[opensuse] Backup mailserver
Hi, My internet connection at home is broken. I was trying to set up a backup mailserver at work. But thinking about it I fear it's impossible. Please comment : In an MX-record of my home-domain I point a secondary address to the mailserver at work. The mailserver at work is configured to accept mail as relay for my home-domain. Unfortunately, my mailserver at work is forced to use the relay-server of my ISP. So when my werk-server accepts mail for my home-domain, it is able send this to the ISP-relay. The ISP-relay can't send it to my home-server so it sends this the my work-server etc. An endless loop. Am I right in this analysis ? How to solve this ? Regards, Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
Hi,
My internet connection at home is broken. I was trying to set up a backup mailserver at work.
A backup mailserver is most often superfluous. Any mailserver trying to contact your home mailserver will retry, usually up to 5 days before returning a mail as undeliverable.
But thinking about it I fear it's impossible. Please comment :
In an MX-record of my home-domain I point a secondary address to the mailserver at work. The mailserver at work is configured to accept mail as relay for my home-domain. Unfortunately, my mailserver at work is forced to use the relay-server of my ISP. So when my werk-server accepts mail for my home-domain, it is able send this to the ISP-relay. The ISP-relay can't send it to my home-server so it sends this the my work-server etc. An endless loop.
Am I right in this analysis ? How to solve this ?
Your backup server at work should be configured to only try to deliver to your home-server, not to use the MX. In postfix, you can do this with a transport map for instance. -- Per Jessen, Zürich (8.5°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 13-03-14 10:18, Per Jessen schreef:
Koenraad Lelong wrote:
Hi,
My internet connection at home is broken. I was trying to set up a backup mailserver at work.
A backup mailserver is most often superfluous. Any mailserver trying to contact your home mailserver will retry, usually up to 5 days before returning a mail as undeliverable.
I know this, but to be sure ...
Your backup server at work should be configured to only try to deliver to your home-server, not to use the MX. In postfix, you can do this with a transport map for instance.
Like I said, the mailserver at work, and at home, has to use the ISP's relay server. That's because outgoing port 25 is blocked in the "domain" of the ISP. With domain I mean all IP's from the ISP's. On one side I can understand, this limits the effects of "bots" sending from those IP's. But for me, at this moment, it's a pain. Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
op 13-03-14 10:18, Per Jessen schreef:
Koenraad Lelong wrote:
Hi,
My internet connection at home is broken. I was trying to set up a backup mailserver at work.
A backup mailserver is most often superfluous. Any mailserver trying to contact your home mailserver will retry, usually up to 5 days before returning a mail as undeliverable.
I know this, but to be sure ...
Your backup server at work should be configured to only try to deliver to your home-server, not to use the MX. In postfix, you can do this with a transport map for instance.
Like I said, the mailserver at work, and at home, has to use the ISP's relay server. That's because outgoing port 25 is blocked in the "domain" of the ISP. With domain I mean all IP's from the ISP's. On one side I can understand, this limits the effects of "bots" sending from those IP's. But for me, at this moment, it's a pain.
Ah, I see, I missed that earlier, sorry. Perhaps use port 587 on your home mailserver and have your backup server send the mails to that? -- Per Jessen, Zürich (9.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 13-03-14 11:37, Per Jessen schreef:
Ah, I see, I missed that earlier, sorry. Perhaps use port 587 on your home mailserver and have your backup server send the mails to that?
Nice idea, but how do you tell postfix what user/password to use ? I was planning to use some arbitrary high port and configure my home-router to portforward that port to port 25. Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op donderdag 13 maart 2014 11:55:31 schreef Koenraad Lelong:
op 13-03-14 11:37, Per Jessen schreef:
Ah, I see, I missed that earlier, sorry. Perhaps use port 587 on your home mailserver and have your backup server send the mails to that?
Nice idea, but how do you tell postfix what user/password to use ? I was planning to use some arbitrary high port and configure my home-router to portforward that port to port 25.
Koenraad.
Look at the parameters in main.cf that start with smtp_sasl_ You enter user name and password in /etc/postfix/sasl_passwd -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
op 13-03-14 11:37, Per Jessen schreef:
Ah, I see, I missed that earlier, sorry. Perhaps use port 587 on your home mailserver and have your backup server send the mails to that?
Nice idea, but how do you tell postfix what user/password to use?
You don't need to use authentication, but userid+password is specified using "smtp_sasl_password_maps".
I was planning to use some arbitrary high port and configure my home-router to portforward that port to port 25.
That would also work. -- Per Jessen, Zürich (14.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 13-03-14 11:05, Koenraad Lelong schreef:
op 13-03-14 10:18, Per Jessen schreef:
Your backup server at work should be configured to only try to deliver to your home-server, not to use the MX. In postfix, you can do this with a transport map for instance.
Thinking further : I could set up a transport. Since postfix will not be able to send it, it will be queued. Then when the Internet connection is OK again, I can modify it to send the normal way. I'm using virtual domains though (MySQL), so I followed this : http://sourceforge.net/apps/mediawiki/postfixadmin/index.php?title=Relay_Dom... Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-03-13 11:05, Koenraad Lelong wrote:
Like I said, the mailserver at work, and at home, has to use the ISP's relay server. That's because outgoing port 25 is blocked in the "domain" of the ISP. With domain I mean all IP's from the ISP's. On one side I can understand, this limits the effects of "bots" sending from those IP's. But for me, at this moment, it's a pain.
It is plain stupid. The "antibot policy" is a fallacy. They do not care about stopping bots, they want you to stop setting servers on your connection without paying them (more). (I know for certain that some ISPs at the beginning wanted to charge per the number of ports you opened on your location) In your situation, as both machines are under your control, I would consider using some other port instead. As the idea is new to me, I wouldn't know how to do it... transport? [...] (reading) Yes! Look at the file "/etc/postfix/transport", this paragraph: # In the case of delivery via SMTP, one may specify host- # name:service instead of just a host: # # example.com smtp:bar.example:2025 # # This directs mail for user@example.com to host bar.example # port 2025. Instead of a numerical port a symbolic name may # be used. Specify [] around the hostname if MX lookups must # be disabled. That would be on the sending side. On the receiving side something else has to be done, too. Where?? I think that in "master.cf". Something like: stupid:30000 inet n - n - 10 smtpd plus filtering or authentication, not to become a hole if they find it. You could try use the "submission" port (587/tcp). Maybe that's the more adequate one, and your ISP should not block that one, as it is intended for mail clients for connecting up to external mail server, without using smtp port. Have a read of this doc for ideas: file:///usr/share/doc/packages/postfix-doc/html/SOHO_README.html (you should consider to try this setup between two local virtual machines - so that you don't have to go go forth between one place and the other) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2014-03-13 11:05, Koenraad Lelong wrote:
Like I said, the mailserver at work, and at home, has to use the ISP's relay server. That's because outgoing port 25 is blocked in the "domain" of the ISP. With domain I mean all IP's from the ISP's. On one side I can understand, this limits the effects of "bots" sending from those IP's. But for me, at this moment, it's a pain.
It is plain stupid.
The "antibot policy" is a fallacy. They do not care about stopping bots, they want you to stop setting servers on your connection without paying them (more).
Off-topic, but this might very from place to place - ISPs do care about getting blacklisted. With spambots on your network, that'll happen quite quickly and next your support line will be jammed with callers. -- Per Jessen, Zürich (14.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-03-13 15:00, Per Jessen wrote:
Carlos E. R. wrote:
It is plain stupid.
The "antibot policy" is a fallacy. They do not care about stopping bots, they want you to stop setting servers on your connection without paying them (more).
Off-topic, but this might very from place to place - ISPs do care about getting blacklisted. With spambots on your network, that'll happen quite quickly and next your support line will be jammed with callers.
Maybe. My ISP prefers not to care. If they block 25, then they have to provide and handle mail relay, which they do not want, anyway. Too much work. They are no more providing mail service, as it is: only those clients that have it, keep it. No more new client mail addresses. Need mail? Use gmail, hotmail, etc. If there are spam bots on the client side, so be it. /Their/ mail hosts are on a different network, so not affected. And as you are not supposed to have servers, you can not complain if your IP is blacklisted. If you pay for a server connection with a fixed IP, then they treat you differently. As it is, they don't block any port whatsoever. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (4)
-
Carlos E. R. -
Freek de Kruijf -
Koenraad Lelong -
Per Jessen