Mail server with smart-host - email

I want to create a mail server, but my ISP does not allow reverse-IP record, so I ordered a VPS with such function. But I want use VPS only as a relaying server and my own server as an actual mail server (so it should have things like web-mail, and some other). I did not find any guides, but looks like VPS will be called a "smart-host". So I installed Axigen on my server, but it requires login and password for connecting to a smart-host. I tried to use postfix for relaying but I did non figure out how to properly configure it. What are my options?
Thank you!

To securely enable postfix as a mail forwarding server, you'll have to enable and configure SASL authentication. The postfix SASL README has all the details. I suggest dovecot as the backend, as it's the simplest to setup. After that, just create a new system user (adduser mail-forwarding) and configure Axigen to use that user for forwarding.
If I understand correctly, your goal is to forward outgoing mail from your local server to the VPS while incoming mail should be stored on the local server. This is possible, but not necessarily simple. Mail needs to be handled differently depending on how it reaches your local server, otherwise you might end up with a mail loop, with your servers playing pingping using mail sent back and forth.

Related

Local email to root should not leave the host

I am trying to set up the most simple email server on an Amazon Linux 2 host for simple outbound mail (e.g. sending system messages). Following instructions on the net, I have installed mailx and sendmail. I am not committed to either package, I just want a simple setup with a minimal footprint. I have no problem switching to postfix if that is a better solution.
For configuration I have made the following changes.
/etc/sysconfig/sendmail:
DAEMON=no
/etc/mail/submit.cf (hostname obfuscated):
D{MTAHost}smtp.******.com
This works fine, and I am able to receive mail that is sent from the system.
There is a wrinkle. The anacron process is sending mail to the root account. However, rather than the mail being kept internal to the system it is being sent to the SMTP server. The SMTP server sends the message back to my host, which doesn't accept mail, and a loop is created when an 'undeliverable' message is send back to root on the host that doesn't accept mail.
How can I configure my system so email to root stays local and is not sent to the SMTP server? Any other 'best practices' suggestions would be welcome as well. And again, if switching to postfix is better, I am willing to do so (but will need configuration guidance).

How to setup minimal smtp server on localhost to send messages to other smtp servers

Honestly, I think I have a fundamental gap in understanding how SMTP works. I can't seem to find a good explanation of what is happening behind the scenes and I think this is preventing me from being able to do what I am attempting to do.
To explain, I'm trying to setup an application which sends notifications to users by connecting to an SMTP server. Fair enough. I figure, since I'm using my own domain, I have SPF/DKIM/DMARC configured, I can add an MX record for the host I set the application up on (my SPF record has the mx keyword to authorize any hosts in my MX records to send/receive mails). Then, I can have that same host run a super lightweight SMTP server that can accept mails from the application, and send them on to recipients.
Almost crucially, I want this server to basically just run on localhost so that only this application can connect and send mails through it, but so that it can't really "receive" mails sent to my domain (I have set the MX priority very low (well, a high number) for this app server). I figure since I'm running my own SMTP server, that I don't really need to authenticate against it (it's running on localhost), just take in any mail and send it on to recipient domains.
When sending on to recipient domains... does the SMTP server need to authenticate to say, the gmail SMTP server as a user in order to send mails over there? That seems weird, since it's not a user logging into gmail to send mails, it's an SMTP server that is authorized within SPF sending mail from my domain (From address from my domain as well) to where ever the app server user's email is based (in this example, the user would be e.g., some_user#gmail.com).
I tried using python's aiosmtpd command-line and telnet to send a mail from test#MY_DOMAIN.TLD to test#MY_DOMAIN.TLD and it didn't seem to deliver the message; I figured aiosmtpd would connect to the preferred MX servers for my domain (my "real" MX's) to transfer the message, which would then put it in my inbox. That didn't seem to be the case, and I'm not sure why.
Exact repro steps, where example.com is my domain, and terminals are running on a box with a hostname listed in my MX records.
Terminal A:
$ aiosmtpd -n
Terminal B:
$ telnet localhost 8025
EHLO <example.com>
MAIL FROM: test#example.com
RCPT TO: test#example.com
DATA
FROM: Application Notifications <test#example.com>
TO: User Name <test#example.com>
SUBJECT: App Notify Test
This is a test!
.
QUIT
How do SMTP servers normally send mail between each other? Do they each get some login to each other's SMTP servers to authenticate with, and since I'm not doing that, this is a problem? Can I run a SMTP server on localhost and have it send mail out of the network without receiving mails (a no-reply service)? Is there something obvious that I'm just missing here that solves all my problems?
Thanks
It sounds like you want to run a mail transfer agent (MTA) that relays email to remote SMTP servers. An MTA will typically act as an SMTP server to receive messages, and then it will act as an SMTP client when it relays the messages to remote hosts.
MTAs generally operate in two different modes: (1) They will relay messages from authenticated users to remote hosts, and (2) they will receive messages from remote hosts to its users and store them somehow. The combination of those two modes - where the MTA will accept messages from remote hosts and relay them to different remote hosts - is called an open relay and is sure to attract spammers and place your server on spam blacklists.
aiosmtpd is not an MTA or an email relay out of the box - it is merely an SMTP server that will receive messages and do whatever with the messages you program it to do. By default it will do nothing - that is, it will receive the messages and throw them away. If you want to implement an email relay in aiosmtpd, then you need to implement the SMTP client portion of the MTA, e.g. by implementing an aiosmtpd handler that instantiates smtplib.SMTP to connect to remote hosts.
However, if all you want is an email relay, then you most likely don't need aiosmtpd at all - postfix is probably a better choice.
aiosmtpd can be a good choice if you need to implement mailing list software or perform some automation tasks based on incoming emails from e.g. cameras or scanners.
If you want to implement an email relay in aiosmtpd, then you need to ensure that both the software and your server are configured in a way that you don't relay unauthenticated messages from the outside internet.
See also: Python aiosmtpd - what is missing for an Mail-Transfer-Agent (MTA)?
So, I actually figured out what was missing here.
I need to run an SMTP server, yes, but I also needed to write code to parse the "to" domain (the recipient domain), perform a DNS request for the MX server(s) of the recipient domain, and then use the smtplib client to then send mail over to the recipient domain. Authentication is not needed to relay that message to the recipient server, authentication is only required for reading from a given inbox or authenticating a sender to send on behalf of a domain (I trust myself and myself only to send mail). I can do all this while also only listening for mail on localhost so that only my local server can use the local SMTP server for relaying messages/emails off to recipient domains.
Additionally, I don't need to have my external IP listed as an MX server since it's not accepting mail for the domain, only sending. I do need an SPF record for it though so that it is an authorized relay/sender for email from my domain.

Postfix attempting to bind to port 25, used for outgoing mail only (maybe not necessary?)

Not sure if this belongs on Stack Overflow or somewhere else but I'll try here first.
I have multiple servers, each with the same setup where nearly everything running on the server is in a docker container. I have two goals I would like to achieve. First, the host machine is setup to send emails for users with uid < 1000 to my external email address. Second, on one server, I have a docker-mailserver container running to handle random, seldom used emails (for log files, etc.).
It seems I can have either the host machine running postfix OR the docker-mailserver running (and bound to port 25). Currently, I have the docker container, running the mail server, full operational and everything can send and receive just fine.
However, now I am unable to start postfix on the host machine so that I can receive emails sent to the root user (things like cron output) since port 25 is --rightfully-- in use by the actual mail server receiving email.
Questions:
1) How can I tell postfix on the host to not bind to port 25? If port 25 is only used for receiving mail, why would my outgoing-only postfix config need to use port 25?
2) I am perfectly comfortable not receiving emails for the root user, if whatever would normally be sent to the root user is logged elsewhere (perhaps, syslog?). Are the emails to root only maintained as emails or are they somewhere else, negating the need for postfix on the host for forwarding to a real account?
Thanks in advance.
Specifically answering your questions first:
You should be able to have postfix listen on any port you specify by editing the main.cf configuration file and changing the smtp listener to a numbered port of your choice. Of course, if it isn't a "known" port, I'm not sure what/who will ever connect to it, but maybe you don't care in this situation as you are only using postfix as a relay?
It may depend some on the Linux distribution or setup of your host, but most systems will leave email in the local delivery "mail spool" if there is no system/daemon set up to move it anywhere else. Back when that was the normal way to handle multi-user mail on UNIX systems, a login user used a mail reader client to read through email in your local "spool", and of course if you don't have that, you can simply vi your mail file and read the raw contents if necessary. These mail files are normally located in /var/spool/mail on most systems.
Stepping away from your questions, I would guess you don't necessarily need postfix running on your host, especially as your containerized mailserver is handling the port 25 SMTP traffic for the host. Local email will stay local, I assume, without postfix, and be available through local means; and you might even find a simpler solution to external forwarding (e.g. a script that can parse mail spools and just connect to an SMTP relay and send it to an external address) if you want that.

Local development environment for osTicket

I am developing custom features for osTicket and I need to setup a mail system that sends emails, locally, and can simulate several email inboxes.
My local development setup is vagrant with ubuntu precise 64. I already have the LAMP stack running.
osTicket needs to send emails (only internally) and needs to have mailboxes (osticket reads and processes incoming mail on selected mailboxes).
I installed postfix, but could not get it to work.
Thank You.
Recently, I installed osTicket for my company. It can allow you to setup SMTP, which can use your Gmail account to send email. It is simple to setup.
The only thing to keep in mind is you need to use "Allow less secure apps to access your account". See: https://support.google.com/accounts/answer/6010255?hl=en for more information.
Configure ssl://smtp.gmail.com as your SMTP address and port 465 as your SMTP port. Even if you are not using Gmail, you still have to put "ssl://" before your SMTP host name.

Can I send email to friends (say to gmail) from my local computer (IIS or Apache), if yes how?

I am planning to send email to my friends (they are in gmail and hotmail) from my local PC which I use at my home (in dynamic IP). Is it ever possible to configure IIS or Apache in my local PC and connect to home broadband and can send email?
I do not want to take any help from any other hosting company (as generally we do by using .Net or Php by taking SMTP address) so if need I can try to configure some website name to my PC (if possible).
I do not need to get any reply from them they will send again to my gmail address.
Is it ever possible as my plan?
This question may be of some help to you: How to send email from local machine to gmail?
You should be able to run a .NET, PHP or other local web service on your home machine and use one of the libraries included in the link above to send e-mails without requiring a 3rd party web host. Out of curiosity, what are you trying to accomplish exactly? There may be a simpler solution within gmail's API.
What you want is to build a SMTP Server!
Things you will need
STATIC IP.
Reverse DNS from your ip to you hostname (type nslookup yourip on cmd.exe the result must be your hostname)
DNS MX entry on your DNS ZONE like 0 your.host.name.com
A program/code that will implement the RFC2821 http://www.ietf.org/rfc/rfc2821.txt
I have build a SMTP server that ONLY receive emails... maybe you can start from there....
https://stackoverflow.com/questions/24834765/how-receive-emails-in-net-listening-connection-from-gmail-yahooo-not-a-pop