MESSAGE
| DATE | 2021-12-22 |
| FROM | raf
|
| SUBJECT | Re: [Hangout - NYLXS] Adding Additional domains and outgoing email
|
From hangout-bounces-at-nylxs.com Fri Jan 7 05:08:43 2022
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82])
by mrbrklyn.com (Postfix) with ESMTP id 8DAD0163FB3;
Fri, 7 Jan 2022 05:08:41 -0500 (EST)
X-Original-To: hangout-at-www2.mrbrklyn.com
Delivered-To: hangout-at-www2.mrbrklyn.com
Received: by mrbrklyn.com (Postfix, from userid 1000)
id B5052163FFC; Fri, 7 Jan 2022 05:07:43 -0500 (EST)
Resent-From: Ruben Safir
Resent-Date: Fri, 7 Jan 2022 05:07:43 -0500
Resent-Message-ID: <20220107100743.GI20897-at-www2.mrbrklyn.com>
Resent-To: hangout-at-mrbrklyn.com
X-Original-To: ruben-at-mrbrklyn.com
Delivered-To: ruben-at-mrbrklyn.com
Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net
[168.100.1.4]) by mrbrklyn.com (Postfix) with ESMTP id 83EB1163FF2
for ; Wed, 22 Dec 2021 19:20:54 -0500 (EST)
Received: by russian-caravan.cloud9.net (Postfix)
id 72C46342810; Wed, 22 Dec 2021 19:20:29 -0500 (EST)
Delivered-To: postfix-users-outgoing-at-cloud9.net
Received: from localhost (localhost [127.0.0.1])
by russian-caravan.cloud9.net (Postfix) with ESMTP id 715213426F8
for ; Wed, 22 Dec 2021 19:20:29 -0500 (EST)
X-Virus-Scanned: amavisd-new at cloud9.net
Received: from russian-caravan.cloud9.net ([127.0.0.1])
by localhost (russian-caravan.cloud9.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 9aMIASk_JcvQ for ;
Wed, 22 Dec 2021 19:20:29 -0500 (EST)
Received: by russian-caravan.cloud9.net (Postfix, from userid 54)
id 49C88342811; Wed, 22 Dec 2021 19:20:29 -0500 (EST)
Delivered-To: postfix-users-at-cloud9.net
Received: from localhost (localhost [127.0.0.1])
by russian-caravan.cloud9.net (Postfix) with ESMTP id 2B4D1342810
for ; Wed, 22 Dec 2021 19:20:29 -0500 (EST)
X-Virus-Scanned: amavisd-new at cloud9.net
Received: from russian-caravan.cloud9.net ([127.0.0.1])
by localhost (russian-caravan.cloud9.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id uWeV1R8YN2Mt for ;
Wed, 22 Dec 2021 19:20:29 -0500 (EST)
Received: from ook.raf.org (ook.raf.org [139.99.156.21])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by russian-caravan.cloud9.net (Postfix) with ESMTPS id 962C63426F8
for ; Wed, 22 Dec 2021 19:20:28 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
by ook.raf.org (Postfix) with ESMTP id 341725ED59
for ; Thu, 23 Dec 2021 11:20:12 +1100 (AEDT)
X-Virus-Scanned: Debian amavisd-new at ook.raf.org
Received: from ook.raf.org ([127.0.0.1])
by localhost (ook.raf.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id J9CKCplIi5pY for ;
Thu, 23 Dec 2021 11:20:09 +1100 (AEDT)
Received: by ook.raf.org (Postfix, from userid 1001)
id 8061661FFC; Thu, 23 Dec 2021 11:20:09 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raf.org; s=001;
t=1640218809; bh=QUGYcPpMAG9kumhEQ4YCGeKBfH3I+VjH84KcG63mLtk=;
h=Date:From:To:Subject:References:In-Reply-To:From;
b=WNKIHMjrQXgVwnolQJLGjLGa+wlv4JDoIbD+t1V5LwGpP5OG+OlfsQSmkLxCJTLam
zvO0L7xTLACpJg02qvQvKvHHtey+4FElBzaVTqocIoX+FxbIVlGkLa/DyICpQlLGl7
L5tu63SZGDOQEMWnsEGXZWWLh1zreP5rGDG8DbbcZCegXhco9RTds1gt5GmVW2C3la
TUyYw2PKLhQJQW8XwO3Tk91wqtZeImZ5DX1tPXeDKWF9FjiyVAkAwNWjMAuXYkuN10
xhHpCKj7DrFS1slFrL7dovU1B/6x1UBvOVUyG5d8ewPynI0uLL9DrQl4pGW7Zy4caW
fTSMrNjOVRUkg==
Date: Thu, 23 Dec 2021 11:20:09 +1100
From: raf
To: postfix-users-at-postfix.org
Message-ID:
Mail-Followup-To: postfix-users-at-postfix.org
References: <8e8e3633-1574-aea2-ef68-bb6cea73e751-at-mrbrklyn.com>
<20211222052031.GA4914-at-www2.mrbrklyn.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20211222052031.GA4914-at-www2.mrbrklyn.com>
Precedence: bulk
Subject: Re: [Hangout - NYLXS] Adding Additional domains and outgoing email
X-BeenThere: hangout-at-nylxs.com
X-Mailman-Version: 2.1.30rc1
List-Id: NYLXS Tech Talk and Politics
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: hangout-bounces-at-nylxs.com
Sender: "Hangout"
On Wed, Dec 22, 2021 at 12:20:31AM -0500, Ruben Safir wrote:
> On Wed, Dec 22, 2021 at 02:19:49PM +1100, raf wrote:
> > On Tue, Dec 21, 2021 at 06:52:23AM -0500, Ruben Safir wrote:
> >
> > > I want to add a domain for the office in addition to my current domain.
> > >
> > > I've done this before, following the outline in:
> > > http://www.postfix.org/VIRTUAL_README.html#canonical
> > >
> > > using
> > >
> > > [ruben-at-www2 ~]$ cat /etc/postfix/main.cf|grep mydest
> > > mydestination = www.domain1.com, www2.domain1.com, home.domain1.com,
> > > domain1.com, domain2.com, domain3.com, domain4.com, domain5.com,
> > > newistdomain.com
> > >
> > > So I can receive mail satisfactory and this has been good enough since I
> > > normally ssh in from remote and use mutt and all my outgoing email is
> > > transformed to name-at-domain.com
> > >
> > > I need for select users from the newistdomain.com to have that
> > > name-at-newistdomain.com
> > >
> > > I am using thunderbird and dovecot to pop mail from the system. At
> > > home, this is no problem as I am on the local network. I just set up the
> > > smtp server to the postfix host running postfix.
> >
> > That should probably be the same for all Thunderbird users as well.
> >
> > > mydomain = domain1.com
> > > masquerade_domains = domain1.com, domain1.com #which is probably wrong
> > > myhostname = domain1.com
> >
> > I'm sure that domain1.com doesn't need to appear twice in
> > the masquerade_domains parameter, but it's harmless.
> >
> > > How do I securely open postfix to relay email received from these
> > > specific external office locals using newistdomain.coms
> >
> > If you can already connect using Thunderbird, you must
> > have an entry for submission and/or submissions/smtps
> > (i.e., port 587 and/or 465) in /etc/postfix.master.cf,
>
> Thunderbird can directly talk to postfix SMTP without dovecot et al?
>
> I thought it only talks to postfix on the outbound mail. This is not
> taylor uucp :(
Thunderbird can talk SMTP to Postfix on ports 25, 465,
and/or 587. But it can probably only use port 25 when
it's connecting from an IP address that is in Postfix's
$mynetworks and so doesn't necessarily require
authentication. Ports 465 and 587 should require
authentication.
Thunderbird only connects to Dovecot directly for
reading mail via POP/IMAP (ports 110, 143, 993, 995).
However, for authenticated SMTP, Thunderbird connects
to Postfix, and Postfix can then connect to Dovecot
locally for authenticating the user. One way of doing
that is:
/etc/postfix/main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
which means connect to Dovecot's
/var/spool/postfix/private/auth socket which needs to
be configured in Dovecot with something like:
/etc/dovecot/conf.d/10-master.conf:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
The other smtpd_sasl_type available is cyrus (or whatever
"postconf -a" outputs). I don't know anything about that.
> > you just need to override the smtpd_recipient_restrictions
> > or smtpd_relay_restrictions parameters there to permit
> > SASL-authenticated users t osend mail whereever they
> > want. e.g.:
>
> any alternative to SASL. It is not installed currently.
> I've been using plain password file authentication.
I think you only need SASL "installed" when using cyrus.
When using dovecot, it's builtin to Dovecot, and uses
Dovecot's password file.
> > smtps inet n - y - - smtpd
> > -o syslog_name=postfix/$service_name
> > -o smtpd_tls_wrappermode=yes
> > -o smtpd_sasl_auth_enable=yes
> > -o smtpd_client_restrictions=
> > -o smtpd_helo_restrictions=
> > -o smtpd_sender_restrictions=
> > -o smtpd_recipient_restrictions=
> > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> >
> > submission inet n - y - - smtpd
> > -o syslog_name=postfix/$service_name
> > -o smtpd_tls_security_level=encrypt
> > -o smtpd_sasl_auth_enable=yes
> > -o smtpd_tls_auth_only=yes
> > -o smtpd_client_restrictions=
> > -o smtpd_helo_restrictions=
> > -o smtpd_sender_restrictions=
> > -o smtpd_recipient_restrictions=
> > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> >
> > Or have the relevant parameters set similarly in
> > /etc/postfix/main.cf.
> >
> > > and how do I get
> > > those accounts to default to name-at-newistdomain.com ?
> >
> > I think that that's something that should be specified
> > in Thunderbird itself.
>
> doesn't masquarade rewrite it?
I don't think so. masquerade_domains changes the domain part
of the email address (e.g., from a.b.com to b.com). I think
you are asking for the newistdomain.com domain to remain the
same, but for the local/user part of the email address to
change (e.g., drew-at-newistdomain.com and kim-at-newistdomain.com
both change to name-at-newistdomain.com, but other-at-newistdomain.com
remains unchanged).
That requires selective address rewriting, not domain
rewriting (Note: There is also a masquerade_exceptions
parameter for excluding user names from masquerading,
so it's not a blunt instrument, but it still doesn't
apply to your need to change the user names).
If you only need the user names to change when mail is being
sent (but not when it arrives), the generic address rewriting
is probably appropriate (unles I've misunderstood what you're
asking for):
/etc/postfix/main.cf:
smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/generic:
drew-at-newistdomain.com name-at-newistdomain.com
kim-at-newistdomain.com name-at-newistdomain.com
If you also need to rewrite incoming email for these users,
then use canonical address rewriting instead:
/etc/postfix/main.cf:
sender_canonical_maps = hash:/etc/postfix/sender_canonical
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
/etc/postfix/sender_canonical:
drew name
kim name
/etc/postfix/recipient_canonical:
name drew
But this might not be appropriate when mapping multiple
user names to the same name (which is what I think you
are asking for). The above just specifies one of the
original user names to map "name" back to in incoming
mail.
It's probably best if you read
http://www.postfix.org/ADDRESS_REWRITING_README.html
and see what best matches your needs.
> > But if the Thunderbird clients are configured with an
> > incorrect/non-ideal sender domain, and you need Postfix
> > to override that, you can probably handle that either
> > with canonical or generic address rewriting:
> >
> > http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical (incoming/outgoing)
> > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic (outgoing only)
> >
>
> I'll crunch on that. The problem here is that I deal with this so
> infrequently that I forget everything I learned when I alter the set up.
>
> > Any parameter changes that need to be added can be
> > added to the service declaration in master.cf using -o
> > options.
> >
> > But since this is only for "select users", it probably
> > makes more sense for those users to just set their
> > correct from address in Thunderbird (unless I've
> > misunderstood something).
> >
> > cheers,
> > raf
>
> Thanks!
>
> Reuvain
> --
> So many immigrant groups have swept through our town
> that Brooklyn, like Atlantis, reaches mythological
> proportions in the mind of the world - RI Safir 1998
> http://www.mrbrklyn.com
>
> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
> http://www.nylxs.com - Leadership Development in Free Software
> http://www2.mrbrklyn.com/resources - Unpublished Archive
> http://www.coinhangout.com - coins!
> http://www.brooklyn-living.com
>
> Being so tracked is for FARM ANIMALS and extermination camps,
> but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|
