Loading ...
Sorry, an error occurred while loading the content.

Re: Something like address based relay just the other way around

Expand Messages
  • Wietse Venema
    tobi: [ Charset ISO-8859-1 unsupported, converting... ] ... Then you made too many transport map entries. Wietse
    Message 1 of 7 , Nov 30, 2009
    • 0 Attachment
      tobi:
      [ Charset ISO-8859-1 unsupported, converting... ]
      > Wietse Venema schrieb:
      > > Tobi:
      > >
      > >> Hello
      > >>
      > >> I just wonder whether my idea is technically possible to fullfill with
      > >> Postfix. I already use sender based relaying which works fine.
      > >> My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
      > >> would say for 80% of the receivers is no problem to send the emails
      > >> directly (direct-mx). Some domains or receivers do not accept this due to
      > >> dynamic IP block. No problem I thought I could set up a receiver-based
      > >> relay, but unfortunatly I did not find anything about it in Postfix doc
      > >> (maybe I looked for the wrong keywords).
      > >
      > > See this URL: http://www.postfix.org/transport.5.html
      > >
      > > If I am not mistaken, this has precedence over sender-dependent features.
      >
      > I tried according to Wietse's link to the manual and it works 50% ;-)
      > The email is properly forwarded according to receivers domain with the
      > values in transport conf file
      > But now Postfix has no user details to perform a SMTP Authentication at
      > the defined relay server. smtp tries to relay without auth which my
      > providers server don't like. If I'm using sender_dependent_relay then

      Then you made too many transport map entries.

      Wietse
    • tobi
      ... Thanks for your patience :-) But I only have two entries in transport which look like this cat /opt/etc/postfix/transport | grep -v # postfix.org
      Message 2 of 7 , Nov 30, 2009
      • 0 Attachment
        Wietse Venema schrieb:
        > tobi:
        > [ Charset ISO-8859-1 unsupported, converting... ]
        >
        >> Wietse Venema schrieb:
        >>
        >>> Tobi:
        >>>
        >>>
        >>>> Hello
        >>>>
        >>>> I just wonder whether my idea is technically possible to fullfill with
        >>>> Postfix. I already use sender based relaying which works fine.
        >>>> My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
        >>>> would say for 80% of the receivers is no problem to send the emails
        >>>> directly (direct-mx). Some domains or receivers do not accept this due to
        >>>> dynamic IP block. No problem I thought I could set up a receiver-based
        >>>> relay, but unfortunatly I did not find anything about it in Postfix doc
        >>>> (maybe I looked for the wrong keywords).
        >>>>
        >>> See this URL: http://www.postfix.org/transport.5.html
        >>>
        >>> If I am not mistaken, this has precedence over sender-dependent features.
        >>>
        >> I tried according to Wietse's link to the manual and it works 50% ;-)
        >> The email is properly forwarded according to receivers domain with the
        >> values in transport conf file
        >> But now Postfix has no user details to perform a SMTP Authentication at
        >> the defined relay server. smtp tries to relay without auth which my
        >> providers server don't like. If I'm using sender_dependent_relay then
        >>
        >
        > Then you made too many transport map entries.
        >
        > Wietse
        >
        >
        Thanks for your patience :-)
        But I only have two entries in transport which look like this

        cat /opt/etc/postfix/transport | grep -v "#"
        postfix.org smtp:[smtp.mysip.ch]:587
        domain.tld smtp:[smtp.myotherisp.ch]:587

        And only once in the config (main.cf transport_maps...).
        I can see the unauthorized relay attempts with myisp.ch/myotherisp.ch in
        the Postfix logs. So I assume that no login credentials were used. Is
        transport meant to use the data from sender_relay and sasl_passwd files
        to login to the relay servers?

        Regards

        tobi
      • tobi
        ... Problem found 30cm in front of the screen. After changing the transport postfix.org smtp:[smtp.mysip.ch]:submission domain.tld
        Message 3 of 7 , Nov 30, 2009
        • 0 Attachment
          tobi schrieb:
          > Wietse Venema schrieb:
          >
          >> tobi:
          >> [ Charset ISO-8859-1 unsupported, converting... ]
          >>
          >>
          >>> Wietse Venema schrieb:
          >>>
          >>>
          >>>> Tobi:
          >>>>
          >>>>
          >>>>
          >>>>> Hello
          >>>>>
          >>>>> I just wonder whether my idea is technically possible to fullfill with
          >>>>> Postfix. I already use sender based relaying which works fine.
          >>>>> My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
          >>>>> would say for 80% of the receivers is no problem to send the emails
          >>>>> directly (direct-mx). Some domains or receivers do not accept this due to
          >>>>> dynamic IP block. No problem I thought I could set up a receiver-based
          >>>>> relay, but unfortunatly I did not find anything about it in Postfix doc
          >>>>> (maybe I looked for the wrong keywords).
          >>>>>
          >>>>>
          >>>> See this URL: http://www.postfix.org/transport.5.html
          >>>>
          >>>> If I am not mistaken, this has precedence over sender-dependent features.
          >>>>
          >>>>
          >>> I tried according to Wietse's link to the manual and it works 50% ;-)
          >>> The email is properly forwarded according to receivers domain with the
          >>> values in transport conf file
          >>> But now Postfix has no user details to perform a SMTP Authentication at
          >>> the defined relay server. smtp tries to relay without auth which my
          >>> providers server don't like. If I'm using sender_dependent_relay then
          >>>
          >>>
          >> Then you made too many transport map entries.
          >>
          >> Wietse
          >>
          >>
          >>
          > Thanks for your patience :-)
          > But I only have two entries in transport which look like this
          >
          > cat /opt/etc/postfix/transport | grep -v "#"
          > postfix.org smtp:[smtp.mysip.ch]:587
          > domain.tld smtp:[smtp.myotherisp.ch]:587
          >
          > And only once in the config (main.cf transport_maps...).
          > I can see the unauthorized relay attempts with myisp.ch/myotherisp.ch in
          > the Postfix logs. So I assume that no login credentials were used. Is
          > transport meant to use the data from sender_relay and sasl_passwd files
          > to login to the relay servers?
          >
          > Regards
          >
          > tobi
          >
          Problem found 30cm in front of the screen.
          After changing the transport

          postfix.org smtp:[smtp.mysip.ch]:submission
          domain.tld smtp:[smtp.myotherisp.ch]:submission

          it works. I thought :587 would be the same as :submission
        • Victor Duchovni
          ... It is, essentially, the difference is that :submission can break if your /etc/services is incomplete, NIS is not working, ... while the 587, works all
          Message 4 of 7 , Nov 30, 2009
          • 0 Attachment
            On Mon, Nov 30, 2009 at 11:02:22PM +0100, tobi wrote:

            > > cat /opt/etc/postfix/transport | grep -v "#"
            > > postfix.org smtp:[smtp.mysip.ch]:587
            > > domain.tld smtp:[smtp.myotherisp.ch]:587
            >
            > Problem found 30cm in front of the screen.
            > After changing the transport
            >
            > postfix.org smtp:[smtp.mysip.ch]:submission
            > domain.tld smtp:[smtp.myotherisp.ch]:submission
            >
            > it works. I thought :587 would be the same as :submission

            It is, essentially, the difference is that ":submission" can break if
            your /etc/services is incomplete, NIS is not working, ... while the 587,
            works all the time.

            The other difference is that by changing the nexthop, you have also
            changed the lookup key for smtp_sasl_password_maps, smtp_tls_policy_maps,
            and any other per-destination SMTP client tables.

            You may have incorrect data for the ":587" lookup key in some cases.

            Finally, changing the table source, may have resulted in an actual update
            of the index file via "postmap", previously not carried out correctly.

            --
            Viktor.

            Disclaimer: off-list followups get on-list replies or get ignored.
            Please do not ignore the "Reply-To" header.

            To unsubscribe from the postfix-users list, visit
            http://www.postfix.org/lists.html or click the link below:
            <mailto:majordomo@...?body=unsubscribe%20postfix-users>

            If my response solves your problem, the best way to thank me is to not
            send an "it worked, thanks" follow-up. If you must respond, please put
            "It worked, thanks" in the "Subject" so I can delete these quickly.
          Your message has been successfully submitted and would be delivered to recipients shortly.