[gentoo-user] Setting up SMTP relay

[gentoo-user] Setting up SMTP relay

[Alex Schuster]

Hi there!

On my desktop PC, I have set up ssmtp with access data for my mail
server, so things like smartmontools or portage can send me emails.

This is working fine. But there are other PCs in the LAN, which I would
also like to get status emails from. Being not the only one with root
access there, I do not want to duplicate the ssmtp setup because of the
password stored in ssmtp.conf.

Is there an easy solution? Like setting up a simple SMTP server on my
desktop PC, that accepts connections from the LAN and forwards mails to
my external mail server?

I once had courier running, but did not really understand the
configuration, and would not really like to set it up again. Or dovecot,
which I heard good things about, so I would prefer it now. But maybe the
default configuration only needs few changes for my purpose? Or maybe
there is another simple tool that does just what I want?

It's nothing important, so if there's no simple solution, I'll just skip
this and check the logs from time to time.

	Wonko

Re: [gentoo-user] Setting up SMTP relay

[kashani]

On 1/22/2011 1:34 PM, Alex Schuster wrote:
> Hi there!
>
> On my desktop PC, I have set up ssmtp with access data for my mail
> server, so things like smartmontools or portage can send me emails.
>
> This is working fine. But there are other PCs in the LAN, which I would
> also like to get status emails from. Being not the only one with root
> access there, I do not want to duplicate the ssmtp setup because of the
> password stored in ssmtp.conf.
>
> Is there an easy solution? Like setting up a simple SMTP server on my
> desktop PC, that accepts connections from the LAN and forwards mails to
> my external mail server?
>
> I once had courier running, but did not really understand the
> configuration, and would not really like to set it up again. Or dovecot,
> which I heard good things about, so I would prefer it now. But maybe the
> default configuration only needs few changes for my purpose? Or maybe
> there is another simple tool that does just what I want?
>
> It's nothing important, so if there's no simple solution, I'll just skip
> this and check the logs from time to time.
>
> 	Wonko
>

I handle it with Postfix. Dovecot is only imap and won't accept main 
directly.

1. install postfix with USE sasl or devecot-sasl, I don't believe it 
matters which. Add the following lines to the bottom of 
/etc/postfix/main.cf and fill in your hostname, domain, etc as needed.

# local settings
myhostname = host.domain.com
mydomain = domain.com
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = subnet
mynetworks = 127.0.0.0/8 10.19.20.0/24

smtpd_recipient_restrictions =
#        reject_non_fqdn_recipient
#        reject_non_fqdn_sender
#        reject_unknown_recipient_domain
         permit_mynetworks
         reject_unauth_destination
         permit

I commented out some of the checks above. Enable them if they'll work in 
your environment. I recommend at least reject_unknown_recipient_domain 
which doesn't allow recipients to domains that don't exist.

2. run sudo newaliases
	Postfix bitches if the /etc/mail/aliases.db doesn't exist and will hang 
on start.

3. Verify postfix works, isn't complaining in the logs, etc.
	Make sure it's up and running. That you can telnet to port 25 from 
another machine and even send to a local user on your machine.

4. Add the user/pass stuff to the bottom of /etc/postfix/main.cf

# relay host and credentials
relayhost = [my.external.relayhost.com]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl.passwd
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options = noanonymous

/etc/postfix/sasl.passwd
[my.external.relayhost.com]  myusername@relayhost.com:my_secure_passwd

sudo postmap /etc/postfix/sasl.passwd

sudo /etc/init.d/postfix restart

Things to remember. You need to restart Postfix is your change the 
password because it caches it. Also the relayhost name needs to match 
*exactly* between the passwd file and main.cf.

5. Once you're this far it's time to test all the way through.

make sure you can send from the localhost machine
sendmail -v some@address.com
.

Once you're sure that works test from another machine on the network. 
Ideally it should just work if you've done all the steps.

kashani

Re: [gentoo-user] Setting up SMTP relay

[Alex Schuster]

kashani writes:

> On 1/22/2011 1:34 PM, Alex Schuster wrote:

> I handle it with Postfix. Dovecot is only imap and won't accept main 
> directly.

Whoops.

> 1. install postfix with USE sasl or devecot-sasl, I don't believe it 
> matters which. Add the following lines to the bottom of 
> /etc/postfix/main.cf and fill in your hostname, domain, etc as needed.
> 
> # local settings
> myhostname = host.domain.com
> mydomain = domain.com
> myorigin = $myhostname
> inet_interfaces = all
> mydestination = $myhostname, localhost.$mydomain, localhost
> mynetworks_style = subnet
> mynetworks = 127.0.0.0/8 10.19.20.0/24

I left most items commented out as they are the same as the default, I
only had to set mydomain, although dnsdomainname and hostname -d both
return wonkology.org.

> 2. run sudo newaliases
> 	Postfix bitches if the /etc/mail/aliases.db doesn't exist and will hang 
> on start.
> 
> 3. Verify postfix works, isn't complaining in the logs, etc.
> 	Make sure it's up and running. That you can telnet to port 25 from 
> another machine and even send to a local user on your machine.

Looks good!

> 4. Add the user/pass stuff to the bottom of /etc/postfix/main.cf
> 
> # relay host and credentials
> relayhost = [my.external.relayhost.com]
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl.passwd
> smtp_sasl_mechanism_filter = digest-md5
> smtp_sasl_security_options = noanonymous

I need TLS authentication, and found what I need in a howto:
smtp_sasl_tls_security_level = may
And I removed smtp_sasl_mechanism_filter.

> 5. Once you're this far it's time to test all the way through.
> 
> make sure you can send from the localhost machine
> sendmail -v some@address.com
> .
> 
> Once you're sure that works test from another machine on the network. 
> Ideally it should just work if you've done all the steps.

Relaying does not work yet, I get a "Relay access denied (in reply to
RCPT TO command)" error. But my initial goal is reached, I can send mail
to {root,wonko}@wonkology.org. That's all I wanted.

Many many thanks kashani! Your howto is much more than I expected, it is
much appreciated. I realize that postfix is not too complicated, so I
will play more with it when I have some spare time.

	Wonko

Re: [gentoo-user] Setting up SMTP relay

[kashani]

On 1/23/2011 11:23 AM, Alex Schuster wrote:
>
> Relaying does not work yet, I get a "Relay access denied (in reply to
> RCPT TO command)" error. But my initial goal is reached, I can send mail
> to {root,wonko}@wonkology.org. That's all I wanted.
>
> Many many thanks kashani! Your howto is much more than I expected, it is
> much appreciated. I realize that postfix is not too complicated, so I
> will play more with it when I have some spare time.
>

	Postifx is definitely worth the investment and people always seem 
surprised to find that 5-15 lines of config is all they need. You're 
welcome for the config. I spent most of last week learning the ins and 
out of authentication and relay hosts that hard way when I changed the 
domain of our servers and needed to update everything.

	I'm using a lot of EC2 machines and didn't want to maintain IP lists so 
I auth all servers trying to relay against my two Postfix servers. This 
config reflects that and might need some changes for your environment.

kashani

Re: [gentoo-user] Setting up SMTP relay

[Alan McKinnon]

Apparently, though unproven, at 21:56 on Sunday 23 January 2011, kashani did 
opine thusly:

> On 1/23/2011 11:23 AM, Alex Schuster wrote:
> > Relaying does not work yet, I get a "Relay access denied (in reply to
> > RCPT TO command)" error. But my initial goal is reached, I can send mail
> > to {root,wonko}@wonkology.org. That's all I wanted.
> > 
> > Many many thanks kashani! Your howto is much more than I expected, it is
> > much appreciated. I realize that postfix is not too complicated, so I
> > will play more with it when I have some spare time.
> 
> 	Postifx is definitely worth the investment and people always seem
> surprised to find that 5-15 lines of config is all they need. You're
> welcome for the config. I spent most of last week learning the ins and
> out of authentication and relay hosts that hard way when I changed the
> domain of our servers and needed to update everything.
> 
> 	I'm using a lot of EC2 machines and didn't want to maintain IP lists 
so
> I auth all servers trying to relay against my two Postfix servers. This
> config reflects that and might need some changes for your environment.
> 
> kashani


Side note: 

Agreed on Postfix.

I always think of the Postfix devs as people who take Unix philosophy 
seriously. The code does one thing and does it very very well:

It sends and receives mail. It receives it in a way that is hard to hurt the 
sender and hard to crash Postfix, and sends it in a way that does not hurt 
itself and does not hurt the recipient. Oh, and it natively does a few sanity 
checks on the sender, mostly because it's convenient to do it there.

And the config is simplicity itself - define a hostname, domain and a few 
other things and the odds are excellent it will work well out of the box as 
one of the few setups that 98% of people with mail servers want.

It manages it's own queues beautifully. But, and this makes me sad, it doesn't 
really want *me* to manage it's queues. Border controls are hard, and finding 
the 1,000 mails some idiot with a Windows bot just sent, and deleting them, is 
really hard.

I'm redesigning our mail setup at work,a nd I'm going to do it with exim *and* 
Postfix. Exim is the front end I can see, work with, and manage. Exim sends on 
to Postfix as fast as it can, and Postfix transparently relays to recipient. I 
get best of both worlds :-)

Now let's contrast Postfix with sendmail. No, wait, let's rather not....


-- 
alan dot mckinnon at gmail dot com

[gentoo-user] Re: Setting up SMTP relay

[walt]

On 01/23/2011 12:20 PM, Alan McKinnon wrote:

> I always think of the Postfix devs as people who take Unix philosophy
> seriously. The code does one thing and does it very very well:

Are you accusing sendmail of being an OS that lacks only a good mailer?

Re: [gentoo-user] Re: Setting up SMTP relay

[Alan McKinnon]

Apparently, though unproven, at 22:48 on Sunday 23 January 2011, walt did 
opine thusly:

> On 01/23/2011 12:20 PM, Alan McKinnon wrote:
> > I always think of the Postfix devs as people who take Unix philosophy
> 
> > seriously. The code does one thing and does it very very well:
> Are you accusing sendmail of being an OS that lacks only a good mailer?


Well, no, not deliberately.

But now that you mention it ...


-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Setting up SMTP relay

[kashani]

On 1/23/2011 12:20 PM, Alan McKinnon wrote:
>
> It manages it's own queues beautifully. But, and this makes me sad, it doesn't
> really want *me* to manage it's queues. Border controls are hard, and finding
> the 1,000 mails some idiot with a Windows bot just sent, and deleting them, is
> really hard.
>
> I'm redesigning our mail setup at work,a nd I'm going to do it with exim *and*
> Postfix. Exim is the front end I can see, work with, and manage. Exim sends on
> to Postfix as fast as it can, and Postfix transparently relays to recipient. I
> get best of both worlds :-)

	I can't say I've ever needed anything more than mailq | grep |awk  | 
postsuper -d - in order to delete mail from the Postfix queues. What 
sort of things are your trying to do other than delete a lot of spam or 
bounces?

kashani

Re: [gentoo-user] Setting up SMTP relay

[Alan McKinnon]

Apparently, though unproven, at 02:02 on Monday 24 January 2011, kashani did 
opine thusly:

> On 1/23/2011 12:20 PM, Alan McKinnon wrote:
> > It manages it's own queues beautifully. But, and this makes me sad, it
> > doesn't really want *me* to manage it's queues. Border controls are
> > hard, and finding the 1,000 mails some idiot with a Windows bot just
> > sent, and deleting them, is really hard.
> > 
> > I'm redesigning our mail setup at work,a nd I'm going to do it with exim
> > *and* Postfix. Exim is the front end I can see, work with, and manage.
> > Exim sends on to Postfix as fast as it can, and Postfix transparently
> > relays to recipient. I get best of both worlds :-)
> 
> 	I can't say I've ever needed anything more than mailq | grep |awk  |
> postsuper -d - in order to delete mail from the Postfix queues. What
> sort of things are your trying to do other than delete a lot of spam or
> bounces?

First, our internal mail system deals with about 3,000,000 mails a day Mon-Thu 
so grep | postsuper is a tad inadequate, even if just on the basis of volume

The basic tools are fine as long as you understand what they are dealing with 
- raw text. As soon as you run mailq you have text, you no longer have 
intelligence about what that text means. So you need lots of grep-fu.

I can't control what the users mail out, sometimes they have automated systems 
that do silly things like send 10,000 notifications an hour to an SMS gateway 
when they cocked up Nagios. Finding the dodgy ones is no fun when there's a 
lot of perfectly valid ones in the mix too, and grep doesn't help much other 
than blindly selecting text matches.

There's lots more examples, but they all follow a similar theme.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Setting up SMTP relay

[kashani]

On 1/23/2011 4:26 PM, Alan McKinnon wrote:
> Apparently, though unproven, at 02:02 on Monday 24 January 2011, kashani did
> opine thusly:
>
>> On 1/23/2011 12:20 PM, Alan McKinnon wrote:
>>> It manages it's own queues beautifully. But, and this makes me sad, it
>>> doesn't really want *me* to manage it's queues. Border controls are
>>> hard, and finding the 1,000 mails some idiot with a Windows bot just
>>> sent, and deleting them, is really hard.
>>>
>>> I'm redesigning our mail setup at work,a nd I'm going to do it with exim
>>> *and* Postfix. Exim is the front end I can see, work with, and manage.
>>> Exim sends on to Postfix as fast as it can, and Postfix transparently
>>> relays to recipient. I get best of both worlds :-)
>>
>> 	I can't say I've ever needed anything more than mailq | grep |awk  |
>> postsuper -d - in order to delete mail from the Postfix queues. What
>> sort of things are your trying to do other than delete a lot of spam or
>> bounces?
>
> First, our internal mail system deals with about 3,000,000 mails a day Mon-Thu
> so grep | postsuper is a tad inadequate, even if just on the basis of volume
>
> The basic tools are fine as long as you understand what they are dealing with
> - raw text. As soon as you run mailq you have text, you no longer have
> intelligence about what that text means. So you need lots of grep-fu.
>
> I can't control what the users mail out, sometimes they have automated systems
> that do silly things like send 10,000 notifications an hour to an SMS gateway
> when they cocked up Nagios. Finding the dodgy ones is no fun when there's a
> lot of perfectly valid ones in the mix too, and grep doesn't help much other
> than blindly selecting text matches.
>
> There's lots more examples, but they all follow a similar theme.
>

	Thanks for the extra detail, I found what you're describing very 
interesting. I've never dealt with Postfix with more than a couple 
hundred internal users and more often as spam our customers system. 
Other than the occasional Nagios blasts I haven't had to deal with much 
of this.
	In regards to controlling what users send is it feasible to use a 
policy server for rate limiting them? The ability to use an extra lookup 
service to decide whether to access main, filter it, allow relay, etc is 
one of the things I think Postfix does well. However I suspect the 
management and hand holding of a rate limit system would create more 
overhead than cleaning out the queue periodically.

kashani

Re: [gentoo-user] Setting up SMTP relay

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 2974 bytes --]

On Monday 24 January 2011 01:22:09 kashani wrote:
> On 1/23/2011 4:26 PM, Alan McKinnon wrote:
> > Apparently, though unproven, at 02:02 on Monday 24 January 2011, kashani
> > did
> > 
> > opine thusly:
> >> On 1/23/2011 12:20 PM, Alan McKinnon wrote:
> >>> It manages it's own queues beautifully. But, and this makes me sad, it
> >>> doesn't really want *me* to manage it's queues. Border controls are
> >>> hard, and finding the 1,000 mails some idiot with a Windows bot just
> >>> sent, and deleting them, is really hard.
> >>> 
> >>> I'm redesigning our mail setup at work,a nd I'm going to do it with
> >>> exim *and* Postfix. Exim is the front end I can see, work with, and
> >>> manage. Exim sends on to Postfix as fast as it can, and Postfix
> >>> transparently relays to recipient. I get best of both worlds :-)
> >>> 
> >> 	I can't say I've ever needed anything more than mailq | grep |awk  |
> >> 
> >> postsuper -d - in order to delete mail from the Postfix queues. What
> >> sort of things are your trying to do other than delete a lot of spam or
> >> bounces?
> > 
> > First, our internal mail system deals with about 3,000,000 mails a day
> > Mon-Thu so grep | postsuper is a tad inadequate, even if just on the
> > basis of volume
> > 
> > The basic tools are fine as long as you understand what they are dealing
> > with - raw text. As soon as you run mailq you have text, you no longer
> > have intelligence about what that text means. So you need lots of
> > grep-fu.
> > 
> > I can't control what the users mail out, sometimes they have automated
> > systems that do silly things like send 10,000 notifications an hour to
> > an SMS gateway when they cocked up Nagios. Finding the dodgy ones is no
> > fun when there's a lot of perfectly valid ones in the mix too, and grep
> > doesn't help much other than blindly selecting text matches.
> > 
> > There's lots more examples, but they all follow a similar theme.
> 
> 	Thanks for the extra detail, I found what you're describing very
> interesting. I've never dealt with Postfix with more than a couple
> hundred internal users and more often as spam our customers system.
> Other than the occasional Nagios blasts I haven't had to deal with much
> of this.
> 	In regards to controlling what users send is it feasible to use a
> policy server for rate limiting them? The ability to use an extra lookup
> service to decide whether to access main, filter it, allow relay, etc is
> one of the things I think Postfix does well. However I suspect the
> management and hand holding of a rate limit system would create more
> overhead than cleaning out the queue periodically.

[Off-topic] Can't you set up nagios to only send out a single alert when a 
monitored variable goes down - can't remember the parameter off hand but 
that's what I did when the default nagios setting proved to be too trigger 
happy for the users' needs.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Setting up SMTP relay

[Alan McKinnon]

Apparently, though unproven, at 03:22 on Monday 24 January 2011, kashani did 
opine thusly:

> > There's lots more examples, but they all follow a similar theme.
> 
>         Thanks for the extra detail, I found what you're describing very 
> interesting. I've never dealt with Postfix with more than a couple 
> hundred internal users and more often as spam our customers system. 
> Other than the occasional Nagios blasts I haven't had to deal with much 
> of this.
>         In regards to controlling what users send is it feasible to use a 
> policy server for rate limiting them? The ability to use an extra lookup 
> service to decide whether to access main, filter it, allow relay, etc is 
> one of the things I think Postfix does well. However I suspect the 
> management and hand holding of a rate limit system would create more 
> overhead than cleaning out the queue periodically.

Your last sentence is the right one. 

Dealing with issues arising only when they arise is infinitely easier than 
trying to maintain some arb list of $STUFF just in case a minority of users 
misconfigure their boxes.

On the whole, our users send only valid mail and all of it must be allowed to 
pass.

The problems come in when a automated system mail goes beserk, usually causing 
loops. Not spam though, there's a rather large Cisco Ironport in front of my 
MTAs which deals with that.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Setting up SMTP relay

[Alan McKinnon]

Apparently, though unproven, at 09:00 on Monday 24 January 2011, Mick did 
opine thusly:

> On Monday 24 January 2011 01:22:09 kashani wrote:
> > On 1/23/2011 4:26 PM, Alan McKinnon wrote:
> > > Apparently, though unproven, at 02:02 on Monday 24 January 2011,
> > > kashani did
> > > 
> > > opine thusly:
> > >> On 1/23/2011 12:20 PM, Alan McKinnon wrote:
> > >>> It manages it's own queues beautifully. But, and this makes me sad,
> > >>> it doesn't really want *me* to manage it's queues. Border controls
> > >>> are hard, and finding the 1,000 mails some idiot with a Windows bot
> > >>> just sent, and deleting them, is really hard.
> > >>> 
> > >>> I'm redesigning our mail setup at work,a nd I'm going to do it with
> > >>> exim *and* Postfix. Exim is the front end I can see, work with, and
> > >>> manage. Exim sends on to Postfix as fast as it can, and Postfix
> > >>> transparently relays to recipient. I get best of both worlds :-)
> > >>> 
> > >> 	I can't say I've ever needed anything more than mailq | grep |awk  |
> > >> 
> > >> postsuper -d - in order to delete mail from the Postfix queues. What
> > >> sort of things are your trying to do other than delete a lot of spam
> > >> or bounces?
> > > 
> > > First, our internal mail system deals with about 3,000,000 mails a day
> > > Mon-Thu so grep | postsuper is a tad inadequate, even if just on the
> > > basis of volume
> > > 
> > > The basic tools are fine as long as you understand what they are
> > > dealing with - raw text. As soon as you run mailq you have text, you
> > > no longer have intelligence about what that text means. So you need
> > > lots of grep-fu.
> > > 
> > > I can't control what the users mail out, sometimes they have automated
> > > systems that do silly things like send 10,000 notifications an hour to
> > > an SMS gateway when they cocked up Nagios. Finding the dodgy ones is no
> > > fun when there's a lot of perfectly valid ones in the mix too, and grep
> > > doesn't help much other than blindly selecting text matches.
> > > 
> > > There's lots more examples, but they all follow a similar theme.
> > 	
> > 	Thanks for the extra detail, I found what you're describing very
> > 
> > interesting. I've never dealt with Postfix with more than a couple
> > hundred internal users and more often as spam our customers system.
> > Other than the occasional Nagios blasts I haven't had to deal with much
> > of this.
> > 
> > 	In regards to controlling what users send is it feasible to use a
> > 
> > policy server for rate limiting them? The ability to use an extra lookup
> > service to decide whether to access main, filter it, allow relay, etc is
> > one of the things I think Postfix does well. However I suspect the
> > management and hand holding of a rate limit system would create more
> > overhead than cleaning out the queue periodically.
> 
> [Off-topic] Can't you set up nagios to only send out a single alert when a
> monitored variable goes down - can't remember the parameter off hand but
> that's what I did when the default nagios setting proved to be too trigger
> happy for the users' needs.

I could do that for my Nagios instance, but don't want to. My Nagios instance 
is well-behaved, there are others which are not so much.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Setting up SMTP relay

[Walter Dnes]

On Sat, Jan 22, 2011 at 10:34:11PM +0100, Alex Schuster wrote

> This is working fine. But there are other PCs in the LAN, which I
> would also like to get status emails from. Being not the only one
> with root access there, I do not want to duplicate the ssmtp setup
> because of the password stored in ssmtp.conf.

??? What password in ssmtp.conf ???  My /etc/ssmtp/ssmtp.conf has 4
uncommented lines.  They are...

The "root=" entry
The "mailhub=" entry
The "hostname=" entry
FromLineOverride=YES

  That's it.  What setup are you using that requires a password in
ssmtp.conf?

-- 
Walter Dnes <waltdnes@waltdnes.org>

Re: [gentoo-user] Setting up SMTP relay

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1025 bytes --]

On Wednesday 26 January 2011 04:04:16 Walter Dnes wrote:
> On Sat, Jan 22, 2011 at 10:34:11PM +0100, Alex Schuster wrote
> 
> > This is working fine. But there are other PCs in the LAN, which I
> > would also like to get status emails from. Being not the only one
> > with root access there, I do not want to duplicate the ssmtp setup
> > because of the password stored in ssmtp.conf.
> 
> ??? What password in ssmtp.conf ???  My /etc/ssmtp/ssmtp.conf has 4
> uncommented lines.  They are...
> 
> The "root=" entry
> The "mailhub=" entry
> The "hostname=" entry
> FromLineOverride=YES
> 
>   That's it.  What setup are you using that requires a password in
> ssmtp.conf?

If you set it up to email you stuff using e.g. your email account, you would 
also need authentication credentials:

  AuthUser=waltdnes@waltdnes.org
  AuthPass=walters_secret_passwd

and to stop sending such info in the clear you would also use something like:

  UseSTARTTLS=YES

or 

  UseTLS=YES
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Setting up SMTP relay

[Stroller]

On 26/1/2011, at 6:46am, Mick wrote:
> On Wednesday 26 January 2011 04:04:16 Walter Dnes wrote:
>> On Sat, Jan 22, 2011 at 10:34:11PM +0100, Alex Schuster wrote
>> 
>>> This is working fine. But there are other PCs in the LAN, which I
>>> would also like to get status emails from. Being not the only one
>>> with root access there, I do not want to duplicate the ssmtp setup
>>> because of the password stored in ssmtp.conf.
>> 
>> ??? What password in ssmtp.conf ???  My /etc/ssmtp/ssmtp.conf has 4
>> uncommented lines.  They are...
>> ...
> 
> If you set it up to email you stuff using e.g. your email account, you would 
> also need authentication credentials:

Ya, but he's got a Postfix server listening on that LAN, so the other machines (using ssmtp) don't need to authenticate to that.

This thread has become far too complicated. Postfix can be set up editing only about 3 lines lines in its config file.

Stroller.

Re: [gentoo-user] Setting up SMTP relay

[kashani]

On 1/26/2011 1:07 AM, Stroller wrote:
>
> On 26/1/2011, at 6:46am, Mick wrote:
>> On Wednesday 26 January 2011 04:04:16 Walter Dnes wrote:
>>> On Sat, Jan 22, 2011 at 10:34:11PM +0100, Alex Schuster wrote
>>>
>>>> This is working fine. But there are other PCs in the LAN, which I
>>>> would also like to get status emails from. Being not the only one
>>>> with root access there, I do not want to duplicate the ssmtp setup
>>>> because of the password stored in ssmtp.conf.
>>>
>>> ??? What password in ssmtp.conf ???  My /etc/ssmtp/ssmtp.conf has 4
>>> uncommented lines.  They are...
>>> ...
>>
>> If you set it up to email you stuff using e.g. your email account, you would
>> also need authentication credentials:
>
> Ya, but he's got a Postfix server listening on that LAN, so the other machines (using ssmtp) don't need to authenticate to that.
>
> This thread has become far too complicated. Postfix can be set up editing only about 3 lines lines in its config file.
>
> Stroller.
>
>

	I dont't think you have followed the thread correctly. The OP did say 
he had a user/pass in his ssmtpd.conf which I assumed was for accessing 
the final relay host. That was the reason for the extra lines.

kashani

Re: [gentoo-user] Setting up SMTP relay

[Stroller]

On 26/1/2011, at 4:52pm, kashani wrote:
>>>> ...
>>>> ??? What password in ssmtp.conf ???  My /etc/ssmtp/ssmtp.conf has 4
>>>> uncommented lines.  They are...
>>>> ...
>>> 
>>> If you set it up to email you stuff using e.g. your email account, you would
>>> also need authentication credentials:
>> 
>> Ya, but he's got a Postfix server listening on that LAN, so the other machines (using ssmtp) don't need to authenticate to that.
>> 
>> This thread has become far too complicated. Postfix can be set up editing only about 3 lines lines in its config file.
> 
> 	I dont't think you have followed the thread correctly. The OP did say he had a user/pass in his ssmtpd.conf which I assumed was for accessing the final relay host. That was the reason for the extra lines.

Please forgive me if I'm mistaken, but I believe that was for accessing the external SMTP server belonging to the OP's ISP. 

Formerly the "main" box used ssmtp to do that, too. Now the main box has migrated to Postfix, so the other boxes on the LAN can just relay through that.

Stroller.

Re: [gentoo-user] Setting up SMTP relay

[Alex Schuster]

I wrote:

In case someone else also wants to setup this, here's the final steps to
make relaying work.

> Relaying does not work yet, I get a "Relay access denied (in reply to
> RCPT TO command)" error. But my initial goal is reached, I can send mail
> to {root,wonko}@wonkology.org. That's all I wanted.
> 
> Many many thanks kashani! Your howto is much more than I expected, it is
> much appreciated. I realize that postfix is not too complicated, so I
> will play more with it when I have some spare time.

Yesterday I had some. It took me a while to figure out what was wrong. I
read many howtos, but they all did not explain in detail how to
authenticate with another SMTP server, so postfix would act as a client.

It turned out that the error was simple: I had to change
  smtp_sasl_tls_security_level = may
to
  smtp_tls_security_level = may
. So, my relay config part of main.cf is this:

relayhost = [my.external.relay.host]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_cert_file = /etc/ssl/postfix/weird.pem

And I had to create the (self-signed) certificate. It's done like this:
openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout
/etc/ssl/postfix/weird.pem

I was told I had to set my name to my hostname, not sure if this is true.

Done. My host now acts as SMPT server, accepting connections without
password from the LAN. Now I can enable mail sending for the other
Gentoo systems here in make.conf. And in ssmtp.conf, so things like cron
can send status mails to me.

Thanks again Kashani, without you help I would not have tried this.

	Wonko