Loading ...
Sorry, an error occurred while loading the content.

Re: Send email for users from any location

Expand Messages
  • Wietse Venema
    ... I think he meant the service called submission . smtps is obsolete, but apparently some software still uses it. Wietse
    Message 1 of 8 , Jul 8, 2013
    • 0 Attachment
      Dotan Cohen:
      > > on a related note, as this is for humans to send mail from their mail
      > > clients, you'll want to configure a proper submission [port 587] service.
      > > see the commented example in master.cf for a starting point. smtp auth
      > > should be offered only via the submission service, and not via mx service
      > > [port 25]. additionally, encryption should be required for submission
      > > traffic.
      > >
      >
      > Are you referring to this:
      > #smtps inet n - - - - smtpd

      I think he meant the service called "submission". "smtps" is
      obsolete, but apparently some software still uses it.

      Wietse
    • Peter
      ... No, the service you re looking for is submission , not smtps . SMTPS is a deprecated means of submission and you only need it if your users are using a
      Message 2 of 8 , Jul 8, 2013
      • 0 Attachment
        On 07/09/2013 05:10 AM, Dotan Cohen wrote:
        >> on a related note, as this is for humans to send mail from their mail
        >> clients, you'll want to configure a proper submission [port 587] service.
        >> see the commented example in master.cf for a starting point. smtp auth
        >> should be offered only via the submission service, and not via mx service
        >> [port 25]. additionally, encryption should be required for submission
        >> traffic.
        >
        > Are you referring to this:
        > #smtps inet n - - - - smtpd
        > # -o syslog_name=postfix/smtps
        > # -o smtpd_tls_wrappermode=yes
        > # -o smtpd_sasl_auth_enable=yes
        > # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        > # -o milter_macro_daemon_name=ORIGINATING

        No, the service you're looking for is "submission", not "smtps". SMTPS
        is a deprecated means of submission and you only need it if your users
        are using a very old version of one particular email client in which
        case they likely have other problems.


        Peter
      • Dotan Cohen
        ... Thank you Peter. Interestingly, even after enabling submission (perhaps incorrectly, I m looking into that) I still get this in the logs when I try to send
        Message 3 of 8 , Jul 8, 2013
        • 0 Attachment
          On Mon, Jul 8, 2013 at 11:04 PM, Peter <peter@...> wrote:
          > No, the service you're looking for is "submission", not "smtps". SMTPS is a
          > deprecated means of submission and you only need it if your users are using
          > a very old version of one particular email client in which case they likely
          > have other problems.
          >

          Thank you Peter. Interestingly, even after enabling submission
          (perhaps incorrectly, I'm looking into that) I still get this in the
          logs when I try to send mail via postfix:

          11993 Jul 9 05:02:11 awsBeta postfix/smtpd[6734]: warning: hostname
          bzq-219-241-14.static.bezeqint.net does not resolve to address
          212.179.241.14: Name or service not known
          11994 Jul 9 05:02:11 awsBeta postfix/smtpd[6734]: connect from
          unknown[212.179.241.14]
          11995 Jul 9 05:02:12 awsBeta postfix/smtpd[6734]: NOQUEUE: reject:
          RCPT from unknown[212.179.241.14]: 554 5.7.1
          <dotancohen@...>: Relay access denied;
          from=<fs@...> to=<dotancohen@...> proto=ESMTP
          helo=<[10.0.0.154]>
          11996 Jul 9 05:02:14 awsBeta postfix/smtpd[6734]: disconnect from
          unknown[212.179.241.14]

          212.179.241.14 is the address where my desktop is located, and bzq-*
          obviously by the name refers to my ISP (Bezeq). It seems that even
          with submission enabled, Postfix wants the IP address whitelisted in
          "mydomains". I don't even see in the logs that Postfix bothered
          checking the submission credentials, it rejected bases on IP address
          before even getting that far.

          What else must be configured to remove the IP address whitelist and go
          right to the submission credentials check?

          Thank you for helping me learn! I've gone over these tutorials but I'm
          rather stuck:
          http://www.postfix.org/VIRTUAL_README.html
          http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
          https://help.ubuntu.com/community/Postfix


          --
          Dotan Cohen

          http://gibberish.co.il
          http://what-is-what.com
        • Peter
          ... This simply means that either your email client is not correctly configured to send SASL AUTH credentials, or postfix is not correctly configured to
          Message 4 of 8 , Jul 8, 2013
          • 0 Attachment
            On 07/09/2013 05:13 PM, Dotan Cohen wrote:
            > 212.179.241.14 is the address where my desktop is located, and bzq-*
            > obviously by the name refers to my ISP (Bezeq). It seems that even
            > with submission enabled, Postfix wants the IP address whitelisted in
            > "mydomains". I don't even see in the logs that Postfix bothered
            > checking the submission credentials, it rejected bases on IP address
            > before even getting that far.

            This simply means that either your email client is not correctly
            configured to send SASL AUTH credentials, or postfix is not correctly
            configured to receive them. There is more to SASL AUTH than just
            enabling submission. See http://www.postfix.org/SASL_README.html for
            more info.

            > What else must be configured to remove the IP address whitelist and go
            > right to the submission credentials check?

            You can remove permit_mynetworks if you want, there is nothing wrong
            with this, but it won't solve your problem, your problem is what I
            stated above.

            > http://www.postfix.org/VIRTUAL_README.html
            > http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
            > https://help.ubuntu.com/community/Postfix

            Read the SASL_README document I linked to above.


            Peter
          • Hans Spaans
            ... Firefox OS Simulator 3.0.1 still prefers, read demands it, smtps over submission sadly enough. Hopefully they fix it or some helpdesks will have a fun time
            Message 5 of 8 , Jul 9, 2013
            • 0 Attachment
              wietse@... schreef op 2013-07-08 20:36:
              > Dotan Cohen:
              >> > on a related note, as this is for humans to send mail from their mail
              >> > clients, you'll want to configure a proper submission [port 587] service.
              >> > see the commented example in master.cf for a starting point. smtp auth
              >> > should be offered only via the submission service, and not via mx service
              >> > [port 25]. additionally, encryption should be required for submission
              >> > traffic.
              >> >
              >>
              >> Are you referring to this:
              >> #smtps inet n - - - - smtpd
              >
              > I think he meant the service called "submission". "smtps" is
              > obsolete, but apparently some software still uses it.

              Firefox OS Simulator 3.0.1 still prefers, read demands it, smtps over
              submission sadly enough. Hopefully they fix it or some helpdesks will
              have a fun time after the release of their first phone.

              Hans
            Your message has been successfully submitted and would be delivered to recipients shortly.