Matthew Patton wrote: > > Why send mail as user@myhostname, when the named host will never > > ever receive email? > > Because I need to retain FROM what host it originated. If I see an > email from root@domain I have no idea which host it came from.
In my mailer I would immediately look at the Received: header trail of the message. And also the Message-Id: of the message. Both of those would tell me the server that originated the message. > The emails are cron scripts and the like, not user-generated email. In the spirit of sharing... I think I have a very similar environment. I have many machines. Cron sends emails with the output of cronjobs. Emails are sent by cron using mailx. It's a very traditional Unix environment. I read mail from within that environment and there is no site hiding for mail from these servers to my mailbox. I see the full unique hostname. Such as r...@misery.proulx.com or some such. It is being transported directly from the server to my mailbox. Since I am not reading mail at Gmail or elsewhere. For servers within my main environment but sending mail outside of it I have a relay host where outgoing mail from there to the world will be masqueraded as the domain. However I exclude root mail from that masquerading. (masquerade_exceptions = root) Therefore when these automated messages come through from root I get the full hostname on the message such as r...@torment.proulx.com or some such. Depending upon the destination this will either be allowed (inbound mail) or most often it will be blocked (outbound mail) due to not having a global public DNS for that name. That's okay. If it is blocked it is because it was a mistake and I didn't mean to send outbound mail. But I sometimes forget when a buddy and I are both sharing work on a system. For servers randomly placed on the Internet but sending mail back to my main mailbox (inbound mail) I typically connect a VPN back from there to my main mail relay. Therefore mail from a remote VM enters my mail relay via a permitted network. mynetworks = ... smtpd_recipient_restrictions = permit_mynetworks, ... Therefore the mail is allowed through due to using the VPN for transport. Also the mail is always encrypted over the VPN. Also all of the authentication and authorization is handled by the VPN and not needed to be worried about on the SMTP email side. For me this is a simpler strategy. I am not sending mail back to r...@despair.proulx.com or wherever. Those random servers will be configured to listen on the loopback device only. (inet_interfaces = loopback-only) They only originate mail but never receive it. For a VPN this could be a full OpenVPN setup. Or an ssh+autossh port forwarded tunnel. Or other such as an stunnel. I prefer one of the first two. Whatever is simplest. This works well for me. Something like this might be a good strategy to use. It's a good strategy for me. If I were reading mail offsite at a 3rd party such as Gmail then I would need to modify this so that I did not exclude root mail from site hiding masquerading. This would mean that all outgoing mail from root would have a From address as originating from the domain not the specific host. In which case to identify the mail I would need to look at the message headers (Show original message...) in the mailer. That would show me the Received: and Message-id: headers and I would use that to identify the system. Hope this helps! Bob
