I'm running a bunch of Debian/Ubuntu servers, with one core, main server that all the other web servers connect to. Right now though, when our core server sends an email (like someone sending an email through our administrative web GUI), the first "Received:" header lists the address to our main server, which we want to avoid.
So my plan was to setup a way to send the email through the server it should really be coming from. So when we send an email from the software at www.backend.com, I would like the headers to reflect www.frontend.com. I tried looking up SMTP proxy for Ubuntu but didn't find too much, except to look for something called MTAs.
I played around with nullmailer and msmtp, but I can't seem to get either to work the way I'm expecting, e.g. set up the SMTP credentials on www.backend.com for this account to point to www.frontend.com and have the front end server connect to our email provider. Is what I'm trying to do possible?
EDIT TL;DR
I keep trying to set up SMTP relay servers, but I can't connect to my postfix SMTP server remotely. How do I setup a simple email relay server on Debian Ubuntu? Not sure if that's even the right term, because there seems to be hundreds of articles explaining how but I cannot get a single one to work
Your MTA is postfix, and you want to use it twice; as an INTRANET host and an edge relay. So the first step is not to remove the received header, but to make sure the relay is allowed and occurs which will add the "frontend" relay in the headers. Once relaying is functioning, the relay can remove or replace header lines.
Relaying
On the relay (FRONTEND)
docs#relay_from
mynetworks = 127.0.0.0/8 IP_OF_BACKEND/32 ...others?
On the sender (BACKEND)
relayhost
relayhost = [www.frontend.com]
Filtering on the relay
For simple filters, header_checks is sufficient.
header_checks = pcre:/etc/postfix/header_checks
(pcre - make sure postfix-pcre support is installed, or follow the POSIX regex debugging in the next link.)
It is generally best to sanitize the header rather than remove it, so example contents of that file sanitizing it is here, though it should be matched to only rewrite received headers from backend instead of all hosts .*.
So after examining the real received headers you want to replace and deciding which part(s) to keep as regex groups, your substitution might be something simple like this:
/^Received: from www.backend.com.*id\s(\w+).*/
REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1]) with SMTP id $1
Removing the received header is essentially the same, but can use the IGNORE action instead of REPLACE and requires a simpler regex as there is no substitute header to build. However, removing headers is more likely to cause issues as you add Milters, etc for later requirements.
Related
I am learning how to configure postfix. I would like to setup a mail relay to only forward emails for specific recipients email addresses and block, or even better redirect to the block addresses to generic account for investigation.
The relay will be used in a development environment and I want to ensure that production emails addresses are not accidentally used in development or testing. As a specific example I would like to create a list of emails address recipients that mail is permitted to be forwarded to eg:
dev#example.com
test#example.com
Block any other address that the relay is asked to forward for example.com. Ideally I would like to forward all blocked to an account check#example.com to investigate.
Could some one point me to the section of the postfix configuration file I should look into?
Thanks
Densha
You'll have to do a couple parts to the setup.
Part 1 is your allowed list. What emails are allowed to be sent out. If this list will change frequently you'll want to look into using an external lookup like mysql for this. If you use flat files in the postfix configuration directory then you'll have to restart postfix for each change. With mysql it will perform a new lookup each time, no restart. Postfixadmin is a tool that may help in this case.
For your 2nd problem of redirecting all mail to another account for investigation see this other solution.
https://serverfault.com/questions/144325/how-to-redirect-all-postfix-emails-to-one-external-email-address
We are building a system that is, effectively, an email/calendar/contact client.
Users will provide us with their email address password (or other auth, eg oauth) and we will connect to their underlying email system.
"underlying systems" include:
Microsoft Exchange / Office365
GMail
Yahoo Mail
Apple email
Generic IMAP
Each of these systems have subtle (and not so subtle) differences in their APIs, especially to access calendar & contact data. Thus we need to know what provider the user is using.
But we would rather not ASK the user. We would like to figure it out (and at, least reduce the choices) automatically.
I've looked around for something that already implements this but have not found anything. I know it's mostly possible because Windows Phone does it pretty well (just enter username/pw and it does the right thing).
Before I dive in and start writing my own I want to ensure I'm not wasting my time if someone's already done it in an excellent way.
Know of anything like this? For this project prefer C#/.NET.
[EDIT: Adding potential algo]
Potential Algorithm:
Given email address & password
Extract domain name from email address
Try Exchange autodiscover. If successful done.
Use DNS MX records to find smtp host.
Do SMTP EHLO
Gmail responds with "250-mx.google.com at your service"
So if we see a "google.com" we are done.
Yahoo responds with 250-mta1257.mail.sk1.yahoo.com
So if we see a "yahoo.com" in the response we are done.
Apple responds with 250-xxxxxx-mac.com
So if we see a "mac.com" in the response we are done.
If none of the above
IMAP?
...
[EDIT: 5/18]
I built a prototype that uses methods that don't require auth (e.g. just MX/SMTP sluthing). Give it a try: http://bit.ly/KLZKxD
Algorithm seems reasonable. You will get best results running from unfiltered server (meaning it has direct SMTP outbound / doesn't run through a proxy). If running from client (mobile/tablet/desktop), then no guarantees as some ISP's pass SMTP through a proxy relay hence EHLO response is only for proxy.
You may want to do a port check for servers to verify expected protocol support (just a TCP connect may be sufficient but protocol handshake is preferable). Additionally, best to build up a database of verified SMTP and IMAP server mappings as there can be split names (e.g. smtp.domain.com and mail.domain.com) - discovering SMTP is easy, discovering outbound server(s) which usually also means calendar/contacts server, not so much (except for Exchange but only if autodiscovery is configured correctly).
If you can get your users to approve and assuming you have their username/password, you could try connecting to SMTP via MX record and sending an email back to your own address then checking through headers for useful info about the server (needs to be authenticated to relay). Users could alternatively reply to an email you generate in order to get the same server info.
Also ensure that you do your own DNS query and try each MX record or all primaries -- if the principal MX is down or DNS is poorly configured for equal weighting, you could end up hitting a smarthost / backup which may just be a dumb SMTP relay / store-and-forward and not give you the correct response.
TL;DR: No quick solution but a cascaded algorithm that trys and fails different solutions until one works / gives an expected result should work.
Most devices can auto detect the service by parsing the Whole e-mail address. Xyz#gmail.com would obviously be a gmail account. So for Apple, Gmail, Yahoo, Live, Hotmail etc you can easily program for.
For other domains, including custom, you can try this: http://www.exclamationsoft.com/exclamationsoft/netmailbot/help/website/HowToFindTheSMTPMailServerForAnEmailAddress.html
You can detect Google Apps For Your Domain accounts by examining the domain's MX records. If the primary MX record is ASPMX.L.GOOGLE.com, then it's GMail.
I created an implementation of this that has been used widely with some success: https://github.com/tig/Email2Calendar
This is used by both milelogr.com and freebusy.io.
We've ported several legacy ColdFusion sites from rackspace to viviotech, and they all work fine except for sending email using the cfmail tag. When viewing the CF mail.log it contains this error message for each attempt:
"Error","scheduler-0","07/01/10","06:31:22",,"Invalid Addresses; nested exception is: class javax.mail.SendFailedException: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) "
However, looking at the rcpthosts file, the domain is indeed there that was used in the "from" attribute of cfmail. going into the CF admin, you can set the SMTP server and verify connection. I have tried both 127.0.0.1 as well as the actual IP of the server--both verify as successful connections, but I still can't send email. The old server worked fine for this (even though CF is not supported by rackspace, but IS supported by vivio).
One advice I was already given was use the user:password#server.com construct, but I don't want to do that since none of these domains are reliably permanent--we are wanting to change most or all of the sites to PHP in the next year if possible. I just want to be able to use the local SMTP without restriction, as I was able to on the previous server.
Actually I found the key to the answer here: http://www.palomine.net/qmail/relaying.html
The new server we moved to uses qmail instead of sendmail, which has major restrictions on email by default. There is a "selective relay" link on this page that has steps to remedy, although it's an annoyingly large number of steps.
I'm setting up an app to preform mailhooks. You create an account, assign a callback url, and a pattern to match. Then you get a subdomain that you can send email to. Something like accountname.mail.appdomain.com.
This is how it might work.
Pattern: ^(?P\w+)-reply$
Account: accountname
Callback: http://www.someotherapp.com/reply/create/
If someone sends an email to 12345-reply#accountname.mail.appdomain.com I need to be able to collect that email in I guess a catch all mailbox. Then have a background job that fetches mail and routes them based on the TO address and custom domain.
The problem I am running into is how to get the email server to accept these incoming emails. Right now I have a MX record set up that points from *.mail.appdomain.com to mx1.emailsrvr.com and mx2. When I "dig" I get the correct routing however I don't think the email server is set up to accept the incoming mail.
If this is not possible another option I have been playing with is creating a python smtp server using the built-in smtp lib. All this server would do is accept incoming requests to port 25 and place the mail in a queue. I have that working fine I'm just worried that not using a real smtp server might create problems.
BTW: The main server will be running on slicehost, if that matters.
ALSO: This server is not going to be sending email from these custom domain, if that matters.
What you need is a dynamic configuration of your mail server, right? Then this depends on your mail server capabilities.
If you use Postfix then you could add virtual domain setup being configured in MySQL tables. Or other databases. From within your application you then only need to add/remove rows in these tables to accept only the valid domains.
Same goes for Exim which is even more extensible.
I need a cross platform (at least windows and mac) development utility that runs as an SMTP server that acts as an SMTP server but will redirect all mail to a single address that's configurable. It would also be helpful if it wrote the contents out to a file or gui. Long ago I configured Apache James to do this but it wasn't that straight forward to figure out. Hoping there's something really simple out there.
I need the emails to be forwarded (to the single address) so I can see how they are rendered on different clients (gmail, outlook, etc.)
Thanks! -Mike
We used Mailtrap for this. It give you remote smtp server account and direct access to all mails in it. So you just enter given smtp credential in your application and after that all email sent by your system will be visible on mailtrap.
On mailtrap you can have as many smtp account as you want( different account for different application environments, or different application) Also you can manage access to your account ( so only trusted people will se your emails) and you can forward some emails to real email addresses.
It doesn't do the forwarding you are looking for, but for most of my testing I make use of fakemail (http://www.lastcraft.com/fakemail.php) it's simply a script that listens on a port an acts as an smtp server, writing any incoming mail to a directory.
You could use Python's smtpd library and override the process_message function to only send to the desired address -- i.e. replace the "to" field with your desired constant email address.
Here's a page with some examples of using smtpd (with asyncore) to actually send out mail.