[gentoo-user] Postfix configuration in server with dynamic IP

[gentoo-user] Postfix configuration in server with dynamic IP

[romildo]

Hello.

I am looking for a posftix configuration for
my computer, which receives a dynamic IP through
adsl.

Currently I am using postfix for sending mail from
this computer, but most of the time the IP I
receive from my ISP is blacklisted and is rejected
on some destinations. So I want to use my ISP
mail server for sending mail (with athentication).

Maybe someone can send me a postfix configuration
for that.

Romildo

PS: Maybe other smtp servers other than postfix
    are more apropriate for this configuration.
    In this case, I would like to see comments
    on them.
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Postfix configuration in server with dynamic IP

[Dave Nebinger]

Hey, Romildo:

> I am looking for a posftix configuration for
> my computer, which receives a dynamic IP through
> adsl.

This is exactly the setup that I'm using.  I'd suggest getting an account
through dyndns.org.  You can update it using ez-ipudate when your local ip
address changes and, from external locations, will be able to verify name
lookups.  It also means that folks will be able to send you mail at
romildo@romildo.com or whatever your domain name would happen to be.
 
> Currently I am using postfix for sending mail from
> this computer, but most of the time the IP I
> receive from my ISP is blacklisted and is rejected
> on some destinations. So I want to use my ISP
> mail server for sending mail (with athentication).

There's a couple of steps that you'll need to take to get mail from your
system piped through your ISP:

1. /etc/postfix/sasl_passwd: Edit this file to include a line like:
	mail.myisp.net username:password
Obviously you'll need to use your own values.  After creating the file,
don't forget to run "postmap sasl_passwd" to create the map file for your
installation.

2. /etc/postfix/main.cf: In this file you'll need to update the section
where you find the relayhost keyword.  You'll end up setting up lines like
the following:

relayhost = mail.myisp.net
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=

After setting these values and cycling postfix you should now be relaying
all outgoing mail through your ISP, meanwhile your postfix smtp service will
still be open to receive incoming mail.

If you check the headers on this message you should see that it's
originating from my server (mail.joat.com) but is routing through verizon
(my isp) before going off to the world.

VERY IMPORTANT NOTE: Be sure that you're not running an open mail relay
(lots of info via google about how to ensure postfix is not an open mail
relay).  Once this setup is complete, if you were open, spammers could route
mail through your server which relays through your ISP.  From your ISP's
perspective you're sending the spam yourself and they could throw you
offline.

Anyways if you need some help getting postfix working under this
configuration, give me a holler, I'm happy to help.

Re: other smtp servers for this purpose, I think you're stuck with the big
3: sendmail, postfix, and qmail.  Sendmail has it's historical issues, and
IMHO qmail with it's messed-up dependencies on daemontools is not worth the
learning curve.

Stick with postfix, it's the obvious solution to your situation, it works
for me and will work for you too.



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Postfix configuration in server with dynamic IP

[romildo]

On Tue, Sep 06, 2005 at 10:01:18AM -0400, Dave Nebinger wrote:
> Hey, Romildo:
> 
> > I am looking for a posftix configuration for
> > my computer, which receives a dynamic IP through
> > adsl.
> 
> This is exactly the setup that I'm using.  I'd suggest getting an account
> through dyndns.org.  You can update it using ez-ipudate when your local ip
> address changes and, from external locations, will be able to verify name
> lookups.  It also means that folks will be able to send you mail at
> romildo@romildo.com or whatever your domain name would happen to be.

Currently I am using a similar setup. My computer gets
a valid hostname from no-ip (malaquias.no-ip.org).

But I change the "From:" header line on the messages I
send (setting smtp_generic_maps in postfix config)
so that I get replies through my ISP.

My main problem is that ...

> > Currently I am using postfix for sending mail from
> > this computer, but most of the time the IP I
> > receive from my ISP is blacklisted and is rejected
> > on some destinations. So I want to use my ISP
> > mail server for sending mail (with athentication).

This blacklisted IP I receive from my ISP is
a problem I do not know how to solve.

> There's a couple of steps that you'll need to take to get mail from your
> system piped through your ISP:
> 
> 1. /etc/postfix/sasl_passwd: Edit this file to include a line like:
> 	mail.myisp.net username:password

Is it possible to use different authentications
for diferent users on my computers? There are
5 users, and each user has his own email account
in the ISP.

[...] 
> VERY IMPORTANT NOTE: Be sure that you're not running an open mail relay
> (lots of info via google about how to ensure postfix is not an open mail
> relay).  Once this setup is complete, if you were open, spammers could route
> mail through your server which relays through your ISP.  From your ISP's
> perspective you're sending the spam yourself and they could throw you
> offline.

Is the following lines in main.cf enough to prevent that?

	mynetworks_style = host
	relay_domains = 

Romildo
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Postfix configuration in server with dynamic IP

[Dave Nebinger]

> My main problem is that ...
> 
> > > Currently I am using postfix for sending mail from
> > > this computer, but most of the time the IP I
> > > receive from my ISP is blacklisted and is rejected
> > > on some destinations. So I want to use my ISP
> > > mail server for sending mail (with athentication).
> 
> This blacklisted IP I receive from my ISP is
> a problem I do not know how to solve.

That's how the relayhost option in main.cf comes into play.  All email
originating from your server will be routed through the ISP's mail server
which should not be blacklisted.

So all of your email, regardless of where it is going, will pass up through
your ISP's mail server to be delivered along to the final destination.

> > There's a couple of steps that you'll need to take to get mail from your
> > system piped through your ISP:
> >
> > 1. /etc/postfix/sasl_passwd: Edit this file to include a line like:
> > 	mail.myisp.net username:password
> 
> Is it possible to use different authentications
> for diferent users on my computers? There are
> 5 users, and each user has his own email account
> in the ISP.

All you're doing with this configuration is passing email from your server
up to the ISP for delivery to the final destination; it is not going to be
altered by the ISP's mail server to change who the message originates from,
so it doesn't matter which account the email passes through.
 
> [...]
> > VERY IMPORTANT NOTE: Be sure that you're not running an open mail relay
> > (lots of info via google about how to ensure postfix is not an open mail
> > relay).  Once this setup is complete, if you were open, spammers could
> route
> > mail through your server which relays through your ISP.  From your ISP's
> > perspective you're sending the spam yourself and they could throw you
> > offline.
> 
> Is the following lines in main.cf enough to prevent that?
> 
> 	mynetworks_style = host
> 	relay_domains =

Nope, you'll want to check http://www.postfix.org/SMTPD_ACCESS_README.html
for info regarding relays.  It basically controls who can relay mail through
the server.  For example, I'm actually away from home but can relay through
my box because I've got it set up to allow my authenticated smtp relay
connection.



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Postfix configuration in server with dynamic IP

[romildo]

On Tue, Sep 06, 2005 at 11:43:50AM -0400, Dave Nebinger wrote:
> > > VERY IMPORTANT NOTE: Be sure that you're not running an open mail relay
> > > (lots of info via google about how to ensure postfix is not an open mail
> > > relay).  Once this setup is complete, if you were open, spammers could
> > route
> > > mail through your server which relays through your ISP.  From your ISP's
> > > perspective you're sending the spam yourself and they could throw you
> > > offline.
> > 
> > Is the following lines in main.cf enough to prevent that?
> > 
> > 	mynetworks_style = host
> > 	relay_domains =
> 
> Nope, you'll want to check http://www.postfix.org/SMTPD_ACCESS_README.html
> for info regarding relays.  It basically controls who can relay mail through
> the server.  For example, I'm actually away from home but can relay through
> my box because I've got it set up to allow my authenticated smtp relay
> connection.

I have checked that URL, but I am finding it difficult to
digest. Maybe you could tell me what to put in my
postfix configuration to prevent it from being an
open relay. It is being used in this only machine.

I already have in my main.cf configuration file:

  # Don't relay mail from other hosts.
  mynetworks_style = host
  relay_domains = 
  
  # Route all outgoing mail to your network provider.
  relayhost = [smtp.uber.com.br]
  smtp_sasl_auth_enable = yes
  smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  smtp_sasl_security_options = 
  
  # Hosts without a real Internet hostname
  smtp_generic_maps = hash:/etc/postfix/generic

Regards,

Romildo
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] Postfix configuration in server with dynamic IP

[Ow Mun Heng]

On Tue, 2005-09-06 at 11:43 -0400, Dave Nebinger wrote:
> > My main problem is that ...
> > 
> > > > Currently I am using postfix for sending mail from
> > > > this computer, but most of the time the IP I
> > > > receive from my ISP is blacklisted and is rejected
> > > > on some destinations. So I want to use my ISP
> > > > mail server for sending mail (with athentication).
> > 
> > This blacklisted IP I receive from my ISP is
> > a problem I do not know how to solve.
> 
> That's how the relayhost option in main.cf comes into play.  All email
> originating from your server will be routed through the ISP's mail server
> which should not be blacklisted.

Use this
fallback_relay (default: empty)
       Optional list of relay hosts for SMTP destinations that can't be
found or that are  unreachable.

       By  default, mail is returned to the sender when a destination is
not found, and delivery is deferred if a destination is unreachable.

       The  fallback  relays  must  be  SMTP  destinations.  Specify  a
domain,  host,  host:port, [host]:port,  [address]  or  [address]:port;
the  form [host] turns off MX lookups.  If you specify multiple SMTP
destinations, Postfix will try them in the specified order.



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Postfix configuration in server with dynamic IP

[John Jolet]

On Tuesday 06 September 2005 08:24, romildo@uber.com.br wrote:
> Hello.
>
> I am looking for a posftix configuration for
> my computer, which receives a dynamic IP through
> adsl.
>
> Currently I am using postfix for sending mail from
> this computer, but most of the time the IP I
> receive from my ISP is blacklisted and is rejected
> on some destinations. So I want to use my ISP
> mail server for sending mail (with athentication).
>
> Maybe someone can send me a postfix configuration
> for that.
just add the destination pattern to /etc/postfix/transport (for instance 
sbcglobal.net smtp:smtp-server.austin.rr.com, is what I have for one, since 
my "official" smtp server is stmp-server.austin.rr.com).  then run postmap 
transport and reload postfix.
-- 
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
john@jolet.net
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Postfix configuration in server with dynamic IP

[Nick Rout]

Of course you could all just RTFM:

http://www.postfix.org/BASIC_CONFIGURATION_README.html#relayhost

"What delivery method: direct or indirect  
By default, Postfix tries to deliver mail directly to the Internet.
Depending on your local conditions this may not be possible or
desirable. For example, your system may be turned off outside office
hours, it may be behind a firewall, or it may be connected via a
provider who does not allow direct mail to the Internet. In those cases
you need to configure Postfix to deliver mail indirectly via a relay
host. 

Examples (specify only one of the following): 

        /etc/postfix/main.cf:
            relayhost =                   (default: direct delivery to Internet)
            relayhost = $mydomain         (deliver via local mailhub)
            relayhost = [mail.$mydomain]  (deliver via local mailhub)
            relayhost = [mail.isp.tld]    (deliver via provider mailhub)

The form enclosed with [] eliminates DNS MX lookups. Don't worry if you
don't know what that means. Just be sure to specify the [] around the
mailhub hostname that your ISP gave to you, otherwise mail may be
mis-delivered. "

Then postfix will relay all mail through your ISP, just like any old
mail client that is set to your ISP's smtp server.


On Tue, 2005-09-06 at 10:18 -0500, John Jolet wrote:
> On Tuesday 06 September 2005 08:24, romildo@uber.com.br wrote:
> > Hello.
> >
> > I am looking for a posftix configuration for
> > my computer, which receives a dynamic IP through
> > adsl.
> >
> > Currently I am using postfix for sending mail from
> > this computer, but most of the time the IP I
> > receive from my ISP is blacklisted and is rejected
> > on some destinations. So I want to use my ISP
> > mail server for sending mail (with athentication).
> >
> > Maybe someone can send me a postfix configuration
> > for that.
> just add the destination pattern to /etc/postfix/transport (for instance 
> sbcglobal.net smtp:smtp-server.austin.rr.com, is what I have for one, since 
> my "official" smtp server is stmp-server.austin.rr.com).  then run postmap 
> transport and reload postfix.
> -- 
> John Jolet
> Your On-Demand IT Department
> 512-762-0729
> www.jolet.net
> john@jolet.net
-- 
Nick Rout <nick@rout.co.nz>

-- 
gentoo-user@gentoo.org mailing list