[opensuse] Another problem authenticating with postfix.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Here goes another one. In "SASL_README.html" I read:
Postfix version 2.3 supports-per-sender SASL password information. To
search the Postfix SASL password by sender before it searches by
destination, specify:
/etc/postfix/main.cf:
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
/etc/postfix/sasl_passwd:
user@example.com username:password
bar.com username
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
Now, I can't make head or tails of that brief explanation; perhaps there
is another file that explains it in more detail, but meanwhile I'm stuck.
My problem is thus:
I normally use my own postfix (on a dynamic IP) to send everywhere.
Sometimes it is rejected, and then I send via a relay. And then I have new
problems: none of my mail account provider accept emails if the "from"
address in the email is not one of theirs!
For instance, using my telefonica account, the one that I got working in
another email, I can send if my from is the one above, but not if I'm
using my sourceforge alias:
]: > smtp.telefonica.net[213.4.149.66]: MAIL FROM:
Carlos E. R. wrote:
Hi,
Here goes another one. In "SASL_README.html" I read:
Postfix version 2.3 supports-per-sender SASL password information. To search the Postfix SASL password by sender before it searches by destination, specify:
/etc/postfix/main.cf: smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
/etc/postfix/sasl_passwd: user@example.com username:password bar.com username [mail.myisp.net] username:password [mail.myisp.net]:submission username:password
Looks a bit weird. I once had sender_dependent_relayhost_maps working, but it didn't look like that.
Now, I can't make head or tails of that brief explanation; perhaps there is another file that explains it in more detail, but meanwhile I'm stuck.
My problem is thus:
I normally use my own postfix (on a dynamic IP) to send everywhere. Sometimes it is rejected, and then I send via a relay. And then I have new problems: none of my mail account provider accept emails if the "from" address in the email is not one of theirs!
In that case you need to use sender_dependent_relayhost_maps. Usually Postfix decides the relayhost respectively the nexthop based on the recipient address. In case of sender_dependent_relayhost_maps the nexthop is chosen by the sender address. This is probably what you need here.
For instance, using my telefonica account, the one that I got working in another email, I can send if my from is the one above, but not if I'm using my sourceforge alias:
]: > smtp.telefonica.net[213.4.149.66]: MAIL FROM:
SIZE=1000 BODY=8BITMIME AUTH=<> ]: > smtp.telefonica.net[213.4.149.66]: RCPT TO: ORCPT=rfc822;myaddress@somewhere ]: > smtp.telefonica.net[213.4.149.66]: DATA ]: < smtp.telefonica.net[213.4.149.66]: 553 MAIL FROM: domain not accepted It doesn't even ask for authentification, and my IP is from telefonica.net at the moment. I know that this will give rise to some eyebrows, but it is an unfortunate fact.
Auth should have happened before mail from.
Is this possible? I don't know, because I don't understand how postfix supports "per-sender" password information.
perhaps it means:
That's it. For the sender address "user@example.com" you need to set up two settings: sasl_passwd:
user@example.com username:password
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhosts /etc/postfix/sender_relayhosts: user@example.com [relayhost] By the way, I don't know if your ISP deleted my direct mail to you or shoved it into the spamfolder or whatever, but I sent you a private mail to tell you that you posted your auth data... :-/ -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-04-17 at 21:00 +0200, Sandy Drobic wrote:
/etc/postfix/sasl_passwd: user@example.com username:password bar.com username [mail.myisp.net] username:password [mail.myisp.net]:submission username:password
Looks a bit weird. I once had sender_dependent_relayhost_maps working, but it didn't look like that.
I'm starting to understand it :-)
Now, I can't make head or tails of that brief explanation; perhaps there is another file that explains it in more detail, but meanwhile I'm stuck.
My problem is thus:
I normally use my own postfix (on a dynamic IP) to send everywhere. Sometimes it is rejected, and then I send via a relay. And then I have new problems: none of my mail account provider accept emails if the "from" address in the email is not one of theirs!
In that case you need to use sender_dependent_relayhost_maps. Usually Postfix decides the relayhost respectively the nexthop based on the recipient address. In case of sender_dependent_relayhost_maps the nexthop is chosen by the sender address.
This is probably what you need here.
Interesting! But...
]: > smtp.telefonica.net[213.4.149.66]: MAIL FROM:
SIZE=1000 BODY=8BITMIME AUTH=<> ]: > smtp.telefonica.net[213.4.149.66]: RCPT TO: ORCPT=rfc822;myaddress@somewhere ]: > smtp.telefonica.net[213.4.149.66]: DATA ]: < smtp.telefonica.net[213.4.149.66]: 553 MAIL FROM: domain not accepted It doesn't even ask for authentification, and my IP is from telefonica.net at the moment. I know that this will give rise to some eyebrows, but it is an unfortunate fact.
Auth should have happened before mail from.
I believe they do it on purpose :-( Worse, all Spanish ISP's and mail accounts I have do the same, meaning I can't relay any of my redirector addreses like sourceforge or ieee.
Is this possible? I don't know, because I don't understand how postfix supports "per-sender" password information.
perhaps it means:
That's it. For the sender address "user@example.com" you need to set up two settings:
sasl_passwd:
user@example.com username:password
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhosts
/etc/postfix/sender_relayhosts: user@example.com [relayhost]
But... I have a doubt. Will that relayhost be used for all mail sent from user@example.com, or only to those destinations in the transport file? Meaning, I want to send all my email direct, except to those destinations I define in the transport file which sould use a relay choosed on the from. Alternatively, send always via relay defined in sender_relayhosts, except to some destinations I want to send direct.
By the way, I don't know if your ISP deleted my direct mail to you or shoved it into the spamfolder or whatever, but I sent you a private mail to tell you that you posted your auth data... :-/
Got it, thanks. :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGJSahtTMYHG2NR9URAthxAJ4jUXWB9el36XXfeKObgMS4QArsEACgkoH6 9ziuoh1xaZfSnfU06ngr0JI= =zD3t -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
Auth should have happened before mail from.
I believe they do it on purpose :-(
Can't help you there, I'm afraid.
Worse, all Spanish ISP's and mail accounts I have do the same, meaning I can't relay any of my redirector addreses like sourceforge or ieee.
It would probably be the best solution to use a virtual private server, they cost about 10 Euro per month, that will give you a fixed IP, correct dns/reverse dns and probably a domain name of your choice.
/etc/postfix/sender_relayhosts: user@example.com [relayhost]
But... I have a doubt. Will that relayhost be used for all mail sent from user@example.com, or only to those destinations in the transport file?
Yes, it will be used solely based on the sender address then (if the address is found in the sender_dependend_relayhost_maps).
Meaning, I want to send all my email direct, except to those destinations I define in the transport file which sould use a relay choosed on the from.
Alternatively, send always via relay defined in sender_relayhosts, except to some destinations I want to send direct.
Okay, this might get really geeky and cumbersome, but you could theoretically set up two instances of Postfix (not listeners!), where the first instance is trying to send directly with "soft_bounce=yes" and fallback_transport = smtp:[ip-second-instance], so rejected mails will will be transfered to the second instance. This instance knows, that all mails have to be relayed via a relayhost, so it is configured to use sender_dependent_relayhost_maps with soft_bounce=no. That would probably do most of what you want to achieve, but it is quite a bit of overhead to set up and manage. I have a few doubts, if it is really worth the effort.
By the way, I don't know if your ISP deleted my direct mail to you or shoved it into the spamfolder or whatever, but I sent you a private mail to tell you that you posted your auth data... :-/
Got it, thanks. :-)
Okay, unfortunately I've seen too many ISPs who silently delete unwanted mails. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-04-17 at 22:24 +0200, Sandy Drobic wrote:
Carlos E. R. wrote:
Auth should have happened before mail from.
I believe they do it on purpose :-(
Can't help you there, I'm afraid.
I know, I know, I'm just grumbling aloud, letting steam out.
Worse, all Spanish ISP's and mail accounts I have do the same, meaning I can't relay any of my redirector addreses like sourceforge or ieee.
It would probably be the best solution to use a virtual private server, they cost about 10 Euro per month, that will give you a fixed IP, correct dns/reverse dns and probably a domain name of your choice.
I have thought of that, but the expense is not justified (yet).
/etc/postfix/sender_relayhosts: user@example.com [relayhost]
But... I have a doubt. Will that relayhost be used for all mail sent from user@example.com, or only to those destinations in the transport file?
Yes, it will be used solely based on the sender address then (if the address is found in the sender_dependend_relayhost_maps).
Pity. Seems I can't get all :-}
Meaning, I want to send all my email direct, except to those destinations I define in the transport file which sould use a relay choosed on the from.
Alternatively, send always via relay defined in sender_relayhosts, except to some destinations I want to send direct.
Okay, this might get really geeky and cumbersome, but you could theoretically set up two instances of Postfix (not listeners!), where the first instance is trying to send directly with "soft_bounce=yes" and fallback_transport = smtp:[ip-second-instance], so rejected mails will will be transfered to the second instance.
This instance knows, that all mails have to be relayed via a relayhost, so it is configured to use sender_dependent_relayhost_maps with soft_bounce=no.
Uau...
That would probably do most of what you want to achieve, but it is quite a bit of overhead to set up and manage. I have a few doubts, if it is really worth the effort.
Yes... very doubtfull... :-? My current procedure is easier to maintain: change the configuration when I have to send an email trhough a different route. And, it wouldn't solve the problem of sending emails with redirector aliasses. The advantage now is that I have learnt a an alternative place to set it up, based on "from" instead than in "to", and I can at last use a method to relay (almost) everything. I could create now an script instantly setting up/down relaying. It's something. Another method would be to have a fixed IP, and use it for sending, but that would be a different can of worms, I guess.
Got it, thanks. :-)
Okay, unfortunately I've seen too many ISPs who silently delete unwanted mails.
Me too :-/ At least, my main one doesn't do it, but someplaces I send to do. They accept the email, but it never reaches the destination. Worse, their users think that the problem is mine because I'm a geek or something. Of course, as I use linux, I must have done something wrong. :-( Nowdays, email is less reliable than surface paper mail. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGJVHRtTMYHG2NR9URApfsAJ4jvqG26SxYzGym+ep6A7FKxbrLHwCfbVhZ hLsVm1iJD0ugAWyKFSCOimE= =YW7P -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 17 April 2007, Carlos E. R. wrote:
I normally use my own postfix (on a dynamic IP) to send everywhere. Sometimes it is rejected, and then I send via a relay. And then I have new problems: none of my mail account provider accept emails if the "from" address in the email is not one of theirs!
Try a gmail account. I'm not sure they care about the "from". But really, Telephonica should accept authentication. If you can get that working then they have no reason to complain about the from. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-04-17 at 23:09 -0800, John Andersen wrote:
On Tuesday 17 April 2007, Carlos E. R. wrote:
I normally use my own postfix (on a dynamic IP) to send everywhere. Sometimes it is rejected, and then I send via a relay. And then I have new problems: none of my mail account provider accept emails if the "from" address in the email is not one of theirs!
Try a gmail account. I'm not sure they care about the "from".
Ah! Could be a way, I already have one. Yep.
But really, Telephonica should accept authentication. If you can get that working then they have no reason to complain about the from.
I have authentication working already, thanks to Sandy D. help, but it only works if the "from" is from theirs. I wonder what they do when people hire domains from them... ah, of course, only the listed domains will work, I guess. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGJgpstTMYHG2NR9URAmM8AKCKr2inmjtB3hEO+WtWrYVJAdsVtACdE6uU aHN3aqq3VkOHHCzBXgIZ6/0= =duHD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R.
-
John Andersen
-
Sandy Drobic