————————————————————————————————————————————————
on Raspberry Pi for Office 365 Direct Send
inet_interfaces = all inet_protocols = all masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root mydestination = $myhostname, localhost.$mydomain, localhost myhostname = mailserver1.contorseau.com mynetworks_style = subnet #mynetworks = 127.0.0.0/8 10.1.0.0/16 relayhost = contorseau-com.mail.protection.outlook.com:25
| DNS entry | Value |
|---|---|
| SPF | v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all |
SpamHaus Blocked List - remove IP by going to bottom of “view details”
https://www.spamhaus.org/query/ip/xx.xxx.xxx.xxx
Don’t panic! The inclusion of your IP address on the Policy Blocklist (PBL) is standard for the vast majority of internet users and is not the result of your actions. Here are some key PBL facts for your understanding:
• Being on this list does not mean you won’t be able to send emails. • You do not need to request removal from PBL. • This listing is controlled by your Internet Service Provider (ISP), not Spamhaus. • Your ISP lists ranges of IP addresses that shouldn’t be sending email directly to the internet. • Typically, IPs of broadband or dial-up customers will be included in this list. • This is part of Internet best practices enacted to protect all users.
From <https://check.spamhaus.org/>
I need to use postfix to send email from openSUSE Leap 42.3, I configured it using Yast → Network Services → Mail Server, then in the outgoing mail, I selected use TLS and I did the configuration under Authentication option (so I placed the domain of the outgoing server, the username and the password of the email that I am going to use it).
https://forums.opensuse.org/t/postfix-for-sending-email-on-port-465-using-ssl/140203
# enable SASL authentication smtp_sasl_auth_enable = yes # disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous # where to find sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # Enable STARTTLS encryption smtp_use_tls = yes # where to find CA certificates smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt Had to also include smtp_tls_security_level = encrypt smtp_tls_wrappermode = yes view with journalctl
When your Postfix service logs into the Syslog, you can view these logs with the journactl utility. If you don't know what is the journald and journactl, you can read the tutorial How to Control Journald with Journalctl.
Let's view the Syslog records that belongs to the Postfix service by executing journactl:
$ journalctl -u postfix@-.service
https://betterstack.com/community/guides/logging/how-to-start-logging-with-postfix/
https://calomel.org/postfix.html
http://www.patrickpatoray.com/index.php?Page=47
http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html
2023-11-12
xrdp from X11:RemoteDesktop project Select Your Operating System
From <https://software.opensuse.org/download/package?package=xrdp&project=X11%3ARemoteDesktop>
mailq - list que
testsaslauthd - u username -p password -s smtp
sudo postsuper -d D45F2E4478
sudo postsuper -d ALL
postqueue -f
postqueue -p
testsaslauthd -u username -p password -s smtp
From: http://www.freelock.com/kb/postfix-relayhost
These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host.
Set up a password maps file (/etc/postfix/sasl_passwd) as follows: mail.ispserver.com username:password chown root:root /etc/postfix/sasl_passwd; chmod 600 /etc/postfix/sasl_passwd postmap /etc/postfix/sasl_passwd In /etc/postfix/main.cf: **Note:** relayhost=[2345.2345.23454.2345]:1025 relayhost = mail.ispserver.com smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = postfix reload
Also, if this is the first SASL service installed on the machine, make sure there's an appropriate SASL plugin installed:
urpmi --media main libsasl2-plug-login libsasl2-plug-plain--
That should do it! Postfix will log into the relay host using the smtp auth username and password. It's possible to set different logins for different servers, by adding more lines to the map file. Security options must be cleared to allow plaintext logins.
From: http://www.howtoforge.com/postfix_relaying_through_another_mailserver
systemctl enable postfix.service
http://forums.fedoraforum.org/showthread.php?t=261945
service operates on the files in /etc/init.d and was used in conjunction with the old init system. systemctl operates on the files in /lib/systemd . If there is a file for your service in /lib/systemd it will use that first and if not it will fall back to the file in /etc/init.d
systemctl
http://fedoraproject.org/wiki/Systemd
http://crashmag.net/useful-systemd-commands
List the current run level
systemctl list-units --type=target
testsaslauthd - u username -p password -s smtp
http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet
| systemd Command | Notes |
|---|---|
| systemctl start frobozz.service | Used to start a service (not reboot persistent) |
| systemctl stop frobozz.service | Used to stop a service (not reboot persistent) |
| systemctl restart frobozz.service | Used to stop and then start a service |
| systemctl reload frobozz.service | When supported, reloads the config file without interrupting pending operations. |
| systemctl condrestart frobozz.service | Restarts if the service is already running. |
| systemctl status frobozz.service | Tells whether a service is currently running. |
| ls /lib/systemd/system/*.service /etc/systemd/system/*.service systemctl list-units ~-~-all | Used to list the services that can be started or stopped Used to list all the services and other units |
| systemctl enable frobozz.service | Turn the service on, for start at next boot, or other trigger. |
| systemctl disable frobozz.service | Turn the service off for the next reboot, or any other trigger. |
| systemctl is-enabled frobozz.service | Used to check whether a service is configured to start or not in the current environment. |
| ls /etc/systemd/system/*.wants/frobozz.service | Used to list what levels this service is configured on or off |
| systemctl daemon-reload | Used when you create a new service file or modify any configuration |
| sysvinit Runlevel | systemd Target | Notes |
|---|---|---|
| 0 | runlevel0.target, poweroff.target | Halt the system. |
| 1, s, single | runlevel1.target, rescue.target | Single user mode. |
| 2, 4 | runlevel2.target, runlevel4.target, multi-user.target | User-defined/Site-specific runlevels. By default, identical to 3. |
| 3 | runlevel3.target, multi-user.target | Multi-user, non-graphical. Users can usually login via multiple consoles or via the network. |
| 5 | runlevel5.target, graphical.target | Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login. |
| 6 | runlevel6.target, reboot.target | Reboot |
| emergency | emergency.target | Emergency shell |
# This file is part of package postfix. # # Copyright (c) 2011 SuSE LINUX Products GmbH, Germany. # Author: Werner Fink # Please send feedback to http://www.suse.de/feedback # # Description: # # Used to start the postfix Mail Transport Agent service # which handles all mails stored at /var/spool/postfix/ and # all connections on port 25 aka smtp at localhost as well # as on all other network interfaces. # [Unit] Description=Postfix Mail Transport Agent Requires=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target Wants=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service After=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service Before=mail-transfer-agent.target Conflicts=sendmail.service exim.service [Service] Type=forking PIDFile=/var/spool/postfix/pid/master.pid ExecStartPre=-/bin/echo 'Starting mail service (Postfix)' EnvironmentFile=-/etc/sysconfig/postfix ExecStartPre=/etc/postfix/system/update_chroot ExecStartPre=/etc/postfix/system/rebuild_tables ExecStart=/usr/sbin/postfix start ExecStartPost=/etc/postfix/system/wait_qmgr 60 ExecStartPost=/etc/postfix/system/cond_slp register ExecReload=/usr/sbin/postfix reload ExecReload=/usr/sbin/postfix flush ExecStop=/usr/sbin/postfix stop ExecStopPost=/etc/postfix/system/cond_slp deregister [Install] WantedBy=multi-user.target
mailq
sudo postsuper -d D45F2E4478
sudo postsuper -d ALL
postqueue -f
postcat -q F2B9715C0B3
postconf | grep "qu"
http://www.patrickpatoray.com/index.php?Page=47
http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html
| bounce_queue_lifetime (default: 5d) | The maximal time a bounce message is queued before it is considered undeliverable. By default, this is the same as the queue life time for regular mail. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is d (days). Specify 0 when mail delivery should be tried only once. This feature is available in Postfix 2.1 and later. |
| maximal_queue_lifetime (default: 5d) | The maximal time a message is queued before it is sent back as undeliverable. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is d (days). Specify 0 when mail delivery should be tried only once. |
| relay_recipient_maps (default: empty) | Optional lookup tables with all valid addresses in the domains that match $relay_domains. Specify @domain as a wild-card for domains that have no valid recipient list, and become a source of backscatter mail: Postfix accepts spam for non-existent recipients and then floods innocent people with undeliverable mail. Technically, tables listed with $relay_recipient_maps are used as lists: Postfix needs to know only if a lookup string is found or not, but it does not use the result from table lookup. If this parameter is non-empty, then the Postfix SMTP server will reject mail to unknown relay users. This feature is off by default. See also the relay domains address class in the ADDRESS_CLASS_README file. |
Example:
relay_recipient_maps = hash:/etc/postfix/relay_recipients
This feature is available in Postfix 2.0 and later.
INPUT FILE FORMAT
http://www.postfix.org/postmap.23454.html
Only works for virtual addresses not assigned to real mailboxes. we are not defining many emails that go to real addresses.
http://www.postfix.org/VIRTUAL_README.html
5 /etc/postfix/virtual: 6 postmaster@example.com postmaster 7 info@example.com joe 8 sales@example.com jane 9 # Uncomment entry below to implement a catch-all address 10 # @example.com jim 11 ...virtual aliases for more domains...
Line 10: the commented out entry (text after #) shows how one would implement a catch-all virtual alias that receives mail for every example.com address not listed in the virtual alias file. This is not without risk. Spammers nowadays try to send mail from (or mail to) every possible name that they can think of. A catch-all mailbox is likely to receive many spam messages, and many bounces for spam messages that were sent in the name of anything@example.com.
| always_bcc (default: empty) | Optional address that receives a “blind carbon copy” of each message that is received by the Postfix mail system. Note: if mail to the BCC address bounces it will be returned to the sender. Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. |
3.5 Are there any other addresses I should accept?
You should also accept mail sent to what are known as 'role' accounts. These are some standard addresses that are defined by RFC 2142. RFC 2142 is a recommendation, not a requirement, but you should accept mail sent to 'postmaster' (which is a required address - see RFC 822) and 'abuse' as a minimum.
The addresses recommended by RFC 2142 are:
postmaster abuse webmaster info sales security hostmaster support marketing noc usenet news www uucp ftp These are in roughly descending order of importance. Most sites support the first seven, but the others are really optional: if you don't use the 'uucp' program (a very old program from the early days of the Internet), there's no need for you to have 'uucp@mydomain'.
Be aware that spammers will send spam to all these addresses.
http://readlist.com/lists/lists.debian.org/debian-user/2/11860.html
df -lh
It is interesting that we are using postfix to deliver messages to people but no local mailboxes are used. We have specified each and every address in the transport file so that they are sent to specific smtp servers.
/etc/resolv.conf
mynetworks = 2345.2345.23454.0/28, 127.0.0.0/8
http://www.postfix.org/resource.html
postconf (list the postfix configuration) postconf | grep size postconf -d (list the defaults for postfix)
Machine2:~ # postconf -d | grep size berkeley_db_create_buffer_size = 16777216 berkeley_db_read_buffer_size = 131072 body_checks_size_limit = 51200 bounce_size_limit = 50000 header_size_limit = 102400 mailbox_size_limit = 51200000 message_size_limit = 10240000
We do not relay
#------------------- relay ----------------------------------------------------- #relayhost = mail45.safesecureweb.com
But we are set up do do so if need be!
#------------------- smtp (outgoing) ----------------------------------------------------- smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
http://www.howtoforge.com/postfix_relaying_through_another_mailserver
To configure our Postfix server for relaying emails through smtp.example.com, we run
postconf -e 'relayhost = smtp.example.com' postconf -e 'smtp_sasl_auth_enable = yes' postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' postconf -e 'smtp_sasl_security_options ='
http://www.postfix.org/postconf.5.html#smtp_tls_security_level
The default SMTP TLS security level for the Postfix SMTP client; when a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
https://help.ubuntu.com/community/Postfix
Generate certificates to be used for TLS encryption and/or certificate Authentication:
broken_sasl_auth_clients = yes
Was configured in Postfix 2012-02-20 and before. Do not think we need this. although ASSP had some problems with authorization of Exchange due to outdated AUTH command.
Enable inter-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.
Specify “broken_sasl_auth_clients = yes” to have Postfix advertise AUTH support in a non-standard way.
smtpd_sender_dependent_authentication = yes - Not A Valid Parameter
| Domain names are listed with the mydestination parameter. | mydestination = $myhostname, localhost.$mydomain, mailserver.domain.com myhostname = mailserver2.domain.com, localhost.$mydomain = (localhost.(default of myhostname - first component = domain.com)) = localhost.domain.com, mailserver1.domain.com |
| This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces | inet_interfaces = all = 1222.1628.2122.22345 |
| or proxy_interfaces parameters. | proxy_interfaces = 2246.2246.2246.2246, 22345.2345.2345.2345 |
each recipient address is aliased to a local UNIX system account or to a remote address.
| Domain names | virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual |
Every address must be aliased to some other address.
————————————————————————————————————————————————
root: default@domain.com You can add as many aliases as you want for a person. When you are done, you MUST run the following command for Postfix to load the aliases (starting and stopping Postfix will NOT reload the aliases file): sudo newaliases postalias /etc/aliases
————————————————————————————————————————————————
From: http://www.freelock.com/kb/postfix-relayhost
These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host.
Set up a password maps file (/etc/postfix/sasl_passwd) as follows: mail.ispserver.com username:password chown root:root /etc/postfix/sasl_passwd; chmod 600 /etc/postfix/sasl_passwd postmap /etc/postfix/sasl_passwd In /etc/postfix/main.cf: **Note:** relayhost=[192.168.1.246]:1025 relayhost = mail.ispserver.com smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = postfix reload
Also, if this is the first SASL service installed on the machine, make sure there's an appropriate SASL plugin installed:
urpmi --media main libsasl2-plug-login libsasl2-plug-plain--
That should do it! Postfix will log into the relay host using the smtp auth username and password. It's possible to set different logins for different servers, by adding more lines to the map file. Security options must be cleared to allow plaintext logins.
From: http://www.howtoforge.com/postfix_relaying_through_another_mailserver
systemctl enable postfix.service
http://forums.fedoraforum.org/showthread.php?t=261945
service operates on the files in /etc/init.d and was used in conjunction with the old init system. systemctl operates on the files in /lib/systemd . If there is a file for your service in /lib/systemd it will use that first and if not it will fall back to the file in /etc/init.d
systemctl
http://fedoraproject.org/wiki/Systemd
http://crashmag.net/useful-systemd-commands
List the current run level
systemctl list-units --type=target
testsaslauthd - u username -p password -s smtp
http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet
| systemd Command | Notes |
|---|---|
| systemctl start frobozz.service | Used to start a service (not reboot persistent) |
| systemctl stop frobozz.service | Used to stop a service (not reboot persistent) |
| systemctl restart frobozz.service | Used to stop and then start a service |
| systemctl reload frobozz.service | When supported, reloads the config file without interrupting pending operations. |
| systemctl condrestart frobozz.service | Restarts if the service is already running. |
| systemctl status frobozz.service | Tells whether a service is currently running. |
| ls /lib/systemd/system/*.service /etc/systemd/system/*.service systemctl list-units ~-~-all | Used to list the services that can be started or stopped Used to list all the services and other units |
| systemctl enable frobozz.service | Turn the service on, for start at next boot, or other trigger. |
| systemctl disable frobozz.service | Turn the service off for the next reboot, or any other trigger. |
| systemctl is-enabled frobozz.service | Used to check whether a service is configured to start or not in the current environment. |
| ls /etc/systemd/system/*.wants/frobozz.service | Used to list what levels this service is configured on or off |
| systemctl daemon-reload | Used when you create a new service file or modify any configuration |
| sysvinit Runlevel | systemd Target | Notes |
|---|---|---|
| 0 | runlevel0.target, poweroff.target | Halt the system. |
| 1, s, single | runlevel1.target, rescue.target | Single user mode. |
| 2, 4 | runlevel2.target, runlevel4.target, multi-user.target | User-defined/Site-specific runlevels. By default, identical to 3. |
| 3 | runlevel3.target, multi-user.target | Multi-user, non-graphical. Users can usually login via multiple consoles or via the network. |
| 5 | runlevel5.target, graphical.target | Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login. |
| 6 | runlevel6.target, reboot.target | Reboot |
| emergency | emergency.target | Emergency shell |
# This file is part of package postfix. # # Copyright (c) 2011 SuSE LINUX Products GmbH, Germany. # Author: Werner Fink # Please send feedback to http://www.suse.de/feedback # # Description: # # Used to start the postfix Mail Transport Agent service # which handles all mails stored at /var/spool/postfix/ and # all connections on port 25 aka smtp at localhost as well # as on all other network interfaces. # [Unit] Description=Postfix Mail Transport Agent Requires=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target Wants=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service After=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service Before=mail-transfer-agent.target Conflicts=sendmail.service exim.service [Service] Type=forking PIDFile=/var/spool/postfix/pid/master.pid ExecStartPre=-/bin/echo 'Starting mail service (Postfix)' EnvironmentFile=-/etc/sysconfig/postfix ExecStartPre=/etc/postfix/system/update_chroot ExecStartPre=/etc/postfix/system/rebuild_tables ExecStart=/usr/sbin/postfix start ExecStartPost=/etc/postfix/system/wait_qmgr 60 ExecStartPost=/etc/postfix/system/cond_slp register ExecReload=/usr/sbin/postfix reload ExecReload=/usr/sbin/postfix flush ExecStop=/usr/sbin/postfix stop ExecStopPost=/etc/postfix/system/cond_slp deregister [Install] WantedBy=multi-user.target
mailq
sudo postsuper -d D45F2E4478
sudo postsuper -d ALL
postqueue -f
postcat -q F2B9715C0B3
postconf | grep "qu"
http://www.patrickpatoray.com/index.php?Page=47
http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html
| bounce_queue_lifetime (default: 5d) | The maximal time a bounce message is queued before it is considered undeliverable. By default, this is the same as the queue life time for regular mail. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is d (days). Specify 0 when mail delivery should be tried only once. This feature is available in Postfix 2.1 and later. |
| maximal_queue_lifetime (default: 5d) | The maximal time a message is queued before it is sent back as undeliverable. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is d (days). Specify 0 when mail delivery should be tried only once. |
| relay_recipient_maps (default: empty) | Optional lookup tables with all valid addresses in the domains that match $relay_domains. Specify @domain as a wild-card for domains that have no valid recipient list, and become a source of backscatter mail: Postfix accepts spam for non-existent recipients and then floods innocent people with undeliverable mail. Technically, tables listed with $relay_recipient_maps are used as lists: Postfix needs to know only if a lookup string is found or not, but it does not use the result from table lookup. If this parameter is non-empty, then the Postfix SMTP server will reject mail to unknown relay users. This feature is off by default. See also the relay domains address class in the ADDRESS_CLASS_README file. |
Example:
relay_recipient_maps = hash:/etc/postfix/relay_recipients
This feature is available in Postfix 2.0 and later.
INPUT FILE FORMAT
http://www.postfix.org/postmap.1.html
Only works for virtual addresses not assigned to real mailboxes. We are not defining many emails that go to real addresses.
http://www.postfix.org/VIRTUAL_README.html
5 /etc/postfix/virtual: 6 postmaster@example.com postmaster 7 info@example.com joe 8 sales@example.com jane 9 # Uncomment entry below to implement a catch-all address 10 # @example.com jim 11 ...virtual aliases for more domains...
Line 10: the commented out entry (text after #) shows how one would implement a catch-all virtual alias that receives mail for every example.com address not listed in the virtual alias file. This is not without risk. Spammers nowadays try to send mail from (or mail to) every possible name that they can think of. A catch-all mailbox is likely to receive many spam messages, and many bounces for spam messages that were sent in the name of anything@example.com.
| always_bcc (default: empty) | Optional address that receives a “blind carbon copy” of each message that is received by the Postfix mail system. Note: if mail to the BCC address bounces it will be returned to the sender. Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. |
3.5 Are there any other addresses I should accept?
You should also accept mail sent to what are known as 'role' accounts. These are some standard addresses that are defined by RFC 2142. RFC 2142 is a recommendation, not a requirement, but you should accept mail sent to 'postmaster' (which is a required address - see RFC 822) and 'abuse' as a minimum.
The addresses recommended by RFC 2142 are:
postmaster abuse webmaster info sales security hostmaster support marketing noc usenet news www uucp ftp These are in roughly descending order of importance. Most sites support the first seven, but the others are really optional: if you don't use the 'uucp' program (a very old program from the early days of the Internet), there's no need for you to have 'uucp@mydomain'.
Be aware that spammers will send spam to all these addresses.
http://readlist.com/lists/lists.debian.org/debian-user/2/11860.html
df -lh
It is interesting that we are using postfix to deliver messages to people but no local mailboxes are used. We have specified each and every address in the transport file so that they are sent to specific smtp servers.
/etc/resolv.conf
mynetworks = 192.168.1.0/28, 127.0.0.0/8
http://www.postfix.org/resource.html
postconf (list the postfix configuration) postconf | grep size postconf -d (list the defaults for postfix)
Machine2:~ # postconf -d | grep size berkeley_db_create_buffer_size = 16777216 berkeley_db_read_buffer_size = 131072 body_checks_size_limit = 51200 bounce_size_limit = 50000 header_size_limit = 102400 mailbox_size_limit = 51200000 message_size_limit = 10240000
We do not relay
#------------------- relay ----------------------------------------------------- #relayhost = mail45.x.com
But we are set up do do so if need be!
#------------------- smtp (outgoing) ----------------------------------------------------- smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
http://www.howtoforge.com/postfix_relaying_through_another_mailserver
To configure our Postfix server for relaying emails through smtp.example.com, we run
postconf -e 'relayhost = smtp.example.com' postconf -e 'smtp_sasl_auth_enable = yes' postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' postconf -e 'smtp_sasl_security_options ='
http://www.postfix.org/postconf.5.html#smtp_tls_security_level
The default SMTP TLS security level for the Postfix SMTP client; when a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
https://help.ubuntu.com/community/Postfix
Generate certificates to be used for TLS encryption and/or certificate Authentication:
broken_sasl_auth_clients = yes
Was configured in Postfix 2012-02-20 and before. Do not think we need this. although ASSP had some problems with authorization of Exchange due to outdated AUTH command.
Enable inter-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.
Specify “broken_sasl_auth_clients = yes” to have Postfix advertise AUTH support in a non-standard way.
smtpd_sender_dependent_authentication = yes - Not A Valid Parameter
| Domain names are listed with the mydestination parameter. | mydestination = $myhostname, localhost.$mydomain, mailserver1.x.com myhostname = mailserver2.x.com, localhost.$mydomain = (localhost.(default of myhostname - first component = x.com)) = localhost.x.com, mailserver1.x.com |
| This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces | inet_interfaces = all = 192.168.1.246 |
| or proxy_interfaces parameters. | proxy_interfaces = 1121.199.1213.1130, 1.1.1.1 |
each recipient address is aliased to a local UNIX system account or to a remote address.
| Domain names | virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual |
Every address must be aliased to some other address.
————————————————————————————————————————————————
root: default@x.com You can add as many aliases as you want for a person. When you are done, you MUST run the following command for Postfix to load the aliases (starting and stopping Postfix will NOT reload the aliases file): sudo newaliases postalias /etc/aliases