config.inc.php and database structure it's in structure.sql

Unfortunately my PC it's not always on so you can download files form:
http://www.filehost.ro/1930122/emailadmin_tar_bz2/ - file hosting service
or my own PC (when it's on): http://cweb.ro/emailadmin.tar.bz2

Todo list:
Code:
ToDO:
1. lock/check for concurrent modifications: NOT DONE YET
2. selectbox/checkbox on filter where applicable: IN PROGRESS
3. check html code to validate on validator.w3.org: NOT DONE YET
4. leave only email part in code, remove other system integrations: DONE
5. Better translations: NEED HELP
6. Alomst free design: DONE - possible via generateHeader() and generateFooer()
7. Better translation system, numer index is ambiguous: NOT DONE YET
8. Password might me blank during update, if so, password won't be changed: NOT DONE YET
9. Export in csv format: IN PROGRESS


It's not related with this topic, but if running out of time you may use this as apache vhosting administration.
Basically you supply it a file with domain list and they will be created or deleted.
I haven't yet time to translate them, but it's on ToDO list.
http://cweb.ro/srvadmin.tar.bz2

I am waiting for suggestion, translation fixes and bugs, especially security ones.
_________________
Sorry for my English. I'm still learning this language.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5282

PostPosted: Wed May 11, 2011 2:36 pm    Post subject: Reply with quote

My girlfriend just noticed something odd. She hadn't downloaded her mail locally for a few days, but is good at deleting unwanted email on webmail. Today she noticed that trying to send mail resulted in over-quota errors in Squirrelmail. I downloaded her inbox into Thunderbird and things worked again, but I noticed that her new messages were 1, 36, 2, 502, 3, and 36 - all KB. She had a couple of messages in her sent folder in Squirrel, but these were small. Nothing in drafts or trash.

Yet, when I downloaded what few messages she had on the server, Squirrel worked again. Any idea what happened?
_________________
Gentoo Studio: http://gentoostudio.org
Facebook: http://www.facebook.com/gentoostudio
G+: https://plus.google.com/113947758237122861689/posts
Pappy's Kernel Seeds: http://kernel-seeds.org
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5282

PostPosted: Sat Jul 09, 2011 1:18 am    Post subject: Reply with quote

This is a pointless bump to make it show up in my ego search so I can find this #@$%ing thread when I need it! :P :twisted:
_________________
Gentoo Studio: http://gentoostudio.org
Facebook: http://www.facebook.com/gentoostudio
G+: https://plus.google.com/113947758237122861689/posts
Pappy's Kernel Seeds: http://kernel-seeds.org
Back to top
View user's profile Send private message
kaszynek
n00b
n00b


Joined: 22 Mar 2011
Posts: 44
Location: Warsaw, Poland

PostPosted: Mon Jul 25, 2011 8:08 am    Post subject: Reply with quote

I have dynamic ip and domain (assume mydomain.com).
I'm sending emails which are qualified as spam by mail servers like gmail (it even don't deliver my emails to spam folder).
My ip is on blacklist becouse there is whole subnet with mask 15 on that blacklist.
Is there any way to improve that?

I have read something about relay host. How to use it?
Whats is an idea of using it?
If i would use yahoo (i don't even know that it is possible to use yahoo) as relay host. I would have to send emails from myaddres@yahoo.com . But i want to send emails from mail.mydomain.com
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Mon Jul 25, 2011 11:11 pm    Post subject: Reply with quote

kaszynek wrote:

Is there any way to improve that?


nope. if you're on a residential netblock, you will be blacklisted by most RBL providers.
no way around it, you will need to send your outbound e-mail through a relayhost

kaszynek wrote:

I have read something about relay host. How to use it?
Whats is an idea of using it?


http://www.postfix.org/postconf.5.html#relayhost

You would want to set this to be your ISP's smtp server (for example, comcast users would set:

Code:

relayhost = [smtp.comcast.net:25]


inclusive of the square brackets. If you add the square brackets, it says "deliver directly to the host named 'smtp.comcast.net'". If you omit the square brackets, it says "do an MX lookup for the domain 'smtp.comcast.net', and send to whatever MX record is returned".

This annoyed me enough that I finally ponied up the extra cash for a "business class" connection whose IP would not be on a blacklist.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5282

PostPosted: Tue Jul 26, 2011 2:25 pm    Post subject: Reply with quote

I considered a "business class" connection too some time ago, but I think my VPS hosting plan with Host Virtual is cheaper, not to mention not as prone to power outages as my working-class neighbourhood served by the dubious and not well-liked PEPCO.

Of course, I can't truly test my test virtual server at home, but as long as the logs show it's trying to make the right connections, I can live with that and proceed to do to my production server whatever I just did to my test server.
_________________
Gentoo Studio: http://gentoostudio.org
Facebook: http://www.facebook.com/gentoostudio
G+: https://plus.google.com/113947758237122861689/posts
Pappy's Kernel Seeds: http://kernel-seeds.org
Back to top
View user's profile Send private message
kaszynek
n00b
n00b


Joined: 22 Mar 2011
Posts: 44
Location: Warsaw, Poland

PostPosted: Mon Aug 08, 2011 8:36 pm    Post subject: Reply with quote

Quote:

You would want to set this to be your ISP's smtp server (for example, comcast users would set:


Ok, but still i dont understand whats the deal with the ISP's smtp server. Is it normal that ISP provide that kind of service?
Whats the influence on the final mail received via ISP's smtp server (i mean any adnotation in headers of email or something like that).
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Mon Aug 08, 2011 10:45 pm    Post subject: Reply with quote

kaszynek wrote:

Ok, but still i dont understand whats the deal with the ISP's smtp server. Is it normal that ISP provide that kind of service?


Over here in the US, and at least when I was living in the UK, yes. Usually your broadband provider will have an SMTP server that they allow you to use for outbound e-mail, that accepts *all* outbound e-mail from their customers' IP addresses regardless of who it is to/from. For example, tpnet.pl users will have an SMTP server provided to them to use for outgoing e-mail from their @tpnet.pl e-mail address; however, usually this SMTP server does not care about the e-mail address, it only cares that the sender comes from a tpnet IP address. So, you can route outbound mail through this server even if it is from @yourdomain.com

Maybe not every ISP does this - I do not know if this is common in Poland or not, I would guess it depends on the provider.

kaszynek wrote:

Whats the influence on the final mail received via ISP's smtp server (i mean any adnotation in headers of email or something like that).


every SMTP system that receives the message will add a "Received" header at the very least, and maybe even a 'Received-SPF' header. Typically, none of the message formatting or contents should be changed - if it's "Content-Type: multipart/mixed", this should not be changed by *any* server, as this is something the client defines, not the server. The server should only add those tracking headers (e.g. Received, Received-SPF)

There is also one other effect here; since you are sending form Postfix to your ISP's SMTP server, any TLS configuration you do in Postfix for sending of outbound e-mail, will take place only between your server and your ISP's server - so this connection is encrypted. However, there is no guarantee your ISP is going to use TLS for the connection they make to the recipient's SMTP system - most will, SMTP over TLS has been around for ages and nearly everyone supports it, but as I said there is no guarantee. You can only guarantee an encrypted connection between your mail server and the next one, and even then only if the next server supports it.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
kaszynek
n00b
n00b


Joined: 22 Mar 2011
Posts: 44
Location: Warsaw, Poland

PostPosted: Sun Aug 21, 2011 7:14 am    Post subject: Reply with quote

Thanks for explanation :]
I will orientate whether my ISP is providing for me SMTP server.
Back to top
View user's profile Send private message
trigggl
Apprentice
Apprentice


Joined: 26 Aug 2007
Posts: 211
Location: Arkansas

PostPosted: Fri Sep 02, 2011 6:12 pm    Post subject: Reply with quote

Houston, we have a problem.

I tried following your guide and got the following problem/error message.

I don't know at what point I'm supposed to get the patch, but it's not making it to the 'files' folder.

Quote:
* Messages for package net-mail/cyrus-imapd-2.4.8:

* Cannot find $EPATCH_SOURCE! Value for $EPATCH_SOURCE is:
*
* /root/overlays/cyrus/net-mail/cyrus-imapd/files/cyrus-imapd-strip.patch
* ( cyrus-imapd-strip.patch )
* ERROR: net-mail/cyrus-imapd-2.4.8 failed (prepare phase):
* Cannot find $EPATCH_SOURCE!
*
* Call stack:
* ebuild.sh, line 56: Called src_prepare
* environment, line 3944: Called epatch '/root/overlays/cyrus/net-mail/cyrus-imapd/files/cyrus-imapd-strip.patch'
* environment, line 1989: Called die
* The specific snippet of code:
* die "Cannot find \$EPATCH_SOURCE!";
*
* If you need support, post the output of 'emerge --info =net-mail/cyrus-imapd-2.4.8',
* the complete build log and the output of 'emerge -pqv =net-mail/cyrus-imapd-2.4.8'.
* This ebuild is from an overlay named 'x-cyrus': '/root/overlays/cyrus/'
* The complete build log is located at '/var/tmp/portage/net-mail/cyrus-imapd-2.4.8/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/net-mail/cyrus-imapd-2.4.8/temp/environment'.
* S: '/var/tmp/portage/net-mail/cyrus-imapd-2.4.8/work/cyrus-imapd-2.4.8'


I'll post the logs if you need them, but I'm thinking this is enough info for now. I followed line by line (the second time). Do I need to delete and start over? Is it possible to just download it myself?
_________________
Greg
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Fri Sep 02, 2011 8:14 pm    Post subject: Reply with quote

weird. looks like that patch has been removed.

part of the instructions say to copy over the ./files directory from the standard /usr/portage/net-mail/cyrus-imapd/
but that does us no good i suppose, if patches get removed, but the ebuild doesnt get updated to reflect that.

No bother, the old patch contained:

Code:

--- imtest/Makefile.in.orig     2007-09-07 21:45:46.000000000 +0200
+++ imtest/Makefile.in  2007-09-07 21:45:52.000000000 +0200
@@ -72,7 +72,7 @@
 all: imtest
 
 install:
-       $(INSTALL) -s -m 755 imtest $(DESTDIR)$(exec_prefix)/bin
+       $(INSTALL) -m 755 imtest $(DESTDIR)$(exec_prefix)/bin
        ln -f $(DESTDIR)$(exec_prefix)/bin/imtest $(DESTDIR)$(exec_prefix)/bin/pop3test
        ln -f $(DESTDIR)$(exec_prefix)/bin/imtest $(DESTDIR)$(exec_prefix)/bin/nntptest
        ln -f $(DESTDIR)$(exec_prefix)/bin/imtest $(DESTDIR)$(exec_prefix)/bin/lmtptest


you could add that to your files/ directory in your local overlay, digest the ebuild, and carry on

http://whitehathouston.com/downloads/gentoo/ebuilds/cyrus/net-mail/cyrus-imapd/files/cyrus-imapd-strip.patch

Or, I'm quite happy to edit the ebuild to download the patch from my server instead of distfiles. If you're uncomfortable dumping that patch into files/ yourself and redigesting, let me know and I'll change the ebuild.

EDIT: ...actually, since I'd imagine others will hit this in the future, I'll just change the bloody ebuild!

done and done. Cursory testing, it builds, everything seems to patch ok, etc.

You may need to mask versions of cyrus greater than 2.4.8

you can do this via:

Code:

mkdir -p /etc/portage/package.mask
echo ">net-mail/cyrus-imapd-2.4.8" >> /etc/portage/package.mask/cyrus


I think one other thing I may do on that page is add a link to this thread so people can see what's going on, what's changed, etc.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
trigggl
Apprentice
Apprentice


Joined: 26 Aug 2007
Posts: 211
Location: Arkansas

PostPosted: Fri Sep 02, 2011 9:43 pm    Post subject: Reply with quote

cach0rr0 wrote:
weird. looks like that patch has been removed.

part of the instructions say to copy over the ./files directory from the standard /usr/portage/net-mail/cyrus-imapd/
but that does us no good i suppose, if patches get removed, but the ebuild doesnt get updated to reflect that.

No bother, the old patch contained:

Code:

--- imtest/Makefile.in.orig     2007-09-07 21:45:46.000000000 +0200
+++ imtest/Makefile.in  2007-09-07 21:45:52.000000000 +0200
@@ -72,7 +72,7 @@
 all: imtest
 
 install:
-       $(INSTALL) -s -m 755 imtest $(DESTDIR)$(exec_prefix)/bin
+       $(INSTALL) -m 755 imtest $(DESTDIR)$(exec_prefix)/bin
        ln -f $(DESTDIR)$(exec_prefix)/bin/imtest $(DESTDIR)$(exec_prefix)/bin/pop3test
        ln -f $(DESTDIR)$(exec_prefix)/bin/imtest $(DESTDIR)$(exec_prefix)/bin/nntptest
        ln -f $(DESTDIR)$(exec_prefix)/bin/imtest $(DESTDIR)$(exec_prefix)/bin/lmtptest


you could add that to your files/ directory in your local overlay, digest the ebuild, and carry on

http://whitehathouston.com/downloads/gentoo/ebuilds/cyrus/net-mail/cyrus-imapd/files/cyrus-imapd-strip.patch


I actually had to download the file below. Not sure why.

Code:
http://whitehathouston.com/downloads/gentoo/ebuilds/cyrus/net-mail/cyrus-imapd/files/cyrus-imapd-2.2-libwrap.patch


After going through the document and starting everything up, I tried to send an email from root to a user. Here's a short sample of the error I'm getting in mail.log.

Quote:
Sep 2 16:17:04 stephie postfix/trivial-rewrite[11571]: warning: connect to mysql server 127.0.0.1: Access denied for user 'maildb'@'localhost' (using password: YES)
Sep 2 16:17:04 stephie postfix/trivial-rewrite[11571]: fatal: mysql:/etc/postfix/validate.cf(0,lock|fold_fix): table lookup problem
Sep 2 16:17:05 stephie postfix/qmgr[11427]: warning: problem talking to service rewrite: Success
Sep 2 16:17:05 stephie postfix/master[10393]: warning: process /usr/lib64/postfix/trivial-rewrite pid 11571 exit status 1
Sep 2 16:17:05 stephie postfix/master[10393]: warning: /usr/lib64/postfix/trivial-rewrite: bad command startup -- throttling


I'm assuming there's a typo I made somewhere. The question is what was the typo and where did I do it? I think it has something to do with --> 'maildb'@'localhost'.
_________________
Greg
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Fri Sep 02, 2011 11:27 pm    Post subject: Reply with quote

Code:

127.0.0.1: Access denied for user 'maildb'@'localhost' (using password: YES)


that's key. something in your mysql lookup files is incorrect for logging on to your mysql server, either the username or password

you likely need to login to mysql and:

Code:

grant all privileges on maildb.* to 'maildb'@'localhost' identified by 'whateverpassword';
flush privileges;


could it be that you forgot to flush privileges after doing the grant?
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
trigggl
Apprentice
Apprentice


Joined: 26 Aug 2007
Posts: 211
Location: Arkansas

PostPosted: Sat Sep 03, 2011 3:54 pm    Post subject: Reply with quote

cach0rr0 wrote:
Code:

127.0.0.1: Access denied for user 'maildb'@'localhost' (using password: YES)


that's key. something in your mysql lookup files is incorrect for logging on to your mysql server, either the username or password

you likely need to login to mysql and:

Code:

grant all privileges on maildb.* to 'maildb'@'localhost' identified by 'whateverpassword';
flush privileges;


could it be that you forgot to flush privileges after doing the grant?


It was a typo. I used --> 'maildb@localhost'.

I managed to send an email from root to a user. Now I just have to get it sending and receiving over the network/internet.
_________________
Greg
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5282

PostPosted: Tue Oct 04, 2011 6:02 pm    Post subject: Reply with quote

Using the guide, I set up a new dev machine. I think everything is working, but since I don't have a domain to apply to it, I'm working off localhost and the machine's hostname, Bach. No .com, .org, .net.

So when sending a test message from telnet from/to the same testuser in maildb, I get this:

Code:

Oct  4 13:06:06 Bach postfix/smtpd[15314]: 1AEEB1A616D5: client=localhost[127.0.0.1]
Oct  4 13:06:56 Bach postfix/cleanup[15316]: 1AEEB1A616D5: message-id=<20111004130606.1AEEB1A616D5@Bach>
Oct  4 13:06:56 Bach postfix/qmgr[15018]: 1AEEB1A616D5: from=<testuser@bach.Bach>, size=357, nrcpt=1 (queue active)
Oct  4 13:06:56 Bach postfix/smtp[15330]: 1AEEB1A616D5: to=<testuser@bach.Bach>, orig_to=<testuser@bach>, relay=none, delay=62, delays=62/0.01/0.06/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=bach.Bach type=A: Host not found)
Oct  4 13:06:56 Bach postfix/cleanup[15316]: 6EF9C1A616D8: message-id=<20111004130656.6EF9C1A616D8@Bach>
Oct  4 13:06:56 Bach postfix/qmgr[15018]: 6EF9C1A616D8: from=<>, size=2199, nrcpt=1 (queue active)
Oct  4 13:06:56 Bach postfix/bounce[15331]: 1AEEB1A616D5: sender non-delivery notification: 6EF9C1A616D8
Oct  4 13:06:56 Bach postfix/qmgr[15018]: 1AEEB1A616D5: removed
Oct  4 13:06:56 Bach postfix/smtp[15330]: 6EF9C1A616D8: to=<testuser@bach.Bach>, relay=none, delay=0.12, delays=0.06/0/0.06/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=bach.Bach type=A: Host not found)
Oct  4 13:06:56 Bach postfix/qmgr[15018]: 6EF9C1A616D8: removed
Oct  4 13:07:00 Bach postfix/smtpd[15314]: disconnect from localhost[127.0.0.1]


How can I get around this or have postfix/cyrus (or whatever program is responsible) not append .Bach to addresses and just send test messages to from my local test user, testuser@bach?
_________________
Gentoo Studio: http://gentoostudio.org
Facebook: http://www.facebook.com/gentoostudio
G+: https://plus.google.com/113947758237122861689/posts
Pappy's Kernel Seeds: http://kernel-seeds.org
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Tue Oct 04, 2011 6:44 pm    Post subject: Reply with quote

don't know offhand, but id say easiest to test:

-override a bunch of domains via /etc/hosts (e.g. set your 127.0.0.1 entry to "bach.audiodef.com bach localhost"
-set mydomain to bach.audiodef.com, set mydestination to be $mydomain
-send your telnet messages to user@bach.audiodef.com

otherwise id have to look (which i have to do a bit later)
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5282

PostPosted: Tue Oct 04, 2011 7:40 pm    Post subject: Reply with quote

Maybe part of identifying the problem is with this:

Code:

audiodef@Bach ~/savonet $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 bach ESMTP Postfix (2.8.4)
EHLO bach
250-bach
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<testuser@bach>
250 2.1.0 Ok
RCPT TO:<who@bach>
250 2.1.5 Ok


There is no "who@bach" in my maildb - only a "testuser@bach". Shouldn't this have said "no such user"?

(On this machine, btw, there is no "audiodef.com" or any kind of TLD at all.)
_________________
Gentoo Studio: http://gentoostudio.org
Facebook: http://www.facebook.com/gentoostudio
G+: https://plus.google.com/113947758237122861689/posts
Pappy's Kernel Seeds: http://kernel-seeds.org
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Tue Oct 04, 2011 9:58 pm    Post subject: Reply with quote

since you're coming from 127.0.0.1, if you have "permit_mynetworks" within "smtpd_recipient_restrictions", it doesn't matter who it's to or from, it will be accepted outright, and never get to the validation lookup.

That is, assuming you have 127.0.0.1 as part of mynetworks

It'll never get to any of your virtual alias mapping stuff that way.

having said that, I'm still a bit in the dark as to why '.Bach' would get appended to the tail end.
and of course since 'bach.Bach' is not configured to be handled as an inbound domain, and since 127.0.0.1 gets blindly accepted regardless of sender/recipient, it *will* be queued for delivery regardless, and the type of delivery will be a standard SMTP delivery as though it's an outbound message, rather than internally via the LMTP socket to Cyrus
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5282

PostPosted: Fri Oct 07, 2011 4:49 pm    Post subject: Reply with quote

I haven't had a chance to get back to this issue yet, but I have to say this:

Dude, I am TOTALLY digging your way of running a mail server. It's so super-simple to add new domains and users. I've had to add several special-purpose email addresses to my production machine (on which everything works. My above issue is for a new dev machine), and I'm smarfed - nay, FLARGED that all I have to do is drop the address and password into maildb.

Rock on, bro. :D
_________________
Gentoo Studio: http://gentoostudio.org
Facebook: http://www.facebook.com/gentoostudio
G+: https://plus.google.com/113947758237122861689/posts
Pappy's Kernel Seeds: http://kernel-seeds.org
Back to top
View user's profile Send private message
trigggl
Apprentice
Apprentice


Joined: 26 Aug 2007
Posts: 211
Location: Arkansas

PostPosted: Wed Oct 19, 2011 10:41 pm    Post subject: Reply with quote

Ok, I've come back to this. I'm trying to receive mail (from outside the network) on port 587. What do I have to do for the system to accept that? Is that a postmap setting? I don't have port 25 open and would prefer to keep it closed, but I guess I could open it if I had to. How do I even test port 587, or should telnet work (it doesn't)?

Should this setup just send if it weren't blocked by the ISP or is there something else I need to do? Am I confined to pop mail with my email provider? I'm using a dynamic DNS with Comcast as my ISP.
_________________
Greg
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Wed Oct 19, 2011 11:23 pm    Post subject: Reply with quote

trigggl wrote:
Ok, I've come back to this. I'm trying to receive mail (from outside the network) on port 587. What do I have to do for the system to accept that? Is that a postmap setting? I don't have port 25 open and would prefer to keep it closed, but I guess I could open it if I had to. How do I even test port 587, or should telnet work (it doesn't)?

Should this setup just send if it weren't blocked by the ISP or is there something else I need to do? Am I confined to pop mail with my email provider? I'm using a dynamic DNS with Comcast as my ISP.


trouble is, external mail systems aren't going to know to connect to your mail server on a port other than 25
you can configure your postfix system to send to alternate ports much as you like, but far as receiving mail goes, if you're not able to be connected to on 25 (as in, inbound to your port 25), you may send mail fine, but you wont be receiving much if any. Some external hosts may automatically try 587, many will not. They should, but they don't.

having said that, if you want to try it, all you need is this in master.cf

Code:

submission inet n       -       n       -       -       smtpd


that will enable the listener on port 587. Add that, restart postfix.

And yes, this setup should just flat-out send. If you want to see if any ports are blocked, telnet to my server on port 25 (renee.whitehathouston.com)
If it connects (you'll get a 554 error, but that's expected on a dynamic IP) then your connections to other hosts on port 25 aren't blocked. If it doesn't, then Comcast is blocking you (unless, of course, you have some other firewall that you control that might be blocking you)

Now, as far as sending to others whose systems are listening on 587, you'd want to set up transport_maps, meaning, you'd have to do it on a per-domain basis. Which is annoying, but no other way around it.

Ultimately if you cant accept inbound connections on 25, you're not going to receive much mail, and if you're unable to make outbound connections to remote hosts on 25, you aren't going to be sending much mail either.

Best of luck either way, hope that's somewhat helpful!
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash


Last edited by cach0rr0 on Thu Oct 20, 2011 3:34 pm; edited 1 time in total
Back to top
View user's profile Send private message
trigggl
Apprentice
Apprentice


Joined: 26 Aug 2007
Posts: 211
Location: Arkansas

PostPosted: Thu Oct 20, 2011 2:59 pm    Post subject: Reply with quote

cach0rr0 wrote:
trouble is, external mail systems aren't going to know to connect to your mail server on a port other than 25
you can configure your postfix system to send to alternate ports much as you like, but far as receiving mail goes, if you're not able to be connected to on 25 (as in, inbound to your port 25), you may send mail fine, but you wont be receiving much if any. Some external hosts may automatically try 587, many will not. They should, but they don't.

having said that, if you want to try it, all you need is this in master.cf

Code:

submission inet n       -       n       -       -       smtpd


that will enable the listener on port 587. Add that, restart postfix.


That was easy. (press little red button) I was even able to telnet from the AIX system at work. Thanks for that.

cach0rr0 wrote:
And yes, this setup should just flat-out send. If you want to see if any ports are blocked, telnet to my server on port 25 (renee.whitehathouston.com)

If it connects (you'll get a 554 error, but that's expected on a dynamic IP) then your connections to other hosts on port 25 aren't blocked. If it doesn't, then Comcast is blocking you (unless, of course, you have some other firewall that you control that might be blocking you)


..and no I couldn't get there. It sat at "Trying..." and never made it. Do you think that 587 would be blocked? Do you know of anyone that would be using it that I could test it at?


cach0rr0 wrote:
Now, as far as sending to others whose systems are listening on 587, you'd want to set up transport_maps, meaning, you'd have to do it on a per-domain basis. Which is annoying, but no other way around it.


I don't suppose that's an easy thing to set up for one domain? Would it be a problem to post an example?


cach0rr0 wrote:
Ultimately if you cant accept inbound connections on 25, you're not going to receive much mail, and if you're unable to make outbound connections to remote hosts on 25, you aren't going to be sending much mail either.

Best of luck either way, hope that's somewhat helpful!


You've been a great help. Maybe some day I'll be able to find a way to get around the service provider issue. I suspect it will cost me, though. I guess I should open port 25 to see if I can telnet home, if that's blocked as well. Anyways, I have a working system now and if I were able to use it on an open network of a friends or something, I'll be able to set up mail for them. More specifically on BOINC (seti@home, milkyway@home, etc...) I'm on a team (SETI.USA) that's trying to get an email blast setup to send mail to a team email list.
_________________
Greg


Last edited by trigggl on Thu Oct 20, 2011 3:44 pm; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Page 7 of 8

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum