-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Karl-Heinz;
Am Thu, 31 Aug 2006 06:57:43 -0400
schrieb "Karl-Heinz Schulz" <karlheinz khschulz.com>:
> Thank you for your help!!
You're welcome. 
> I'm almost there but I have now a Postfix relaying
issues.
> I entered the following line to the main.cnf file
> mynetworks = 127.0.0.0/8, 192.168.51.0/24
Looks good so far.
> I tried 207.59.215.1 but it still will not allow me to
relay the mail?
> What is the best practice for mobile users?
Well... first off, what is it that you are trying to do? Do
you want
the server to accept mail from mobile (remote) users
addressed to local
users on the server only, or do you want the SMTP host to be
a fully
working mail relay allowing "your" external
users to send mail
virtually everywhere?
Generally, you don't want to use your NAT address in
main.cf, because
you don't need it there. What you tried to do (adding it to
"mynetworks") basically just would tell your
SMTP server to accept mail
from 207.59.215.1/32, which is (talking NAT) your server
itself so that
doesn't get you very far.
If you want your host to be a fully working SMTP relay, you
should do
the following:
To make sure mail addressed to your users ( whichever-domain.com )
is delivered, add "whichever-domain.com" to the
mydestination entry in
main.cf so it should look like this:
mydestination = localhost, localhost.localdomain,
whichever-domain.com
Domains listed here are considered "local",
i.o.w. the MTA tries to
deliver mails to user... to local users, including /etc/aliases
if
there. For every mail addressed to a domain not listed in
"mydestination", the MTA will try to deliver it
either using relayhost
or using direct delivery...
Using a relay host is the easiest solution if you want to
allow people
for sending mails anywhere through your SMTP machine. To do
so, you
need to find out what is the name of your ISP's SMTP host
(most likely
to be something, like, mail.<provider>.com). Once you
know, you have to
tell postfix about this by using
relayhost = mail.myprovider.com
in main.cf. Possibly you will learn that your provider
requires
SMTP-AUTH in order to allow for sending through its SMTP
host. If so,
you will get out of it by adding these lines to main.cf:
[...]
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_password
smtp_sasl_security_options=noanonymous
[...]
Next to that, create a file /etc/postfix/sasl_passwd, add
your
SMTP-AUTH credentials like that
mail.myprovider.com username:password
, make this file readable to postfix running the command
postmap /etc/postfix/sasl_passwd
and restart your postfix system. This way, people able to
connect to
your SMTP host should be able to send mail everywhere
through your host
(and, indirectly, the SMTP host of your provider).
If you want to do direct delivery, things are more
difficult:
- - First off, you have to be sure that your mail servers
hostname (to be
found in /etc/mailname and/or stated in
"myorigin" in main.cf) resolves
to your NAT address using DNS and vice versa using reverse
DNS. This
usually is the weakest preposition to make other servers
accept mail
from your machine. Possibly you will have to ask your ISP or
DNS
provider to set things up well for you.
- - By then you should make sure only
"authorized" external users can send
mail through your system. This can be achieved by either
setting up
your postfix to also require SMTP-AUTH (which is a tedious
and
error-prone thing to do, you really should read the postfix
docs en
detail about this, as well as [1]), or by installing
something like
"drac" or "pop-before-smtp". The
latter one is easier, this provides
some sort of behaviour similar to several freemail providers
at least
here in Germany (you have to fetch mail using POP3 or IMAP
first to
show you're authorized, and then you'll be able to send
through SMTP
for defined time). But for that, you also really should
consult its
documentation, as these things tend to be critical in terms
of system
security...
Feel free to ask if there are any questions left.
Cheers,
Kris
[1]http://www.projektfarm.com/en/support/howt
o/postfix_smtp_auth_tls.html
- --
Kristian Rink * http://zimmer428.net * jab:
kawazujabber.ccc.de
icq: 48874445 * fon: ++49 176 2447 2771
"One dreaming alone, it will be only a dream; many
dreaming together
is the beginning of a new reality." (Hundertwasser)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE9s0JcxBAPOA1m6wRAljHAJsFBmn4Xl7/8b86n6HwpSNaHxD7mgCf
QT3v
QA/XHLXdCZg4nRbcZYL65Xg=
=JY+T
-----END PGP SIGNATURE-----
--
ubuntu-users mailing list
ubuntu-userslists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
|