Results 1 to 9 of 9

Thread: Postfix - SMTP - Relayhost

  1. #1
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default Postfix - SMTP - Relayhost

    Hello.

    I use to use an email address my_user_name@free.fr since the creation of my account from my first provider 20 years ago.
    I used to connect by DIALUP.
    15 years ago I by a new account from a new provider using dsl. But I continue to keep my first email account.
    Today I have a new "dsl" and "tv" account from another provider.
    And I continue to use my first email account.

    I don't own any domain name, and have no fix IP. (In the future I planned to get one using OpenDNS free service).

    To day I try to install a mail server as relayhost.
    I have set :
    Code:
    #relayhost = [smtp.free.fr]
    # or relay SMTP on port of submission in SASL
    relayhost = [smtp.free.fr]: 587
    While trying to verify my POSTFIX configuration by sending a mail to my_user_name@free.fr account

    Code:
    mail -s "subject : Message Test to myself" my_user_name@free.fr <<< "This is a test message sent to myself"
    I got the following error message:

    Code:
    postfix/smtp[4892]:, MSG  6955F2408FD: to=<my_user_name@free.fr>, relay=smtp.free.fr[212.27.48.4]:587, delay=0.23, delays=0.09/0.03/0.11/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host smtp.free.fr[212.27.48.4])
    The only help from my provider is :
    Code:
    Your login "my_user_name" is already authorized to make SMTP authenticated on "smtp.free.fr".
    Only encrypted password authentication methods are accepted. For example the use of SSL (on port 465) or of the ' MD5 Challenge-Response' (on port 587).
    Here modified parameters in main.cf
    Code:
    #
    disable_vrfy_command = yes
    alias_maps = hash:/etc/postfix/aliases
    alias_database = hash:/etc/postfix/aliases
    #
    smtpd_delay_reject = yes
    #
    smtpd_banner = $myhostname ESMTP
    #
    transport_maps = hash:/etc/postfix/transport
    #
    # Great New feature Address Mapping
    #  for example may mchirico@localhost to mchirico@gmail.com
    smtp_generic_maps = hash:/etc/postfix/generic
    
    mydomain = my-dom.nwk
    myorigin = $mydomain
    myhostname = LINUX-TEST-123.$mydomain
    mydestination = localhost.localdomain
    mynetworks = 127.0.0.0/8
    mynetworks_style = subnet
    
    #relayhost = [smtp.free.fr]
    # ou  RELAIS SMPT sur port de soumission en SASL
    relayhost = [smtp.free.fr]:587
    #relayhost = [smtp.free.fr]:465
    
    #smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit
    
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
    Here postconf -n
    Code:
    alias_database = hash:/etc/postfix/aliases
    alias_maps = hash:/etc/postfix/aliases
    biff = no
    canonical_maps =
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter =
    daemon_directory = /usr/lib/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
    defer_transports =
    delay_warning_time = 0h
    disable_dns_lookups = yes
    disable_mime_output_conversion = no
    disable_vrfy_command = yes
    html_directory = /usr/share/doc/packages/postfix-doc/html
    inet_interfaces = all
    inet_protocols = ipv4
    mail_owner = postfix
    mail_spool_directory = /var/mail
    mailbox_command =
    mailbox_size_limit = 0
    mailbox_transport =
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    masquerade_classes = envelope_sender, header_sender, header_recipient
    masquerade_domains =
    masquerade_exceptions =
    message_size_limit = 0
    message_strip_characters =
    mydestination = localhost.localdomain
    mydomain = my-dom.nwk
    myhostname = LINUX-TEST-123.$mydomain
    mynetworks = 127.0.0.0/8
    mynetworks_style = subnet
    myorigin = $mydomain
    newaliases_path = /usr/bin/newaliases
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
    relay_clientcerts =
    relayhost = [smtp.free.fr]:587
    relocated_maps =
    sample_directory = /usr/share/doc/packages/postfix-doc/samples
    sender_canonical_maps =
    sendmail_path = /usr/sbin/sendmail
    setgid_group = maildrop
    smtp_enforce_tls = no
    smtp_generic_maps = hash:/etc/postfix/generic
    smtp_sasl_auth_enable = yes
    smtp_sasl_mechanism_filter = digest-md5
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    smtp_sasl_tls_security_options = noanonymous
    smtp_tls_CAfile = /etc/postfix/cacert.pem
    smtp_tls_CApath =
    smtp_tls_cert_file = /etc/postfix/POSTFIX-cert.pem
    smtp_tls_key_file = /etc/postfix/POSTFIX-key.pem
    smtp_tls_loglevel = 3
    smtp_tls_per_site = hash:/etc/postfix/tls_per_site
    smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
    smtp_use_tls = no
    smtpd_banner = $myhostname ESMTP
    smtpd_client_restrictions =
    smtpd_delay_reject = yes
    smtpd_helo_required = yes
    smtpd_helo_restrictions =
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_path = smtpd
    smtpd_sender_restrictions =
    smtpd_tls_CAfile = /etc/postfix/cacert.pem
    smtpd_tls_CApath =
    smtpd_tls_ask_ccert = no
    smtpd_tls_cert_file = /etc/postfix/POSTFIX-cert.pem
    smtpd_tls_key_file = /etc/postfix/POSTFIX-key.pem
    smtpd_tls_loglevel = 3
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
    smtpd_use_tls = yes
    strict_8bitmime = no
    strict_rfc821_envelopes = no
    transport_maps = hash:/etc/postfix/transport
    unknown_local_recipient_reject_code = 550
    virtual_alias_domains =
    Any help is welcome
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,844
    Blog Entries
    15

    Default Re: Postfix - SMTP - Relayhost

    Hi
    This is what I followed for gmail, works fine in my virtual machines....
    http://mhawthorne.net/posts/postfix-...-as-relay.html
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default Re: Postfix - SMTP - Relayhost

    Quote Originally Posted by malcolmlewis View Post
    Hi
    This is what I followed for gmail, works fine in my virtual machines....
    http://mhawthorne.net/posts/postfix-...-as-relay.html
    I will give news as I will return to this problem.
    Thank you for your answer.
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,289
    Blog Entries
    2

    Default Re: Postfix - SMTP - Relayhost

    My question is why you feel you need to install and run your own SmartSMTP Relay server.

    Nowadays,
    - It starts with how your actual mailserver (typically POP or IMAP) is configured, whether it will accept mail from anywhere or if the sender needs to be authenticated. Various rules can be implemented, including settings in your Public DNS... and if you configure your own SmartSMTP, it may need to be listed. So, setting up your own SMTP Smarthost should be avoided unless necessary.
    - You may be able to use the SmartSMTP server your ISP provides. Many ISPs provide this service today, the idea is that you either need to authenticate or are automatically authenticated to your ISP's SMTP Smarthost, so your mail server is satisfied incoming mail is not spam.
    - As Malcolm describes, if your ISP does not provide an SMTP Smarthost and you own a Gmail account, you can use a Gmail SMTP Smarthost.

    Regarding your posted error, it describes a TLS handshake error. Typically this is caused by
    - TLS/SSL may not be enabled and configured on your own SMTP Smarthost
    - The wrong version TLS/SSL is required and configured. Although v3 is "best" it's not universally implemented, so v2 may be configured by default. Both sides need to agree, and this requires knowledge of the remote SMTP Smarthost you are connecting to.

    HTh,
    TSU

  5. #5
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default Re: Postfix - SMTP - Relayhost

    Quote Originally Posted by tsu2 View Post
    My question is why you feel you need to install and run your own SmartSMTP Relay server.
    HTh,
    TSU
    I am fed up with all the spam I receive and I want filter what I receive. I think that I could better filter than my provider.

    As I said the only information I got is :
    Your login "my_user_name" is already authorized to make SMTP authenticated on "smtp.free.fr".
    Only encrypted password authentication methods are accepted. For example the use of SSL (on port 465) or of the ' MD5 Challenge-Response' (on port 587).
    Last edited by jcdole; 05-Sep-2014 at 11:00. Reason: more info
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Postfix - SMTP - Relayhost

    On 2014-09-05 19:56, jcdole wrote:
    > I am fed up with all the spam I receive and I want filter what I
    > receive. I think that I could better filter than my provider.


    Typically, even using postfix in the chain, you do not need to use a
    relayhost with postfix in order to do spamfiltering when receiving.

    The relayhost is needed for sending.

    Also, a relayhost is used when you send ALL your email that way. If you
    have more than one account, and emails from all of them can not be sent
    (accepted) by the single relay host, there are other methods (with
    postfix). I can expand info on this another day.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 13.1 x86_64 "Bottle" at Telcontar)

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,289
    Blog Entries
    2

    Default Re: Postfix - SMTP - Relayhost

    Actually, an SMTP Smarthost can be used anywhere and anytime SMTP is used, it can be a perfectly legitimate use for deploying a spam filter app. The alternative is for the spam filtering to be configured as a "sink" - ie plugin to the mailserver.

    It's been awhile since I've supported this topology...
    But I would think that a remote SMTP server would need to authenticate to your SMTP Smarthost, not the other way around...
    I'd have to think about that more deeply to try to remember how that is setup...

    But, in any case instead of re-inventing the wheel at a very basic level, I'd recommend you find a "cookbook" for the specific spam filtering app you plan on using, eg spamassassin... Which should describe in detail how to setup. Would be backwards to try to figure out how to configure an SMTP smarthost before knowing whether it's required and how it would work with your filtering app. And, more than likely I assume you have a filtering app in mind instead of "rolling your own" doing some very basic lookups from a custom text file...

    TSU

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,289
    Blog Entries
    2

    Default Re: Postfix - SMTP - Relayhost

    Quote Originally Posted by jcdole View Post
    I am fed up with all the spam I receive and I want filter what I receive. I think that I could better filter than my provider.

    As I said the only information I got is :
    I'm speculating (as before)
    That you need to configure your SMTP Smarthost to output an SSL connection to the remote mail server.
    The error message is slightly vague, but I think it's saying that the username/password credentials are valid but the method of encryption is not recognized (or not configured).

    So, the possibilities in my previous post all still apply 100%. You need to configure an SSL or TLS connection, and it must use versions acceptable to the remote mailserver.

    TSU

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Postfix - SMTP - Relayhost

    On 2014-09-07 02:46, tsu2 wrote:
    >
    > Actually, an SMTP Smarthost can be used anywhere and anytime SMTP is
    > used, it can be a perfectly legitimate use for deploying a spam filter
    > app. The alternative is for the spam filtering to be configured as a
    > "sink" - ie plugin to the mailserver.
    >
    > It's been awhile since I've supported this topology...
    > But I would think that a remote SMTP server would need to authenticate
    > to your SMTP Smarthost, not the other way around...
    > I'd have to think about that more deeply to try to remember how that is
    > setup...


    But you see, I do use that kind of setup here ;-)

    And I tell you, you do not need to define an smtp smarthost in order to
    filter spam for the email you get.

    You need to set up an smtp smarthost only for sending your email, and
    only on some types of setups.


    So, please JCD, define what is the problem you want to solve, instead of
    how you want to solve it, and we'll try to propose you solutions :-)

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 13.1 x86_64 "Bottle" at Telcontar)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •