MESSAGE
DATE | 2021-12-22 |
FROM | raf
|
SUBJECT | Re: [Hangout - NYLXS] Adding Additional domains and outgoing email
|
From hangout-bounces-at-nylxs.com Fri Jan 7 05:08:43 2022 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id 8DAD0163FB3; Fri, 7 Jan 2022 05:08:41 -0500 (EST) X-Original-To: hangout-at-www2.mrbrklyn.com Delivered-To: hangout-at-www2.mrbrklyn.com Received: by mrbrklyn.com (Postfix, from userid 1000) id B5052163FFC; Fri, 7 Jan 2022 05:07:43 -0500 (EST) Resent-From: Ruben Safir Resent-Date: Fri, 7 Jan 2022 05:07:43 -0500 Resent-Message-ID: <20220107100743.GI20897-at-www2.mrbrklyn.com> Resent-To: hangout-at-mrbrklyn.com X-Original-To: ruben-at-mrbrklyn.com Delivered-To: ruben-at-mrbrklyn.com Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by mrbrklyn.com (Postfix) with ESMTP id 83EB1163FF2 for ; Wed, 22 Dec 2021 19:20:54 -0500 (EST) Received: by russian-caravan.cloud9.net (Postfix) id 72C46342810; Wed, 22 Dec 2021 19:20:29 -0500 (EST) Delivered-To: postfix-users-outgoing-at-cloud9.net Received: from localhost (localhost [127.0.0.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 715213426F8 for ; Wed, 22 Dec 2021 19:20:29 -0500 (EST) X-Virus-Scanned: amavisd-new at cloud9.net Received: from russian-caravan.cloud9.net ([127.0.0.1]) by localhost (russian-caravan.cloud9.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9aMIASk_JcvQ for ; Wed, 22 Dec 2021 19:20:29 -0500 (EST) Received: by russian-caravan.cloud9.net (Postfix, from userid 54) id 49C88342811; Wed, 22 Dec 2021 19:20:29 -0500 (EST) Delivered-To: postfix-users-at-cloud9.net Received: from localhost (localhost [127.0.0.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 2B4D1342810 for ; Wed, 22 Dec 2021 19:20:29 -0500 (EST) X-Virus-Scanned: amavisd-new at cloud9.net Received: from russian-caravan.cloud9.net ([127.0.0.1]) by localhost (russian-caravan.cloud9.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWeV1R8YN2Mt for ; Wed, 22 Dec 2021 19:20:29 -0500 (EST) Received: from ook.raf.org (ook.raf.org [139.99.156.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by russian-caravan.cloud9.net (Postfix) with ESMTPS id 962C63426F8 for ; Wed, 22 Dec 2021 19:20:28 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by ook.raf.org (Postfix) with ESMTP id 341725ED59 for ; Thu, 23 Dec 2021 11:20:12 +1100 (AEDT) X-Virus-Scanned: Debian amavisd-new at ook.raf.org Received: from ook.raf.org ([127.0.0.1]) by localhost (ook.raf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9CKCplIi5pY for ; Thu, 23 Dec 2021 11:20:09 +1100 (AEDT) Received: by ook.raf.org (Postfix, from userid 1001) id 8061661FFC; Thu, 23 Dec 2021 11:20:09 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raf.org; s=001; t=1640218809; bh=QUGYcPpMAG9kumhEQ4YCGeKBfH3I+VjH84KcG63mLtk=; h=Date:From:To:Subject:References:In-Reply-To:From; b=WNKIHMjrQXgVwnolQJLGjLGa+wlv4JDoIbD+t1V5LwGpP5OG+OlfsQSmkLxCJTLam zvO0L7xTLACpJg02qvQvKvHHtey+4FElBzaVTqocIoX+FxbIVlGkLa/DyICpQlLGl7 L5tu63SZGDOQEMWnsEGXZWWLh1zreP5rGDG8DbbcZCegXhco9RTds1gt5GmVW2C3la TUyYw2PKLhQJQW8XwO3Tk91wqtZeImZ5DX1tPXeDKWF9FjiyVAkAwNWjMAuXYkuN10 xhHpCKj7DrFS1slFrL7dovU1B/6x1UBvOVUyG5d8ewPynI0uLL9DrQl4pGW7Zy4caW fTSMrNjOVRUkg== Date: Thu, 23 Dec 2021 11:20:09 +1100 From: raf To: postfix-users-at-postfix.org Message-ID: Mail-Followup-To: postfix-users-at-postfix.org References: <8e8e3633-1574-aea2-ef68-bb6cea73e751-at-mrbrklyn.com> <20211222052031.GA4914-at-www2.mrbrklyn.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20211222052031.GA4914-at-www2.mrbrklyn.com> Precedence: bulk Subject: Re: [Hangout - NYLXS] Adding Additional domains and outgoing email X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.30rc1 List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
On Wed, Dec 22, 2021 at 12:20:31AM -0500, Ruben Safir wrote:
> On Wed, Dec 22, 2021 at 02:19:49PM +1100, raf wrote: > > On Tue, Dec 21, 2021 at 06:52:23AM -0500, Ruben Safir wrote: > > > > > I want to add a domain for the office in addition to my current domain. > > > > > > I've done this before, following the outline in: > > > http://www.postfix.org/VIRTUAL_README.html#canonical > > > > > > using > > > > > > [ruben-at-www2 ~]$ cat /etc/postfix/main.cf|grep mydest > > > mydestination = www.domain1.com, www2.domain1.com, home.domain1.com, > > > domain1.com, domain2.com, domain3.com, domain4.com, domain5.com, > > > newistdomain.com > > > > > > So I can receive mail satisfactory and this has been good enough since I > > > normally ssh in from remote and use mutt and all my outgoing email is > > > transformed to name-at-domain.com > > > > > > I need for select users from the newistdomain.com to have that > > > name-at-newistdomain.com > > > > > > I am using thunderbird and dovecot to pop mail from the system. At > > > home, this is no problem as I am on the local network. I just set up the > > > smtp server to the postfix host running postfix. > > > > That should probably be the same for all Thunderbird users as well. > > > > > mydomain = domain1.com > > > masquerade_domains = domain1.com, domain1.com #which is probably wrong > > > myhostname = domain1.com > > > > I'm sure that domain1.com doesn't need to appear twice in > > the masquerade_domains parameter, but it's harmless. > > > > > How do I securely open postfix to relay email received from these > > > specific external office locals using newistdomain.coms > > > > If you can already connect using Thunderbird, you must > > have an entry for submission and/or submissions/smtps > > (i.e., port 587 and/or 465) in /etc/postfix.master.cf, > > Thunderbird can directly talk to postfix SMTP without dovecot et al? > > I thought it only talks to postfix on the outbound mail. This is not > taylor uucp :(
Thunderbird can talk SMTP to Postfix on ports 25, 465, and/or 587. But it can probably only use port 25 when it's connecting from an IP address that is in Postfix's $mynetworks and so doesn't necessarily require authentication. Ports 465 and 587 should require authentication.
Thunderbird only connects to Dovecot directly for reading mail via POP/IMAP (ports 110, 143, 993, 995).
However, for authenticated SMTP, Thunderbird connects to Postfix, and Postfix can then connect to Dovecot locally for authenticating the user. One way of doing that is:
/etc/postfix/main.cf: smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
which means connect to Dovecot's /var/spool/postfix/private/auth socket which needs to be configured in Dovecot with something like:
/etc/dovecot/conf.d/10-master.conf: service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } }
The other smtpd_sasl_type available is cyrus (or whatever "postconf -a" outputs). I don't know anything about that.
> > you just need to override the smtpd_recipient_restrictions > > or smtpd_relay_restrictions parameters there to permit > > SASL-authenticated users t osend mail whereever they > > want. e.g.: > > any alternative to SASL. It is not installed currently. > I've been using plain password file authentication.
I think you only need SASL "installed" when using cyrus. When using dovecot, it's builtin to Dovecot, and uses Dovecot's password file.
> > smtps inet n - y - - smtpd > > -o syslog_name=postfix/$service_name > > -o smtpd_tls_wrappermode=yes > > -o smtpd_sasl_auth_enable=yes > > -o smtpd_client_restrictions= > > -o smtpd_helo_restrictions= > > -o smtpd_sender_restrictions= > > -o smtpd_recipient_restrictions= > > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > > > > submission inet n - y - - smtpd > > -o syslog_name=postfix/$service_name > > -o smtpd_tls_security_level=encrypt > > -o smtpd_sasl_auth_enable=yes > > -o smtpd_tls_auth_only=yes > > -o smtpd_client_restrictions= > > -o smtpd_helo_restrictions= > > -o smtpd_sender_restrictions= > > -o smtpd_recipient_restrictions= > > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > > > > Or have the relevant parameters set similarly in > > /etc/postfix/main.cf. > > > > > and how do I get > > > those accounts to default to name-at-newistdomain.com ? > > > > I think that that's something that should be specified > > in Thunderbird itself. > > doesn't masquarade rewrite it?
I don't think so. masquerade_domains changes the domain part of the email address (e.g., from a.b.com to b.com). I think you are asking for the newistdomain.com domain to remain the same, but for the local/user part of the email address to change (e.g., drew-at-newistdomain.com and kim-at-newistdomain.com both change to name-at-newistdomain.com, but other-at-newistdomain.com remains unchanged).
That requires selective address rewriting, not domain rewriting (Note: There is also a masquerade_exceptions parameter for excluding user names from masquerading, so it's not a blunt instrument, but it still doesn't apply to your need to change the user names).
If you only need the user names to change when mail is being sent (but not when it arrives), the generic address rewriting is probably appropriate (unles I've misunderstood what you're asking for):
/etc/postfix/main.cf: smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/generic: drew-at-newistdomain.com name-at-newistdomain.com kim-at-newistdomain.com name-at-newistdomain.com
If you also need to rewrite incoming email for these users, then use canonical address rewriting instead:
/etc/postfix/main.cf: sender_canonical_maps = hash:/etc/postfix/sender_canonical recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
/etc/postfix/sender_canonical: drew name kim name
/etc/postfix/recipient_canonical: name drew
But this might not be appropriate when mapping multiple user names to the same name (which is what I think you are asking for). The above just specifies one of the original user names to map "name" back to in incoming mail.
It's probably best if you read http://www.postfix.org/ADDRESS_REWRITING_README.html and see what best matches your needs.
> > But if the Thunderbird clients are configured with an > > incorrect/non-ideal sender domain, and you need Postfix > > to override that, you can probably handle that either > > with canonical or generic address rewriting: > > > > http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical (incoming/outgoing) > > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic (outgoing only) > > > > I'll crunch on that. The problem here is that I deal with this so > infrequently that I forget everything I learned when I alter the set up. > > > Any parameter changes that need to be added can be > > added to the service declaration in master.cf using -o > > options. > > > > But since this is only for "select users", it probably > > makes more sense for those users to just set their > > correct from address in Thunderbird (unless I've > > misunderstood something). > > > > cheers, > > raf > > Thanks! > > Reuvain > -- > So many immigrant groups have swept through our town > that Brooklyn, like Atlantis, reaches mythological > proportions in the mind of the world - RI Safir 1998 > http://www.mrbrklyn.com > > DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 > http://www.nylxs.com - Leadership Development in Free Software > http://www2.mrbrklyn.com/resources - Unpublished Archive > http://www.coinhangout.com - coins! > http://www.brooklyn-living.com > > Being so tracked is for FARM ANIMALS and extermination camps, > but incompatible with living as a free human being. -RI Safir 2013 _______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|