Utilisation SMTP du registar?

Dams · June 4, 2020, 7:57pm

I use localhost when using Rainloop (webmail), because it’s running on the server. Otherwise I use mydomain.com.

Maybe have a look at http://www.postfix.org/SASL_README.html#client_sasl_enable for configuring your relay with authentication. I have not tried yet but it’s in my todo list.

Sample configuration here https://www.dnsexit.com/support/mailrelay/postfix.html.

Thatoo · June 4, 2020, 8:02pm

Thank you. It looks complicated for tonight… maybe some other day.

tmb · June 4, 2020, 10:05pm

It’s too bad that adding the provider’s external smtp server(s) to mynetworks didn’t yet allow them to deliver self-originating emails.

I would have liked that routing solution, because if the email clients submit to the external smtp server, that would allow email to continue working even when the own server or its internet connection is down. A solution that could allow to continue receiving emails during the downtime might be to use the provider mailboxes (MX) but normally just let them forward all email to self-hosted (internal) addresses (providing the regular imap access and complete email archive for the clients). Then the copies on the provider’s imap server can get auto-deleted after say 30 days to avoid filling up the mailbox. But when the server is down, one may still simply check the imap mailbox at the provider, to see any new and the most recent emails until the own server is back up. (Sending just continues working as usual, submitting emails directly to the provider.)

The other solution is to let all your email clients submit all emails to your own “smtp.thatoo.com” server, but let the own server use the provider’s smtp as relayhost (with login). I suppose that is also what @Dams is doing, he just only refers to the webmail client on the same box when talking of using localhost:587. Such a “sasl_password_map relayhost” configuration is shown in the easiest experimental form (simple single file main.cf config, login not hidden in a separte root owned file) in “Setup the relay server” in the (general debian) howto that I already linked to above. But then, when the own server is down there is also no way to communicate with the usual email addresses anymore. (For coordination, help seeking and minimal fallback for all the other services on the own server like chat, files, etc.)

tmb · June 4, 2020, 10:20pm

Guess the problem with receiving own domain email from an external smtp server could have to do with the default configuration only allowing the own domain in the From: header when receiving on port 587, but completely blocking it on port 25?

tmb · June 5, 2020, 9:33pm

Maybe it’s most straight forward to seek help about why your mynetworks setting is not working with the http://www.postfix.org/lists.html support.

tmb · June 6, 2020, 12:48pm

What is your MX and SPF setup?

Thatoo · June 7, 2020, 8:44pm

@ 3600 IN MX 10 domain.tld.
@ 3600 IN TXT “v=spf1 a mx -all”

tmb · June 7, 2020, 9:21pm

Ok, then you could try adding (importing/referencing?) the gandi spf allowences, to see if younohost then accepts your email from there.

tmb · June 7, 2020, 9:27pm

Do you really have your domain pointing to your mail server? Not smtp.domain.tld? or dyndns.domain.tld?

If not, the error may actually be coming from your webserver.

Thatoo · June 9, 2020, 7:22pm

How do I add the gandi spf allowences?

Yes, by default yunohost is making our domain pointing to our mail server. I’ve just written what Yunohost gave me.

tmb · June 10, 2020, 9:01am

Sorry, I don’t know for sure, please read up on “include gandi SPF”.

If your domain really points to yunohost then it’s ok. I guess you’re not using dyndns then.

tmb · June 10, 2020, 9:03am

(As your SPF allows the mx and [Edit: a], currently only your own server [Edit: and webserver] is allowed to send.)

tmb · June 10, 2020, 9:38am

BTW: The Yunohost recomendation to request a -all configuration also blocks legit forwarded yunohost emails, and webform contact emails, for recipients that honor SFP.

So -all may be a yunohost default to reconsider, and to comment accordingly in the admin interface.

Because of the above problems it’s often recommended to only request at most a “softfail” for other smtp senders, by using ~all instead of -all.

Thatoo · June 11, 2020, 5:13pm

I don’t use dyndns, I use a VPN with fixe IPv4.
I’ve just changed to ~all in the DNS of Gandi and I’ll test tomorrow (24h for DNS to be surely updated). I’ll let you know.

Thanks for your help.

tmb · June 11, 2020, 7:26pm

Hope it does help. Make sure to have the server IPs in mynetworks, in case you removed them. Once you have it working, it would be great if you could file a proper bugreport about supporting an external smtp server (in and out / mynetworks and relayhost), and allowing forwarding of own emails at recipients, and webform usage, etc.

tmb · June 14, 2020, 9:11am

Any luck?

Thatoo · June 14, 2020, 11:30am

no, after more than 24h with the following settings

in DNS zone :
@ TXT 1800 "v=spf1 a mx include:_spf.gpaas.net ~all"

in /etc/postfix/main.cf

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 217.70.183.193/32 217.70.183.194/32 217.70.183.195/32 217.70.183.196/32 217.70.183.197/32 217.70.183.198/32 217.70.183.199/32 217.70.183.200/32 217.70.183.201/32
mailbox_command = procmail -a "$EXTENSION"

I still get

Sender address rejected: not logged in (in reply to
    RCPT TO command)

Too bad.
Iĺl put back as it was originally for now until someone get an other idea.
Thank you @tmb

system · June 29, 2020, 11:30am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.