Mail relay : "the other side"

Support
, , ,
1

What type of hardware are you using: LXC on Proxmox
What YunoHost version are you running: 12.0.12
How are you able to access your server: The webadmin
SSH
VNC
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: The server has been runnnig for some time, so probably some tweaks here and there (eg, changed postfix conf to allow mailaliassses for LDAP groups to send mail)

Describe your issue

Hi all,

The IP of one of my Yunohosts is on a subnet-blocklist (“SpamRATS dyna”). I can’t get it off the list, so to send mail, I need a relay.

There are commercial solutions for that, but as I prefer to keep mail self hosted and federated instead of centralized in a few silos, I can send it via another Yunohost as well.

  1. Configuration of the mail relay client (“B”) are available in Yunohost
  2. I can find hints on configuring Postfix as a relay server (“A”), but I’m not sure whether I need SASL or that I can add a generic Yunohost user and authenticate against LDAP

I imagine that to have Yunohost “B” (relay client) send email via Yunohost “B” (relay server), I need to:

  • create a user on A and configure it on B as relay user
  • allow that user in A’s configuration to send any email coming from B, no matter the from-address (or maybe configure the allowed domains)
  • copy the DKIM, SPF and DMARC records of A to B
    • No changes to the records on A needed? The domain of A is not mentioned in either of those, except perhaps in the key? Not in SPF anyway, so B does not need to be mentioned either)
  • What about the pointer/rDNS of B? Even though it is not visibly in the process of sending mail anymore, I think it still needs to point to the domain of B to mark it as a valid participant in mail traffic

I got some hints at Lowendspirit and found a howto by Linuxbabe. Would following these break mail for server B? Would I get a warning of changed configs and/or lose the configuration on a future upgrade?

Share relevant logs or error messages

There is no logging yet

edit: add links, switch A (now relay server) /B (now client)

2

Maybe this is a different approach interesting for you:

I’m selfhosting on a dynamic IP using my yunohost as my main email without any relay. Another way to work around the limitations of the connectivity available to your server is to have a vpn.

Yunohost and Email Setup

3

Hi ChriChri,

Thank you for your suggestion!

My situation is a bit the other way around:

  1. my ISP provides a fixed IP and Yunohost on my homeserver can send mails without a probkem
  2. one of my VPS got dealt an IP from a range with a bad reputation
  3. I run Yunohost on another VPS that I want to use as generic mail relay and fall back (secondary MX for multiple hosts)

Because 3) is to be used for generic mail functionality, I don’t want to sacrifice the IP of 2) by running a VPN through it only for sending 3)'s mail.

After reading a bit more, it seems SASL just adds another authentication method, besides LDAP. I’ll give it a run on a test machine and see if installing and configuring it has obvious negative side effects.

If anyone has a suggestion or a hint I’m all ears!

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.