Mail Problems

Kristian Rink kristian at zimmer428.net
Thu Aug 31 11:50:27 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Karl-Heinz;



Am Thu, 31 Aug 2006 06:57:43 -0400
schrieb "Karl-Heinz Schulz" <karlheinz at khschulz.com>:


> Thank you for your help!!

You're welcome. :)



> I'm almost there but I have now a Postfix relaying issues.
> I entered the following line to the main.cnf file

> mynetworks = 127.0.0.0/8, 192.168.51.0/24 

Looks good so far.



> I tried 207.59.215.1 but it still will not allow me to relay the mail?
> What is the best practice for mobile users?


Well... first off, what is it that you are trying to do? Do you want
the server to accept mail from mobile (remote) users addressed to local
users on the server only, or do you want the SMTP host to be a fully
working mail relay allowing "your" external users to send mail
virtually everywhere?

Generally, you don't want to use your NAT address in main.cf, because
you don't need it there. What you tried to do (adding it to
"mynetworks") basically just would tell your SMTP server to accept mail
from 207.59.215.1/32, which is (talking NAT) your server itself so that
doesn't get you very far.

If you want your host to be a fully working SMTP relay, you should do
the following:



To make sure mail addressed to your users ( @whichever-domain.com )
is delivered, add "whichever-domain.com" to the mydestination entry in
main.cf so it should look like this:


mydestination = localhost, localhost.localdomain, whichever-domain.com


Domains listed here are considered "local", i.o.w. the MTA tries to
deliver mails to user at ... to local users, including /etc/aliases if
there. For every mail addressed to a domain not listed in
"mydestination", the MTA will try to deliver it either using relayhost
or using direct delivery...





Using a relay host is the easiest solution if you want to allow people
for sending mails anywhere through your SMTP machine. To do so, you
need to find out what is the name of your ISP's SMTP host (most likely
to be something, like, mail.<provider>.com). Once you know, you have to
tell postfix about this by using


relayhost = mail.myprovider.com


in main.cf. Possibly you will learn that your provider requires
SMTP-AUTH in order to allow for sending through its SMTP host. If so,
you will get out of it by adding these lines to main.cf:

[...]
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_password
smtp_sasl_security_options=noanonymous
[...]


Next to that, create a file /etc/postfix/sasl_passwd, add your
SMTP-AUTH credentials like that



mail.myprovider.com	username:password



, make this file readable to postfix running the command



postmap /etc/postfix/sasl_passwd


and restart your postfix system. This way, people able to connect to
your SMTP host should be able to send mail everywhere through your host
(and, indirectly, the SMTP host of your provider). 




If you want to do direct delivery, things are more difficult:

- - First off, you have to be sure that your mail servers hostname (to be
found in /etc/mailname and/or stated in "myorigin" in main.cf) resolves
to your NAT address using DNS and vice versa using reverse DNS. This
usually is the weakest preposition to make other servers accept mail
from your machine. Possibly you will have to ask your ISP or DNS
provider to set things up well for you. 

- - By then you should make sure only "authorized" external users can send
mail through your system. This can be achieved by either setting up
your postfix to also require SMTP-AUTH (which is a tedious and
error-prone thing to do, you really should read the postfix docs en
detail about this, as well as [1]), or by installing something like
"drac" or "pop-before-smtp". The latter one is easier, this provides
some sort of behaviour similar to several freemail providers at least
here in Germany (you have to fetch mail using POP3 or IMAP first to
show you're authorized, and then you'll be able to send through SMTP
for defined time). But for that, you also really should consult its
documentation, as these things tend to be critical in terms of system
security...


Feel free to ask if there are any questions left. :)
Cheers,
Kris


[1]http://www.projektfarm.com/en/support/howto/postfix_smtp_auth_tls.html


- -- 
Kristian Rink *  http://zimmer428.net * jab: kawazu at jabber.ccc.de
icq: 48874445 *  fon: ++49 176 2447 2771
"One dreaming alone, it will be only a dream; many dreaming together
is the beginning of a new reality." (Hundertwasser)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9s0JcxBAPOA1m6wRAljHAJsFBmn4Xl7/8b86n6HwpSNaHxD7mgCfQT3v
QA/XHLXdCZg4nRbcZYL65Xg=
=JY+T
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list