Postfix Mail Relay - Only permit sending to specific emails - redirect

I am learning how to configure postfix. I would like to setup a mail relay to only forward emails for specific recipients email addresses and block, or even better redirect to the block addresses to generic account for investigation.
The relay will be used in a development environment and I want to ensure that production emails addresses are not accidentally used in development or testing. As a specific example I would like to create a list of emails address recipients that mail is permitted to be forwarded to eg:
dev#example.com
test#example.com
Block any other address that the relay is asked to forward for example.com. Ideally I would like to forward all blocked to an account check#example.com to investigate.
Could some one point me to the section of the postfix configuration file I should look into?
Thanks
Densha

You'll have to do a couple parts to the setup.
Part 1 is your allowed list. What emails are allowed to be sent out. If this list will change frequently you'll want to look into using an external lookup like mysql for this. If you use flat files in the postfix configuration directory then you'll have to restart postfix for each change. With mysql it will perform a new lookup each time, no restart. Postfixadmin is a tool that may help in this case.
For your 2nd problem of redirecting all mail to another account for investigation see this other solution.
https://serverfault.com/questions/144325/how-to-redirect-all-postfix-emails-to-one-external-email-address

Related

Email server to receive email from any account within domain and ideally alias

I'm currently testing some complicated functionality in a web app that involves multiple accounts within the app; each with its own unique email address. I have a few temp gmail accounts that I'm using for this purpose, but keep having to update email addresses in the database to something else for some accounts in order to reuse email addresses. It gets meesy very quickly.
My question is; is there a way I can setup an email server on my VPS (Ubuntu 16.04) that is able to accept all email addresses on a given domain without me having to define each one in advance? Ie; I'd like to be able to make up email addresses as I go; test1#mydomain.com, test2#mydomain.com, etc, and have the server receive AND store any incoming emails to those addresses. Emails include account verifications, notifications, etc, and I need to know what is being sent to each participant at each point in each workflow as I test.
Ideally I'd like some way to view all of these emails on the domain regardless of address. Perhaps setting up an alias using some kind of wildcard so that all incoming email go to a single address that I can configure in my email client on my dev machine.
Consider rewriting envelope recipient x#subdomain.example.net to handler+x#example.net
AFAIR sendmail, postfix and exim support such rewrites. AFAIR all three support passing +detail as parameter to procmail script (to ~handler/.procmailrc as $1).
WARNING: test handling message to multiple special recipients.
Post which specific SMTP/MTA server do you use if you want more hints.
Gmail also supports plussed addresses BUT you get reliable hint about original recipient only for message to single special/plussed recipient.
After a lot of research and messing about with different configurations, I found the best solution for me was PostFix with Dovecot.
I was able to set up virtual mailboxes in PostFix with virtual_mailbox_maps pointing to a file that contained this; #mydomain.com mydomain.com/catchall/
This allows mail to any email address within the domain to go to one mailbox. The mydomain.com/catchall/ is a location on the server where the mailbox is located. By convention, the domain is used in the path. Useful if you are hosting email on multiple domains. Dovecot supports variables in the config which allows you to point it to the correct mailbox.
I also found that the PostFix main.cf file must have mydestination = localhost for this configuration to work.
the following posts helped me getting this up and running;
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-postfix-e-mail-server-with-dovecot
https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04

Can the underlying email provider be determined from an email address?

We are building a system that is, effectively, an email/calendar/contact client.
Users will provide us with their email address password (or other auth, eg oauth) and we will connect to their underlying email system.
"underlying systems" include:
Microsoft Exchange / Office365
GMail
Yahoo Mail
Apple email
Generic IMAP
Each of these systems have subtle (and not so subtle) differences in their APIs, especially to access calendar & contact data. Thus we need to know what provider the user is using.
But we would rather not ASK the user. We would like to figure it out (and at, least reduce the choices) automatically.
I've looked around for something that already implements this but have not found anything. I know it's mostly possible because Windows Phone does it pretty well (just enter username/pw and it does the right thing).
Before I dive in and start writing my own I want to ensure I'm not wasting my time if someone's already done it in an excellent way.
Know of anything like this? For this project prefer C#/.NET.
[EDIT: Adding potential algo]
Potential Algorithm:
Given email address & password
Extract domain name from email address
Try Exchange autodiscover. If successful done.
Use DNS MX records to find smtp host.
Do SMTP EHLO
Gmail responds with "250-mx.google.com at your service"
So if we see a "google.com" we are done.
Yahoo responds with 250-mta1257.mail.sk1.yahoo.com
So if we see a "yahoo.com" in the response we are done.
Apple responds with 250-xxxxxx-mac.com
So if we see a "mac.com" in the response we are done.
If none of the above
IMAP?
...
[EDIT: 5/18]
I built a prototype that uses methods that don't require auth (e.g. just MX/SMTP sluthing). Give it a try: http://bit.ly/KLZKxD
Algorithm seems reasonable. You will get best results running from unfiltered server (meaning it has direct SMTP outbound / doesn't run through a proxy). If running from client (mobile/tablet/desktop), then no guarantees as some ISP's pass SMTP through a proxy relay hence EHLO response is only for proxy.
You may want to do a port check for servers to verify expected protocol support (just a TCP connect may be sufficient but protocol handshake is preferable). Additionally, best to build up a database of verified SMTP and IMAP server mappings as there can be split names (e.g. smtp.domain.com and mail.domain.com) - discovering SMTP is easy, discovering outbound server(s) which usually also means calendar/contacts server, not so much (except for Exchange but only if autodiscovery is configured correctly).
If you can get your users to approve and assuming you have their username/password, you could try connecting to SMTP via MX record and sending an email back to your own address then checking through headers for useful info about the server (needs to be authenticated to relay). Users could alternatively reply to an email you generate in order to get the same server info.
Also ensure that you do your own DNS query and try each MX record or all primaries -- if the principal MX is down or DNS is poorly configured for equal weighting, you could end up hitting a smarthost / backup which may just be a dumb SMTP relay / store-and-forward and not give you the correct response.
TL;DR: No quick solution but a cascaded algorithm that trys and fails different solutions until one works / gives an expected result should work.
Most devices can auto detect the service by parsing the Whole e-mail address. Xyz#gmail.com would obviously be a gmail account. So for Apple, Gmail, Yahoo, Live, Hotmail etc you can easily program for.
For other domains, including custom, you can try this: http://www.exclamationsoft.com/exclamationsoft/netmailbot/help/website/HowToFindTheSMTPMailServerForAnEmailAddress.html
You can detect Google Apps For Your Domain accounts by examining the domain's MX records. If the primary MX record is ASPMX.L.GOOGLE.com, then it's GMail.
I created an implementation of this that has been used widely with some success: https://github.com/tig/Email2Calendar
This is used by both milelogr.com and freebusy.io.

Automated database tracking of Undelivr email in ColdFusion?

Given there is a "FAILTO=''" option for cfmail, triggering an email to be sent to that email if the email didn't get delivered...
Is there a way to somehow assign an ID or tracking # to an email, store it in a database with that ID... then update the status of that email if it fails?
I'd like to track bouncebacks... preferably WITHOUT sending the FAILTO to a POP3 or IMAP and then checking it with cfimap...
Is there any alternate way of handling this?
Maybe an event gateway that is triggered upon email failure?
UPDATE: I've decided to take a different approach, utilizing the sendgrid API.
I'm hoping that lends me with a few more tools than CF offers.
The short answer to your question is unfortunately no.
A longer version with a possible solution:
The failTo email address populates the return-path in the email header, this then 'should' be used by mail servers for bounce backs (however see - http://www.bennadel.com/blog/1899-GMail-Seems-To-Ignore-The-Return-Path-Header-Defined-By-The-CFMail-FailTo-Attribute.htm for an example where it doesn't)
So you are going to need to monitor an Imap or pop account to see your mails, however you can set up an event gateway to monitor this, with detailed instructions here - http://www.alagad.com/documentation/imapGateway/ImapWatcher%20Gateway%20Documentation.pdf
What you're left with is needing to identify which mail matches which bounceback, when I've done something similar in the past I used unique id's for the failTo email addresses at a domain I owned. If you set that up and then use your listener cfc to look for the id in the return-path.
So your sending code would work along the lines of:
Generate unique id
Send mail
Add row to database with unique id
Your listener.cfc would then need to inspect the email returned and if it finds the unique id update the row with whatever information that you're after.
Hope that that at least helps even if you'll need to set up some other bits.
You could use a directly watcher on the undelivr folder to log the failed emails, only really a solution if its own server and not a shared server though.
As far as I know once it leave the spool and is off to your SMTP server CF assume it's been sent correctly.
The email will trickle down the chain of SMTP servers/relays and if anything happen the only instruction they have is to bounce it back to the from address or failto address if present. CF isn't listening at this point so it can't respond.
We use an external tool called Glock email processor to handle exceptions. It's not free, but works pretty well. You can find it here: http://www.glocksoft.com/email-processor/
You need to configure it to check the failto address and from there you can take many actions. I got it setup as a three strikes system.
Email address bounce, I increment a counter in my email table, at 3 I deactivate that email from the system.
Nothing you can't do yourself with cfpop though.

Automatically forward all email addresses on one domain to another domain

I've had a good search on Google but can't find the answer sorry...
We're an Australian company who use a .com address as our primary contact point. Unfortunately sometimes people email to foo#ourdomain.com.au and so the email bounces.
I know I can manually create entries to forward the .com.au addresses to their .com equivalent, but it's not a particularly viable solution longer term.
Is there a way to automatically do that mapping at a server level? We have root access so I can set up whatever is required in that regard.
To re-iterate, everytime someone sends an email to:
foo#ourdomain.com.au
it needs to forward to
foo#ourdomain.com
and I'd prefer to automate the mapping as email addresses are added / removed quite regularly.
We are also using PLESK if that makes a difference.
Thanks...
Sounds to me like you don't need to forward at all. Just set the MX record for ourdomain.com.au to be the same as the MX record for ourdomain.com. Then configure the mail server to accept mail for both domains. The only case in which this isn't viable is if there are actually legitimate .com.au addresses that need to be handled by a separate mail server.

Development SMTP Server

I need a cross platform (at least windows and mac) development utility that runs as an SMTP server that acts as an SMTP server but will redirect all mail to a single address that's configurable. It would also be helpful if it wrote the contents out to a file or gui. Long ago I configured Apache James to do this but it wasn't that straight forward to figure out. Hoping there's something really simple out there.
I need the emails to be forwarded (to the single address) so I can see how they are rendered on different clients (gmail, outlook, etc.)
Thanks! -Mike
We used Mailtrap for this. It give you remote smtp server account and direct access to all mails in it. So you just enter given smtp credential in your application and after that all email sent by your system will be visible on mailtrap.
On mailtrap you can have as many smtp account as you want( different account for different application environments, or different application) Also you can manage access to your account ( so only trusted people will se your emails) and you can forward some emails to real email addresses.
It doesn't do the forwarding you are looking for, but for most of my testing I make use of fakemail (http://www.lastcraft.com/fakemail.php) it's simply a script that listens on a port an acts as an smtp server, writing any incoming mail to a directory.
You could use Python's smtpd library and override the process_message function to only send to the desired address -- i.e. replace the "to" field with your desired constant email address.
Here's a page with some examples of using smtpd (with asyncore) to actually send out mail.