Here is the english translation.
My english is really not perfect, tell me if see errors, I will edit the post.
Hello,
This howto is a response to the seby’s post : [Solved] Identités sur Roundcube
The need :
Despite the use of yunohost, I still need to manage email from provider like gmail or yahoo. I want to centralize email management on my personal server. So I need to receive mail from these providers but also send mail from roundcube in particular and from my yuno server in general.
This howto explains how I did it.
Warning 0 : The configuration describes here modifies the postfix configuration and override a ldap/yuno restriction. This could be a problem during a yunohost upgrade.
Warning 1 : The configuration describes here works on my yuno installation. It may not work at your’s.
Warning 2 : Please, often look at the postfix’s logs. A configuration mistake or many unsuccessfull tries may conduce to consider your address ip like a spammer.
Warning 3 : This howto describes how to send mail using an external mail like gmail or yahoo. It does not describe how to fetch mails from your provider (I use fetchmail for that need).
Warning 4 : Please, do not copy all the configuration wihtout using your brain :-). I tried to show setting that you need to change for your needs by quoting them with “<>”. It sometimes not possible to keep clear this howto. I used my personnal case (gmail and yahoo) to write this howto.
Warning 5 : Please consider that I will never be responsible of a dammage on your installation if you apply this howto. I’am not a postfix/ldap/yuno expert so it is possible that you find some imprecisions in this howto.
So, let’s go …
The goal is to configure postfix to act as a normal client email. To do it we will use the postfix capability named “sender-dependent”. With the “sender-dependent” postfix will be able to detect that the sender (the “From:”) is one of your external email and it will use your provider smtp relay. We will also configure roundcube to create an “identity” corresponding to your external mail.
Here are the configuration steps :
- Postfix configuration
- Modifications in /etc/postfix/main.cf
- Creation of the postfix’s maps for the “
sender-dependent” - Modification of the sender_canonical map
- First test
- Adding identities in roundcube
1 - Postfix configuration
1.1 - Append parameters in main.cf
To add “sender-dependent” capabilities we will add some “smtp_*” parameters. Copy the parameters below in your /etc/postfix/main.cf (documentation is in comments).
# Configuration to relay external emails
# ======================================
# Map containing the correspondence "smtp relay" <=> "login and password"
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Init smtp sasl authentication
smtp_sasl_auth_enable = yes
# Map containing the correspondence "mail address" <=> "smtp relay"
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
# init "sender-dependent" capabilty
smtp_sender_dependent_authentication = yes
# Init tls connection with smtp relay
smtp_use_tls = yes
# Authorizes PLAIN TEXT password BUT only in tls mode
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = noanonymous
1.2 - Postfix creation of the “sender-dependent” maps
1.2.1 Map sender_relay
This map contains the corespondence between your email and the smtp relay to use.
Create the file sender_relay:
$ touch /etc/postfix/sender_relay
Write your own configuration to obtain something like that :
<login>@yahoo.fr [smtp.mail.yahoo.com]:submission
<login>@gmail.com [smtp.gmail.com]:submission
Generate the map :
$ postmap hash:/etc/postfix/sender_relay
1.2.2 Map sasl_passwd
This map contains the correspondence between the stmp relay and your login/password to use for authentication. Be carrefull, password is in plain text !
Create the file sasl_passwd :
$ touch /etc/postfix/sasl_passwd
Modify permissions :
$ chmod 600 /etc/postfix/sasl_passwd
Write your own configuration to obtain something like that :
[smtp.mail.yahoo.com]:submission <login>:<password>
[smtp.gmail.com]:submission <login>:<password>
Generate the map :
$ postmap hash:/etc/postfix/sasl_passwd
1.3 - sender_canonical map modification
Postfix uses a “cleanup” mecanism of the sender address. For example, if you send (from your yuno server) an email where the sender is toto@example.com, postfix will modify the sender to toto@your_yuno_domain. That’s a normal behaviour, you can not manage a domain that is not your property. But if we do nothing we will not be able to send mail from an external email, postfix never do the correspondence between the sender and the smtp relay to use.
So, we will modify the rewrite rule in the map sender_canonical
The original file contains :
$ cat sender_canonical
/^(.*)@(.*)$/ ${1}
Replace by :
$ cat sender_canonical
if ! /<login>@(yahoo\.fr)|(gmail\.com)$/
/^(.*)@(.*)$/ ${1}
endif
NOTE : It’s “quick an dirty” I guess there is an more elegant way to do it
1.4 - First test
At this step you can make a first test to ensure that the configuration is working well.
First, restart postfix :
Under Jessie : systemctl restart postfix.service
Under Wheezy : /etc/init.d/postfix restart
Send an email with one of your external email :
$ sendmail -f <login>@yahoo.fr -t <<EOF
> to: <login>@gmail.com
> subject: Premier test
> EOF
Take a look to your postfix’s logs, you should see messages like these ones:
[...]
Aug 15 13:43:49 hostname postfix/smtp[2895]: Untrusted TLS connection established to smtp.mail.yahoo.com[188.125.69.59]:587: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Aug 15 13:43:50 hostname postfix/smtp[2895]: E70BA360E8C: to=<<login>@gmail.com>, relay=smtp.mail.yahoo.com[188.125.69.59]:587, delay=1.2, delays=0.05/0.05/0.82/0.27, dsn=2.0.0, status=sent (250 OK , completed)
Aug 15 13:43:50 hostname postfix/qmgr[2142]: E70BA360E8C: removed
[...]
If you do not see errors all is working well, if not … find what is not working …
2 - Add identities in roundcube
At this time you can not use your external mail in roundcube. Roundcube calls this an “identity”. Identities are collected from the yuno ldap. You have to add the identity in the ldap first.
From postfix point of view it is an alias. You can add alias from yunohost application (moulinette or web app) but you will face an error because the domain part of the email is not your yuno domain.
The workaround is to add the email on your yuno account using a client ldap command : ldapmodify.
We will add a multi-valued attribut : mail
I used ldapmodify in interactive mode but you can first create a ldif file and use it with the command (-f).
You will need the yuno admin password.
You will need the “dn” attribut of your yuno account.
Here is how I added one of my external email :
$ ldapmodify -D cn=admin,dc=yunohost,dc=org -W
Enter LDAP Password:
dn: uid=my_account,ou=users,dc=yunohost,dc=org
changetype: modify
add: mail
mail: <login>@yahoo.fr
^d
NOTE : “^d” means that you have to use the keyboard sequence “crontrol+d”, it validates the modification.
You can check your account using the moulinette command :
$ yunohost user info my_account
You have to disconnect an re-connect to roundcube and then you will see in the roundcube “Identities” the alias you added.
Make a new test from roundcube. Write a new and select in the “From:” fied your new identity. Check once again the postfix’s logs.
It’s done !