We have a PowerMTA server that receives incoming e-mail. Is it possible to forward specific domains to another existing SMTP server that's not running PowerMTA?
The solution that I found so far is to pipe the e-mails to mailx that's pointing to another SMTP server, but this looks hack-ish.
Thanks!
This is an example for routing gmail.com to SendGrid. You might need to uncomment use-unencrypted-plain-auth for some SMTP providers.
<domain gmail.com>
queue-to sendgrid.rollup
</domain>
<domain sendgrid.rollup>
# use-unencrypted-plain-auth yes
auth-username username
auth-password password
route smtp.sendgrid.net:587
use-starttls yes
require-starttls yes
</domain>
You might want to use virtual-mta and virtual-mta-pool if you are looking to use multiple SMTP providers to load balance outgoing emails. Let me know and I will update answer with its configuration.
Related
Honestly, I think I have a fundamental gap in understanding how SMTP works. I can't seem to find a good explanation of what is happening behind the scenes and I think this is preventing me from being able to do what I am attempting to do.
To explain, I'm trying to setup an application which sends notifications to users by connecting to an SMTP server. Fair enough. I figure, since I'm using my own domain, I have SPF/DKIM/DMARC configured, I can add an MX record for the host I set the application up on (my SPF record has the mx keyword to authorize any hosts in my MX records to send/receive mails). Then, I can have that same host run a super lightweight SMTP server that can accept mails from the application, and send them on to recipients.
Almost crucially, I want this server to basically just run on localhost so that only this application can connect and send mails through it, but so that it can't really "receive" mails sent to my domain (I have set the MX priority very low (well, a high number) for this app server). I figure since I'm running my own SMTP server, that I don't really need to authenticate against it (it's running on localhost), just take in any mail and send it on to recipient domains.
When sending on to recipient domains... does the SMTP server need to authenticate to say, the gmail SMTP server as a user in order to send mails over there? That seems weird, since it's not a user logging into gmail to send mails, it's an SMTP server that is authorized within SPF sending mail from my domain (From address from my domain as well) to where ever the app server user's email is based (in this example, the user would be e.g., some_user#gmail.com).
I tried using python's aiosmtpd command-line and telnet to send a mail from test#MY_DOMAIN.TLD to test#MY_DOMAIN.TLD and it didn't seem to deliver the message; I figured aiosmtpd would connect to the preferred MX servers for my domain (my "real" MX's) to transfer the message, which would then put it in my inbox. That didn't seem to be the case, and I'm not sure why.
Exact repro steps, where example.com is my domain, and terminals are running on a box with a hostname listed in my MX records.
Terminal A:
$ aiosmtpd -n
Terminal B:
$ telnet localhost 8025
EHLO <example.com>
MAIL FROM: test#example.com
RCPT TO: test#example.com
DATA
FROM: Application Notifications <test#example.com>
TO: User Name <test#example.com>
SUBJECT: App Notify Test
This is a test!
.
QUIT
How do SMTP servers normally send mail between each other? Do they each get some login to each other's SMTP servers to authenticate with, and since I'm not doing that, this is a problem? Can I run a SMTP server on localhost and have it send mail out of the network without receiving mails (a no-reply service)? Is there something obvious that I'm just missing here that solves all my problems?
Thanks
It sounds like you want to run a mail transfer agent (MTA) that relays email to remote SMTP servers. An MTA will typically act as an SMTP server to receive messages, and then it will act as an SMTP client when it relays the messages to remote hosts.
MTAs generally operate in two different modes: (1) They will relay messages from authenticated users to remote hosts, and (2) they will receive messages from remote hosts to its users and store them somehow. The combination of those two modes - where the MTA will accept messages from remote hosts and relay them to different remote hosts - is called an open relay and is sure to attract spammers and place your server on spam blacklists.
aiosmtpd is not an MTA or an email relay out of the box - it is merely an SMTP server that will receive messages and do whatever with the messages you program it to do. By default it will do nothing - that is, it will receive the messages and throw them away. If you want to implement an email relay in aiosmtpd, then you need to implement the SMTP client portion of the MTA, e.g. by implementing an aiosmtpd handler that instantiates smtplib.SMTP to connect to remote hosts.
However, if all you want is an email relay, then you most likely don't need aiosmtpd at all - postfix is probably a better choice.
aiosmtpd can be a good choice if you need to implement mailing list software or perform some automation tasks based on incoming emails from e.g. cameras or scanners.
If you want to implement an email relay in aiosmtpd, then you need to ensure that both the software and your server are configured in a way that you don't relay unauthenticated messages from the outside internet.
See also: Python aiosmtpd - what is missing for an Mail-Transfer-Agent (MTA)?
So, I actually figured out what was missing here.
I need to run an SMTP server, yes, but I also needed to write code to parse the "to" domain (the recipient domain), perform a DNS request for the MX server(s) of the recipient domain, and then use the smtplib client to then send mail over to the recipient domain. Authentication is not needed to relay that message to the recipient server, authentication is only required for reading from a given inbox or authenticating a sender to send on behalf of a domain (I trust myself and myself only to send mail). I can do all this while also only listening for mail on localhost so that only my local server can use the local SMTP server for relaying messages/emails off to recipient domains.
Additionally, I don't need to have my external IP listed as an MX server since it's not accepting mail for the domain, only sending. I do need an SPF record for it though so that it is an authorized relay/sender for email from my domain.
We are running sendmail-8.13.4 on AIX.
I need to update the configuration and make sendmail act as a relay client only, meaning it will only be used to send mail out of the host and NOT accept mail.
Here is my client.mc config:
include(`/usr/samples/tcpip/sendmail/m4/cf.m4')
VERSIONID(`sendmail config for aix7')
OSTYPE(`aixsample')dnl
MASQUERADE_AS(`myserver.com')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`accept_unresolvable_domains')
FEATURE(`accept_unqualified_senders')
FEATURE(always_add_domain)dnl
FEATURE(`nullclient',`mail-relay.xxxx.myserver.com')dnl
define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`MAIL_HUB', `myserver.com.')dnl
define(`LOCAL_RELAY', `myserver.com.')dnl
We have an MS Exchange server, so we are basically using sendmail on a particular AIX host to forward all email to the exchange server and let Exchange handle everything.
The above configuration works fine for sending email to recipients
mail user#myserver.com
What I also need to do is be able to send the email with only specifying the alias part and not the domain, so if I do:
mail user (omitting the #myserver.com recipient domain part)
I want sendmail to append the #myserver.com in this situation where a domain is not given. Is this possible without maintaining some sort of alias/list file for every possible userid > userid#mydomain.com?
Thanks.
You can use approach mentioned in sendmail FAQ 4.22 - make sendmail accept smtp connections only on (local) loopback ip interface.
Sendmail FAQ 4.22 : Why can't I receive external mail?
It may be achieved by the following lines in sendmail.mc file used to generated sendmail.cf file:
dnl Do no listen on msa(587) port
FEATURE(`no_default_msa')dnl
dnl Listen on IPv6 loopback address
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
dnl Listen on IPv4 loopback address
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
My postfix server is working on a particular domain name through a relay, so it's like that:
Client send to abs#subdomain.domain.com -> domain.com production mail server -> internal mail server on subdomain.
All messages for subdomain.domain.com are being forwarded. But the thing is, the application that I'm supporting uses mailing system for some internal stuff and many addresses that are being CC when client is sending e-mail doesn't exist on subdomain mail server, they serve another purpose. When app on subdomain receives e-mail, it parses headers and uses all CC addresses in it's algorithms.
Here comes the problem. When client sends an e-mail, he'll receive as many error responses as there are fake addresses in CC.
There is only one real address that is listed in /etc/aliases and it's just piping incoming mails to stdin for some script.
Question. How do I prevent sending error responces to the client and just /dev/null all fake addresses? I need only 1 address, that is listed in aliases.
Thanks in advance.
Ok, I figured it out.
This can be achieved through virtual_alias_maps.
Add an virtual alias for domain and for address. Redirect domain to /dev/null and address to local alias.
virtual_alias_maps file:
target_addr#subdomain target#localhost
#subdomain devnull#localhost
/etc/aliases:
target: "| /path/to/script"
devnull: /dev/null
i have a big problem with the setup for an Domain.
The Webservices are established on our Server but the Mail functions are on a Server of an other Company when we now want send an Email over our Server he tried to send it localy insted of sending it to an other server so he give back an no account here error.
Thanks for helping me out and friendly greetings.
Edit: OS Debian 6
Imap: Courier
Send: Postfix
CP: Plesk
Further to this, we are using Plesk 11.5.3 on a setup where a single mail service is activated for all domains.
So each domain cannot have the mail service turned on or off individually.
We had the same problem as Franco, and we fixed this by running the following command for each domain that had external email:
# /usr/local/psa/bin/mail --off domain.com
Works perfectly, and removes any previously created local email addresses from Postfix.
"The problem is because the server will attempt to deliver emails for the domain name locally by default. To resolve that problem you would need to set it to use the domain name's MX record."
The simple answer is to disable mail services for the subscription.
Untick the box for "Activate mail service on domain".
How can I email to a domain whose SMTP server does not listen on the standard port 25? I need to email to it through webmail, like GMail.
I thought this would work:
user#domain.com:port
You can't do it with gmail. You need to configure a mail server to do this, and it's hard. The only other option is using a firewall to redirect traffic from 25 to your port.
(And this probably belongs on serverfault).