Loading ...
Sorry, an error occurred while loading the content.

Re: Send email for users from any location

Expand Messages
  • Dotan Cohen
    ... Thank you! ... Are you referring to this: #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o
    Message 1 of 8 , Jul 8 10:10 AM
    • 0 Attachment
      On Mon, Jul 8, 2013 at 5:27 PM, btb <btb@...> wrote:
      > instead of googling, simply use the postfix documentation that came with the
      > software. your goal is accomplished by implementing smtp auth, which
      > postfix offers by way of sasl authentication. to that end, this is
      > documented in SASL_README. i would recommend that you use dovecot rather
      > than cyrus for sasl. while SASL_README of course includes a fair amount of
      > documentation for the associated sasl software, you'll likely also want to
      > reference the documentation provided with that software as well.
      >

      Thank you!

      > on a related note, as this is for humans to send mail from their mail
      > clients, you'll want to configure a proper submission [port 587] service.
      > see the commented example in master.cf for a starting point. smtp auth
      > should be offered only via the submission service, and not via mx service
      > [port 25]. additionally, encryption should be required for submission
      > traffic.
      >

      Are you referring to this:
      #smtps inet n - - - - smtpd
      # -o syslog_name=postfix/smtps
      # -o smtpd_tls_wrappermode=yes
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      # -o milter_macro_daemon_name=ORIGINATING

      --
      Dotan Cohen

      http://gibberish.co.il
      http://what-is-what.com
    • Wietse Venema
      ... I think he meant the service called submission . smtps is obsolete, but apparently some software still uses it. Wietse
      Message 2 of 8 , Jul 8 11:36 AM
      • 0 Attachment
        Dotan Cohen:
        > > on a related note, as this is for humans to send mail from their mail
        > > clients, you'll want to configure a proper submission [port 587] service.
        > > see the commented example in master.cf for a starting point. smtp auth
        > > should be offered only via the submission service, and not via mx service
        > > [port 25]. additionally, encryption should be required for submission
        > > traffic.
        > >
        >
        > Are you referring to this:
        > #smtps inet n - - - - smtpd

        I think he meant the service called "submission". "smtps" is
        obsolete, but apparently some software still uses it.

        Wietse
      • Peter
        ... No, the service you re looking for is submission , not smtps . SMTPS is a deprecated means of submission and you only need it if your users are using a
        Message 3 of 8 , Jul 8 1:04 PM
        • 0 Attachment
          On 07/09/2013 05:10 AM, Dotan Cohen wrote:
          >> on a related note, as this is for humans to send mail from their mail
          >> clients, you'll want to configure a proper submission [port 587] service.
          >> see the commented example in master.cf for a starting point. smtp auth
          >> should be offered only via the submission service, and not via mx service
          >> [port 25]. additionally, encryption should be required for submission
          >> traffic.
          >
          > Are you referring to this:
          > #smtps inet n - - - - smtpd
          > # -o syslog_name=postfix/smtps
          > # -o smtpd_tls_wrappermode=yes
          > # -o smtpd_sasl_auth_enable=yes
          > # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
          > # -o milter_macro_daemon_name=ORIGINATING

          No, the service you're looking for is "submission", not "smtps". SMTPS
          is a deprecated means of submission and you only need it if your users
          are using a very old version of one particular email client in which
          case they likely have other problems.


          Peter
        • Dotan Cohen
          ... Thank you Peter. Interestingly, even after enabling submission (perhaps incorrectly, I m looking into that) I still get this in the logs when I try to send
          Message 4 of 8 , Jul 8 10:13 PM
          • 0 Attachment
            On Mon, Jul 8, 2013 at 11:04 PM, Peter <peter@...> wrote:
            > No, the service you're looking for is "submission", not "smtps". SMTPS is a
            > deprecated means of submission and you only need it if your users are using
            > a very old version of one particular email client in which case they likely
            > have other problems.
            >

            Thank you Peter. Interestingly, even after enabling submission
            (perhaps incorrectly, I'm looking into that) I still get this in the
            logs when I try to send mail via postfix:

            11993 Jul 9 05:02:11 awsBeta postfix/smtpd[6734]: warning: hostname
            bzq-219-241-14.static.bezeqint.net does not resolve to address
            212.179.241.14: Name or service not known
            11994 Jul 9 05:02:11 awsBeta postfix/smtpd[6734]: connect from
            unknown[212.179.241.14]
            11995 Jul 9 05:02:12 awsBeta postfix/smtpd[6734]: NOQUEUE: reject:
            RCPT from unknown[212.179.241.14]: 554 5.7.1
            <dotancohen@...>: Relay access denied;
            from=<fs@...> to=<dotancohen@...> proto=ESMTP
            helo=<[10.0.0.154]>
            11996 Jul 9 05:02:14 awsBeta postfix/smtpd[6734]: disconnect from
            unknown[212.179.241.14]

            212.179.241.14 is the address where my desktop is located, and bzq-*
            obviously by the name refers to my ISP (Bezeq). It seems that even
            with submission enabled, Postfix wants the IP address whitelisted in
            "mydomains". I don't even see in the logs that Postfix bothered
            checking the submission credentials, it rejected bases on IP address
            before even getting that far.

            What else must be configured to remove the IP address whitelist and go
            right to the submission credentials check?

            Thank you for helping me learn! I've gone over these tutorials but I'm
            rather stuck:
            http://www.postfix.org/VIRTUAL_README.html
            http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
            https://help.ubuntu.com/community/Postfix


            --
            Dotan Cohen

            http://gibberish.co.il
            http://what-is-what.com
          • Peter
            ... This simply means that either your email client is not correctly configured to send SASL AUTH credentials, or postfix is not correctly configured to
            Message 5 of 8 , Jul 8 10:34 PM
            • 0 Attachment
              On 07/09/2013 05:13 PM, Dotan Cohen wrote:
              > 212.179.241.14 is the address where my desktop is located, and bzq-*
              > obviously by the name refers to my ISP (Bezeq). It seems that even
              > with submission enabled, Postfix wants the IP address whitelisted in
              > "mydomains". I don't even see in the logs that Postfix bothered
              > checking the submission credentials, it rejected bases on IP address
              > before even getting that far.

              This simply means that either your email client is not correctly
              configured to send SASL AUTH credentials, or postfix is not correctly
              configured to receive them. There is more to SASL AUTH than just
              enabling submission. See http://www.postfix.org/SASL_README.html for
              more info.

              > What else must be configured to remove the IP address whitelist and go
              > right to the submission credentials check?

              You can remove permit_mynetworks if you want, there is nothing wrong
              with this, but it won't solve your problem, your problem is what I
              stated above.

              > http://www.postfix.org/VIRTUAL_README.html
              > http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
              > https://help.ubuntu.com/community/Postfix

              Read the SASL_README document I linked to above.


              Peter
            • Hans Spaans
              ... Firefox OS Simulator 3.0.1 still prefers, read demands it, smtps over submission sadly enough. Hopefully they fix it or some helpdesks will have a fun time
              Message 6 of 8 , Jul 9 4:26 AM
              • 0 Attachment
                wietse@... schreef op 2013-07-08 20:36:
                > Dotan Cohen:
                >> > on a related note, as this is for humans to send mail from their mail
                >> > clients, you'll want to configure a proper submission [port 587] service.
                >> > see the commented example in master.cf for a starting point. smtp auth
                >> > should be offered only via the submission service, and not via mx service
                >> > [port 25]. additionally, encryption should be required for submission
                >> > traffic.
                >> >
                >>
                >> Are you referring to this:
                >> #smtps inet n - - - - smtpd
                >
                > I think he meant the service called "submission". "smtps" is
                > obsolete, but apparently some software still uses it.

                Firefox OS Simulator 3.0.1 still prefers, read demands it, smtps over
                submission sadly enough. Hopefully they fix it or some helpdesks will
                have a fun time after the release of their first phone.

                Hans
              Your message has been successfully submitted and would be delivered to recipients shortly.