MESSAGE
| DATE | 2021-12-22 |
| FROM | raf
|
| SUBJECT | Re: [Hangout - NYLXS] Adding Additional domains and outgoing email
|
On Wed, Dec 22, 2021 at 12:20:31AM -0500, Ruben Safir wrote:
> On Wed, Dec 22, 2021 at 02:19:49PM +1100, raf wrote:
> > On Tue, Dec 21, 2021 at 06:52:23AM -0500, Ruben Safir wrote:
> >
> > > I want to add a domain for the office in addition to my current domain.
> > >
> > > I've done this before, following the outline in:
> > > http://www.postfix.org/VIRTUAL_README.html#canonical
> > >
> > > using
> > >
> > > [ruben-at-www2 ~]$ cat /etc/postfix/main.cf|grep mydest
> > > mydestination = www.domain1.com, www2.domain1.com, home.domain1.com,
> > > domain1.com, domain2.com, domain3.com, domain4.com, domain5.com,
> > > newistdomain.com
> > >
> > > So I can receive mail satisfactory and this has been good enough since I
> > > normally ssh in from remote and use mutt and all my outgoing email is
> > > transformed to name-at-domain.com
> > >
> > > I need for select users from the newistdomain.com to have that
> > > name-at-newistdomain.com
> > >
> > > I am using thunderbird and dovecot to pop mail from the system. At
> > > home, this is no problem as I am on the local network. I just set up the
> > > smtp server to the postfix host running postfix.
> >
> > That should probably be the same for all Thunderbird users as well.
> >
> > > mydomain = domain1.com
> > > masquerade_domains = domain1.com, domain1.com #which is probably wrong
> > > myhostname = domain1.com
> >
> > I'm sure that domain1.com doesn't need to appear twice in
> > the masquerade_domains parameter, but it's harmless.
> >
> > > How do I securely open postfix to relay email received from these
> > > specific external office locals using newistdomain.coms
> >
> > If you can already connect using Thunderbird, you must
> > have an entry for submission and/or submissions/smtps
> > (i.e., port 587 and/or 465) in /etc/postfix.master.cf,
>
> Thunderbird can directly talk to postfix SMTP without dovecot et al?
>
> I thought it only talks to postfix on the outbound mail. This is not
> taylor uucp :(
Thunderbird can talk SMTP to Postfix on ports 25, 465,
and/or 587. But it can probably only use port 25 when
it's connecting from an IP address that is in Postfix's
$mynetworks and so doesn't necessarily require
authentication. Ports 465 and 587 should require
authentication.
Thunderbird only connects to Dovecot directly for
reading mail via POP/IMAP (ports 110, 143, 993, 995).
However, for authenticated SMTP, Thunderbird connects
to Postfix, and Postfix can then connect to Dovecot
locally for authenticating the user. One way of doing
that is:
/etc/postfix/main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
which means connect to Dovecot's
/var/spool/postfix/private/auth socket which needs to
be configured in Dovecot with something like:
/etc/dovecot/conf.d/10-master.conf:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
The other smtpd_sasl_type available is cyrus (or whatever
"postconf -a" outputs). I don't know anything about that.
> > you just need to override the smtpd_recipient_restrictions
> > or smtpd_relay_restrictions parameters there to permit
> > SASL-authenticated users t osend mail whereever they
> > want. e.g.:
>
> any alternative to SASL. It is not installed currently.
> I've been using plain password file authentication.
I think you only need SASL "installed" when using cyrus.
When using dovecot, it's builtin to Dovecot, and uses
Dovecot's password file.
> > smtps inet n - y - - smtpd
> > -o syslog_name=postfix/$service_name
> > -o smtpd_tls_wrappermode=yes
> > -o smtpd_sasl_auth_enable=yes
> > -o smtpd_client_restrictions=
> > -o smtpd_helo_restrictions=
> > -o smtpd_sender_restrictions=
> > -o smtpd_recipient_restrictions=
> > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> >
> > submission inet n - y - - smtpd
> > -o syslog_name=postfix/$service_name
> > -o smtpd_tls_security_level=encrypt
> > -o smtpd_sasl_auth_enable=yes
> > -o smtpd_tls_auth_only=yes
> > -o smtpd_client_restrictions=
> > -o smtpd_helo_restrictions=
> > -o smtpd_sender_restrictions=
> > -o smtpd_recipient_restrictions=
> > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> >
> > Or have the relevant parameters set similarly in
> > /etc/postfix/main.cf.
> >
> > > and how do I get
> > > those accounts to default to name-at-newistdomain.com ?
> >
> > I think that that's something that should be specified
> > in Thunderbird itself.
>
> doesn't masquarade rewrite it?
I don't think so. masquerade_domains changes the domain part
of the email address (e.g., from a.b.com to b.com). I think
you are asking for the newistdomain.com domain to remain the
same, but for the local/user part of the email address to
change (e.g., drew-at-newistdomain.com and kim-at-newistdomain.com
both change to name-at-newistdomain.com, but other-at-newistdomain.com
remains unchanged).
That requires selective address rewriting, not domain
rewriting (Note: There is also a masquerade_exceptions
parameter for excluding user names from masquerading,
so it's not a blunt instrument, but it still doesn't
apply to your need to change the user names).
If you only need the user names to change when mail is being
sent (but not when it arrives), the generic address rewriting
is probably appropriate (unles I've misunderstood what you're
asking for):
/etc/postfix/main.cf:
smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/generic:
drew-at-newistdomain.com name-at-newistdomain.com
kim-at-newistdomain.com name-at-newistdomain.com
If you also need to rewrite incoming email for these users,
then use canonical address rewriting instead:
/etc/postfix/main.cf:
sender_canonical_maps = hash:/etc/postfix/sender_canonical
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
/etc/postfix/sender_canonical:
drew name
kim name
/etc/postfix/recipient_canonical:
name drew
But this might not be appropriate when mapping multiple
user names to the same name (which is what I think you
are asking for). The above just specifies one of the
original user names to map "name" back to in incoming
mail.
It's probably best if you read
http://www.postfix.org/ADDRESS_REWRITING_README.html
and see what best matches your needs.
> > But if the Thunderbird clients are configured with an
> > incorrect/non-ideal sender domain, and you need Postfix
> > to override that, you can probably handle that either
> > with canonical or generic address rewriting:
> >
> > http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical (incoming/outgoing)
> > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic (outgoing only)
> >
>
> I'll crunch on that. The problem here is that I deal with this so
> infrequently that I forget everything I learned when I alter the set up.
>
> > Any parameter changes that need to be added can be
> > added to the service declaration in master.cf using -o
> > options.
> >
> > But since this is only for "select users", it probably
> > makes more sense for those users to just set their
> > correct from address in Thunderbird (unless I've
> > misunderstood something).
> >
> > cheers,
> > raf
>
> Thanks!
>
> Reuvain
> --
> So many immigrant groups have swept through our town
> that Brooklyn, like Atlantis, reaches mythological
> proportions in the mind of the world - RI Safir 1998
> http://www.mrbrklyn.com
>
> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
> http://www.nylxs.com - Leadership Development in Free Software
> http://www2.mrbrklyn.com/resources - Unpublished Archive
> http://www.coinhangout.com - coins!
> http://www.brooklyn-living.com
>
> Being so tracked is for FARM ANIMALS and extermination camps,
> but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|
