I'm trying to work out how to have postfix only allow emails through to certain email addresses.
I had it working using the following config:
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, reject
and then access contains
example1.com OK
example2.com OK
miles#example3.com OK
This worked - mail to anything that wasn't in the whitelist was rejected by the mailserver.
I then wanted to route all my outgoing mail via gmail, so added
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
It now seems that postfix is ignoring the whitelist, and sending everything through to the gmail servers.
Can anyone explain why this is happening, and what I might need to do to resolve this?
In short - I'd like all my mail sent via a gmail account, but only if the recipient address is in a whitelist.
Show some logs please.
I suspect that you are sending emails via /usr/bin/sendmail or postdrop. Both these commands bypass the smtpd and so the smtpd_recipient_restrictions, as they delivery the locally to the postfix, not via network.
If the sent email arrived via network (and so via smtpd) then show the config too (postconf -n) as you may have other configs that are changing the final result for those emails.
Related
I have postfix and opendkim working on my server(Ubuntu 16.04), but postfix do not sign all mails with dkim.
If I send a mail from server with:
echo "test email" | sendmail check-auth#verifier.port25.com
I have a response that says DKIM check: pass because the mail has DKIM-Signature. I was trying send mails to my gmail account by this method and the mails has a DKIM-Signature too.
But when I try to send mails using Thunderbird or something similar the mails has no DKIM-Signature.
The server only has one domain and the next configurations:
/etc/postfix/main.cf:
[...]
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
/etc/opendkim.conf:
[...]
SOCKET inet:8891#localhost
UserID opendkim
KeyTable /etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
/etc/opendkim/key.table:
example.com example.com:default:/etc/dkimkeys/dkim.key
/etc/opendkim/signing.table:
*#example.com example.com
I was looking on mail.log, mail.err and syslog but I don't see anything related, neither errors.
I'm checking different configurations, I can send DKIM-signed mails form server with sendmail using different configurations but I still can't send mails signed with DKIM with Thunderbird... :(
Any Idea? Any place to look?
Ok, I found the problem.
In some sites they say that its necesary put the next line in /etc/postfix/master.cf for avoid problems:
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
But its wrong, that line makes the mails didn't signed.
In /etc/postfix/master.cf we can uncomment the next line to get working the port 587:
submission inet n - y - - smtpd
I've been trying to install a Postfix server for handling mail for my domain. I found some nice tutorial and I was able to create email address and server responds correctly with telnet (imap and pop3 included, I also charge the config in Gmail and works correctly).
To handle POP3 and IMAP I have installed Courier
The problem comes when I try to send e-mails to myself (with external email address), I receive the following error code:
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for (servername) loops back to
myself
I reviewed my postfix mail.conf config, as in many webs they said that it could be because mydestination was not corectly configured. I have included the domain configuration and I still get the same error. (/etc/postfix/main.cf)
mydestination = mail.mydomain.com, domain.com, localhost
This is in a VPS, so the hostname is different to the domain name, I'm not sure if this can have any influence on the handling mail error.
Could someone help me to find where can the error be?
Thanks for your attention and your answers
You're probably sending mail to a recipient, with an email address in a zone which has an MX record, with its value a hostname, which resolves to the ip address of your mailserver, while this your server hasn't been told in its main.cf config file (behind mydestination), that it is referring to itself.
Therefore, your server is wondering why an attempt to send mail to - as it believes - another server results in finding that the ip address of that another server is its own ip address.
Update mydestination accordingly.
It helps to use the same hostname for MX record, for all zones your mailserver handles incoming mail for, as that keeps your mydestination manageable.
My postfix server is working on a particular domain name through a relay, so it's like that:
Client send to abs#subdomain.domain.com -> domain.com production mail server -> internal mail server on subdomain.
All messages for subdomain.domain.com are being forwarded. But the thing is, the application that I'm supporting uses mailing system for some internal stuff and many addresses that are being CC when client is sending e-mail doesn't exist on subdomain mail server, they serve another purpose. When app on subdomain receives e-mail, it parses headers and uses all CC addresses in it's algorithms.
Here comes the problem. When client sends an e-mail, he'll receive as many error responses as there are fake addresses in CC.
There is only one real address that is listed in /etc/aliases and it's just piping incoming mails to stdin for some script.
Question. How do I prevent sending error responces to the client and just /dev/null all fake addresses? I need only 1 address, that is listed in aliases.
Thanks in advance.
Ok, I figured it out.
This can be achieved through virtual_alias_maps.
Add an virtual alias for domain and for address. Redirect domain to /dev/null and address to local alias.
virtual_alias_maps file:
target_addr#subdomain target#localhost
#subdomain devnull#localhost
/etc/aliases:
target: "| /path/to/script"
devnull: /dev/null
I have tried so much and don't get things working.
I have a domain and no hosting/webmail so I wanted to redirect everything to my gmail account.
As I have a linux (Lubuntu 13.06) machine running I thought I could configure a mail server.
That seemed not to be so easy.
I have redirected my mail.domain.com to my ip and the port is open (I know this because while playing about, I once did receive an error message back by email from Postfix)
I am working with Postfix, however any other application is fine by me, if easier and just as safe.
I followed this instructions, however without success
http://www.java-tutorial.ch/ubuntu/forward-all-incoming-email-to-single-address
All other instructions I read on the internet were alike.
When sending a test email (not from receiver address as this is a loopback issue with gmail) I do not receive a bounce and my log files are also empty so no clue what happens.
I've got it working now.
For everyone who also wants a mail server just for forwarding mail:
nano /etc/postfix/main.cf
inet_protocols = ipv4
myhostname = mydomain.nl
virtual_alias_domains = mydomain.nl
virtual_alias_maps = hash:/etc/postfix/virtual
transport_maps = hash:/etc/postfix/transport
# catch all on your domain and send to gmail
nano /etc/postfix/virtual
#mydomain.nl mygmail#gmail.com
# transport all traffic to gmail through your isp smtp server
nano /etc/postfix/transport
gmail.com smtp:smtp.myisp.nl:25
postmap /etc/postfix/virtual
postmap /etc/postfix/transport
/etc/init.d/postfix restart
I have two websites, we'll call them a.com and b.com. I already have a mail server running on b.com. What I would like to do is have any email sent to #a.com to be automatically forwarded to b.com. I edited the only MX record in the a.com DNS settings to be...
Priority: 10
Host: #
Points To: b.com
After setting this up and giving it time to propagate, mail sent to a.com does not go through and I get a "Message not delivered" response from my email client.
Thanks for any help!
The MX-Record does only tell the webserver where to deliver mail for that specific domain. So any mail sent to user#a.com will be sent to the mailserver at b.com, that does not mean that they get forwarded to user#b.com. You will have to configure your mailserver at b.com to accept mails for the a.com domain.