I'm using fail2ban on Google Compute Engine where I can't install sendmail or other email servers and I would to set sendgrid as email server.
In jail.local there is this config:
destemail = myemail#myhost.it
mta = mail
Where can I set the host, user, password to send emails via sendgrid.com?
I think that fail2ban uses the machine mail command to send email, thus it is using the machine mailing daemon. If you look at this snippet:
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
that is taken from here (fail2ban sources on github), you can see that a message of fail2ban is piped to the mail command (in Debian based distribution this is installed via the mailutils package). Since I think your problem is that you cannot use or configure this mail command (which means configuring the mail server), you may think to write a very simple mail binary (in the language you prefer), with a pretty similar interface that may use something like the Gmail App Script to send the email, or even Gunmail or Sendgrid to actually send an email from that machine (with a POST request through the REST Api? Do they allow you?), and add this custom binary to the $PATH of the user that runs fail2ban.
Edit: There is a page in the Google compute documentation related to Send Grid. Also according to this you cannot use sendmail: the ports are closed.
Google Compute Engine does not allow outbound connections on ports 25, 465, and 587. By default, these outbound SMTP ports are blocked because of the large amount of abuse these ports are susceptible to. In addition, having a trusted third-party provider such as SendGrid, Mailgun, or Mailjet relieves Compute Engine and you from maintaining IP reputation with your receivers.
Related
I want to set up a ticketing system (osTicket) on a centOS server that generates tickets from incoming e-mails.
osTicket can query mailboxes, but it also provides an API / scripts for piping. Is there a recommended way to setup a (lightweight) mailserver to pipe incoming emails to the script? I do not need actual mailboxes for users.
It's been a while since I did any work on a mail server, but it seems to me that I would only need to set up an MTA for this, and no MDA, correct?
My fallback is to set up POP3/SMTP inboxes elsewhere and query from osTicket. Easy as that would be, the local MTA setup seems cleaner to me.
Consider using remote mailbox accessible via IMAP with IMAP IDLE command support.
It will allow you to get "near real time" delivery to pipe without burden of configuring properly your own SMTP server.
[AFAIR IMAP IDLE is supported e.g. by gmail]
You may use fetchmail with custom procmail script as mda (no need for local SMTP/MTA server).
Using procmail (as "man in the middle) is not strictly necessary but your it will allow you to easily run filtering before delivery to the ticket system (e.g. anti-spam + anti-virus).
Not sure if this belongs on Stack Overflow or somewhere else but I'll try here first.
I have multiple servers, each with the same setup where nearly everything running on the server is in a docker container. I have two goals I would like to achieve. First, the host machine is setup to send emails for users with uid < 1000 to my external email address. Second, on one server, I have a docker-mailserver container running to handle random, seldom used emails (for log files, etc.).
It seems I can have either the host machine running postfix OR the docker-mailserver running (and bound to port 25). Currently, I have the docker container, running the mail server, full operational and everything can send and receive just fine.
However, now I am unable to start postfix on the host machine so that I can receive emails sent to the root user (things like cron output) since port 25 is --rightfully-- in use by the actual mail server receiving email.
Questions:
1) How can I tell postfix on the host to not bind to port 25? If port 25 is only used for receiving mail, why would my outgoing-only postfix config need to use port 25?
2) I am perfectly comfortable not receiving emails for the root user, if whatever would normally be sent to the root user is logged elsewhere (perhaps, syslog?). Are the emails to root only maintained as emails or are they somewhere else, negating the need for postfix on the host for forwarding to a real account?
Thanks in advance.
Specifically answering your questions first:
You should be able to have postfix listen on any port you specify by editing the main.cf configuration file and changing the smtp listener to a numbered port of your choice. Of course, if it isn't a "known" port, I'm not sure what/who will ever connect to it, but maybe you don't care in this situation as you are only using postfix as a relay?
It may depend some on the Linux distribution or setup of your host, but most systems will leave email in the local delivery "mail spool" if there is no system/daemon set up to move it anywhere else. Back when that was the normal way to handle multi-user mail on UNIX systems, a login user used a mail reader client to read through email in your local "spool", and of course if you don't have that, you can simply vi your mail file and read the raw contents if necessary. These mail files are normally located in /var/spool/mail on most systems.
Stepping away from your questions, I would guess you don't necessarily need postfix running on your host, especially as your containerized mailserver is handling the port 25 SMTP traffic for the host. Local email will stay local, I assume, without postfix, and be available through local means; and you might even find a simpler solution to external forwarding (e.g. a script that can parse mail spools and just connect to an SMTP relay and send it to an external address) if you want that.
I am developing custom features for osTicket and I need to setup a mail system that sends emails, locally, and can simulate several email inboxes.
My local development setup is vagrant with ubuntu precise 64. I already have the LAMP stack running.
osTicket needs to send emails (only internally) and needs to have mailboxes (osticket reads and processes incoming mail on selected mailboxes).
I installed postfix, but could not get it to work.
Thank You.
Recently, I installed osTicket for my company. It can allow you to setup SMTP, which can use your Gmail account to send email. It is simple to setup.
The only thing to keep in mind is you need to use "Allow less secure apps to access your account". See: https://support.google.com/accounts/answer/6010255?hl=en for more information.
Configure ssl://smtp.gmail.com as your SMTP address and port 465 as your SMTP port. Even if you are not using Gmail, you still have to put "ssl://" before your SMTP host name.
This is a problem I'm sure is easy to fix, but I've been banging my head on it all day.
I'm developing a new web site for a client. The web site resides at (this is an example) website.com. I have a PHP form script to email visitors' requests to requests#website.com.
When I coded this on a staging server on a different domain, all worked fine. When I moved it to website.com, the mail messages never arrived. The web server is on a virtual host with a major ISP.
Here's what I've learned since then: My client's mail server is Microsoft Exchange on a box physically in their office. Whenever someone on the outside world emails requests#website.com, the mail arrives. But if the web server sends to the same email address, it fails every time. This is not a PHP problem. I secure shell in to the web server and have tested this both with sendmail and the UNIX mail application. I've also tested it by emailing various email accounts from the shell. I can email myself, for example, just nobody at the website.com domain.
In short, when I'm logged in to website.com, mail to requests#website.com, user#website.com, another_user#website.com all fail. All other addresses work fine. What I've discovered is those dropped emails are routed to the web server's "catchall" account where they sit in its inbox.
I've done an MX lookup on website.com. The MX record points to mailsec.website.com. I can telnet to mailsec.website.com port 25 and see the SMTP server.
It appears to me that website.com isn't doing an MX lookup when it's sending mail to requests#website.com. My theory is that it recognizes the domain as local, sees that there's no "requests" user account to deliver it to, and drops the mail into the catchall account. What I want is to force sendmail to do the MX lookup and send the message on to the Exchange server. I'm at wit's end here. I can't figure out how to do this.
For that matter, I may be way off base here and have misdiagnosed this entirely. Internet mail and MX has always seemed a black art to me, and my ignorance is certainly showing in this question.
I think the problem is that sendmail (your process) is talking to the local sendmail daemon. The local sendmail daemon thinks that because it is website.com, it should know how to deliver the email. Unfortunately, the actual address in the to field does not exist on the web server and thus it dumps it in the "catchall" mail box. You should talk to your ISP and have them update their sendmail configuration so that mail addressed to ...#website.com gets forward to the mail exchanger instead of being handled locally.
Sendmail by default guesses list of local email domains.
It can be turned off using the following line in your sendmail.mc file:
define(`confDONT_PROBE_INTERFACES',`True')
As root list local email domains before and after the change using:
echo '$=w' | sendmail -Am -bt
You will see which domains should be added "manually" to (usually) /etc/mail/local-host-names file after disabling auto-guessing.
After changing sendmail.mc:
Generate/compile new sendmail.cf file
Restart sendmail daemon (or send HUP signal)
tvanfosson basically has it, but as a temporary workaround, you should be able to change your script so that it mails 'user#mailsec.website.com', and then the mail will get delivered to the actual mail server.
Edit the tsm.cf file (in /etc/mail/ or similar) to include
FEATURE(relay_entire_domain)
between the DOMAIN() and MAILER() lines. Since you're editing the file, you may want to also improve security with
define(`confPRIVACY_FLAGS',``noexpn,novrfy'')
After changing the tsm.cf file (or any sendmail config file), restart or SIGHUP the sendmail process.
This change is necessary because the WWW and MX servers for the domain do not exist in the same process space; this FEATURE triggers sendmail to process messages for the domain using it's external delivery mechanism.
The edited portion of the tsm.cf file should look similar to this:
DOMAIN(website.com)dnl
FEATURE(relay_entire_domain)dnl
define(`confPRIVACY_FLAGS',``noexpn,novrfy'')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
What worked for me was to add an MX record on the webserver hosting the website, that points to the host assigned on the original domain name server. In the case presented here would be an mx record pointing to: mailsec.website.com
I'm new here. Wanted to extend RB_CWI answer, but I am not allowed to comment.
His solution worked great.
You are not required to define the DOMAIN().
However, on my system I was required to install the sendmail-cf package.
The instructions below were done on CentOS 6.5
First, install sendmail-cf
sudo yum install sendmail-cf
Then, edit the senmail.mc
sudo vi /etc/mail/sendmail.mc
At the bottom of the file add FEATURE(relay_entire_domain)dnl, so it looks like:
...
FEATURE(relay_entire_domain)dnl
MAILER(smtp)dnl # right above this line
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
Save the file, and restart sendmail.
sudo service sendmail restart
Got stuck on the same problem. MX points to an external Exchange server but php/sendmail did not lookup this record. Instead mails posted by WordPress on this webserver dropped in the catchall-mailbox.
Solution was to delete ALL mailboxes on the webserver. Now sendmail was interested in the MX and all mails went to the Exchange.
However, the Exchange uses the webspace's mail server as SmartHost for outgoing mails. As solution for this, we were able to use the FTP credentials for accessing the mail server. I assume this solution does not work on every provider on this planet, but in our case (all-inkl.com) it worked out.
I have a computer at home which I can't access from work. I'd like to be able to view results from work that my home computer produces. The best idea I've come up with is an automated script running on my home computer that emails myself the results (from a text file or stderr/out) when complete.
I'm decent with bash (I have a linux machine) and java, so an answer using either or both of those would be ideal, but if there's something easier that's fine too.
I typically use gmail, but also have yahoo mail.
My question is this: what would be the basic steps in solving this problem? I can do the nitty gritty stuff, but can't really get the big picture of how something like this would work.
Please help.
jbu
Howto set up ssmtp to send through a Gmail account
Some of the steps here might seem strange at first, but the rationale is put
in footnotes that should hopefully explain why.
First create a spare account on gmail which you will only use for
sending email. For instance, if your normal account is user#gmail.com,
create an account user.noreply#gmail.com with a newly created password
which you only will use for this account [1].
Set up the new account to forward all email to the normal account [2]
and under account settings you should add all other email adresses you
use [3].
Then install ssmtp (On Debian: aptitude install ssmtp) and edit ssmtp's configuration file /etc/ssmtp/ssmtp.conf:
root=user#gmail.com
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES
AuthUser=user.noreply
AuthPass=passwdusedonlyforthisaccount
FromLineOverride=YES
and configure the local mail delivery by editing /etc/ssmtp/revaliases
assuming that your local login is localuser:
root:user#gmail.com:smtp.gmail.com:587
localuser:user#gmail.com:smtp.gmail.com:587
Make sure the two configuration files are readable to all users who
should be able to send email [4].
Test the setup by e.g. mailx (On Debian: aptitude install bsd-mailx):
echo 'testing, one, two' | mailx -s 'test 1' user#gmail.com
Hope this helps.
[1] The new gmail user name and password will be visible to everyone who
can log onto your machine, so you do not want this account to be
critical in any way, meaning you can close it down immediately if
someone should get access to it.
[2] If some email you sent bounces back to you, you might want to know
about it, and there actually exists people who will happily reply to an
email from johnsmith.noreply.
[3] Gmail will rewrite the From header on the email if it does not recognise the address.
[4] Ssmtp runs as the local user who sends the email, so that user needs
read access to the configuration files.
On any Linux I have used the mail sending from command-line is simple:
mail -s "My subject here" recipient#wherever.com <message_body.txt
AFAIK this acts as a front-end to sendmail, and you have to have sendmail configured to forward the messages to your ISP mail server.
You can't access your home computer from work which rules out a "remote support" option.
Can you access other computers on the Internet? If so, you could simply set up one of the online storage options and then ftp the results from your home computer. That's a lot simpler then trying to write scripts or code to generate emails with attachments or whatever.
You could then view the external computer from work.
If you have netcat, this command will send you an e-mail:
Given a file in this format (from Wikipedia):
HELO relay.example.org
MAIL FROM:<bob#example.org>
RCPT TO:<alice#example.com>
RCPT TO:<theboss#example.com>
DATA
From: "Bob Example" <bob#example.org>
To: Alice Example <alice#example.com>
Cc: theboss#example.com
Date: Tue, 15 Jan 2008 16:02:43 -0500
Subject: Test message
Hello Alice.
This is a test message with 5 headers and 4 lines in the body.
Your friend,
Bob
.
QUIT
Then netcat it to an SMTP server you have access to:
nc mail.somewhere.com 25 < file.txt
This will then send the e-mail. You can see how you can create a Java program to do this for you (just execute the commands).
Traditionaly, with unix systems like Linux, you'd have an MTA, a mail transfer agent, on the computer that deals with sending e-mail.
This could be a full blown e-mail server like exim, or something simple like ssmtp that just sends messages on to a relaying SMTP server such as would be provided by your ISP.
This isn't neccessarily the case anymore, since mail clients like Thunderbird include their own MTA, much like mail clients on Windows do.
However, it is likely that your distro will install some MTA or other by default, if for no other reason than the fact that other things on your system, like cron, want to be able to send e-mail. Generally there will be a command line tool called sendmail (sendmail being the original MTA [citation needed], other MTAs maintain compatability with its interface and it has sort of become the standard) that can be used from a shell script to send an e-mail.
My solution assumes that you have a SMTP server available which allows you to send an email programmatically. Alternatively, you can use a local install of sendmail which generally is available with most linux distros.
Create a standalone java program which watches the directory your home computer saves the file to. Use the JavaMail API to attach and send the file to any email you wish.
If you're also familiar with the Spring Framework, it has a nice abstraction layer for working with JavaMail and makes this sort of thing trivial.
Of course, your home ISP probably has the common SMTP port blocked as well.