Ian Evans wrote: > Just looking for a pointer to a recommended tutorial on setting up Postfix > as a send only service to be able to send alert emails from a home server > like smartmontools drive warnings etc.
The problem won't be finding one. The problem will be finding less than several dozen. And selecting a "good" one from the collection. > I have seen several tutorials that touch on this, but the part I'm not > clear on is the FQDN setting. It's home server so it doesn't have a public > domain name. If everything is completely private on a local area network then one can generate any random thing. But since you are wanting to interact on the global public Internet wide area network then you must use an existing valid domain name. > If my dynamic DNS provider reaches my home server at > myhome.example.com, would that be the FQDN? I suggest yes. Since the dynamic dns provider "example.com" is a valid domain name and they are providing you with the valid FQDN name of "myhome.example.com" then yes that would be okay to use that name as your FQDN in this case. I say suggest because there are many ways to do things and this is simply one possible way. However there are limitations. I will avoid trying to describe all of the possibilities. But just note that things stretch to a certain extent. If stretched too far then anything breaks. But in exactly the above case you are talking about this will work. I am going to suggest something different. You have a web site and it has a domain name. Or you will have your own domain name for many reasons. You might want to use one of those. So *either* the dynamic dns provider name as above *or* use a name from a domain you own. In either case relay through your Internet server. > If this makes it easier, I do have a fully functional Postfix mail server > on my website server. Is there a way for the home server to send its alert > emails via the business server? Or should the home send-only Postfix send > through Gmail somehow? Using your website server solves a very important problem. The problem of needing either 1) a static IP address assignment of an IP address that is not going to be blocked by the receiving end for being in a dynamic address space or being in a blocked IP space And/Or 2) needing to control both systems on the ends of the network connection so that the remote client can authenticate and authorize the sending of email from a dynamic IP address to the server. Therefore if it were me in your position I would use your website server to receive the email connection from your home client. And then have the website server send the mail to Gmail or wherever. (Google may still be a problem for robustly accepting the email. They often are. But can only start somewhere and then cross each bridge problem as you come to them.) Your myhome.example.com client will not be able to send to Google's Gmail or practically anywhere else because it will have a dynamic IP assignment. As a practical matter almost every mail service blocks mail from dynamic IP address assignments. To block hostile agents abusing the network from virus infected systems and other compromised devices. Soo... Don't even try it. It will just be an exercise in frustration for you. Your business server website will have a static IP assignment. That will allow it to send email to other systems on the Internet such as Google's Gmail. It can operate as your mail relay. It can be configured to authorize mail from your home dynamic IP client and your home dynamic IP client can be configured to authenticate to it. With your dynamic IP home client authenticating to your website server and your website server authorizing the email relay then automated notifications from your home client can be sent to your Gmail account. That will work. That is probably the best way for you to configure your setup. Hopefully that clears up the problems you will face. With that discussion in place the next question you SHOULD be asking is what is the simplest and most robust way for you to set up the communication connection between your home client and your Internet server in order to authenticate your client and authorize the relay of mail through the server? That is the much more interesting discussion to have here. Because there are several possibilities with pros and cons to the selection. SASL with shared private keys? Public keys using certificates? Encrypted or non-encrypted connections? VPN? Several good possibilities to choose from in just as many sentences. Personally for exactly the situation you are describing I think the easiest and simplest is using a VPN. A VPN (virtual private network) connects over the Internet my remote dynamic IP clients with my static IP server. Then I configure Postfix to send the remote client email over the VPN. The server allows local (vpn-local) network connections (permit_mynetworks) and relays the mail. The authentication and authorization is done by the VPN connection. All communication over the VPN is fully encrypted. So for me that is one easy way to set things up. And then the VPN is useful for other aspects of the problem such as being able to connect out to the remote client over the VPN too. Since the VPN is connecting to your Internet server this allows you to use either the FQDN of the dynamic dns provider or to use a FQDN of own domain name. Since the VPN is connecting your systems. A good all purpose VPN suggestion would be OpenVPN but a very simple and effective one might be 'sshuttle' or 'autossh' to set up a tunnel. Three good possibilities in that one sentence. In different places I have made good use of all three of those. Pros and cons to each. The best solution for you is the one you understand the best. That is the one you can manage the easiest. Sorry if one question begets quite a few more. But that is the nature of these things! :-) Bob
