I'm using the setting "smtp_tcp_port = submission" in my postconf. So all traffic is forced to 587 anyway.
On 8/7/21 10:15 AM, tobi wrote:
> > relayhost = [mx.krowverse.services]
>
> If I got your first post right you only have nat rules for port 465 and
> 587 but the setting above implies usage of port 25. Ever tried to add
> :587 to your postfix relayhost setting?
>
> Am 7. August 2021 11:51:33 UTC schrieb masstransitk...@365stops.org:
>
> When I replied, I did not notice that Thunderbird had rewritten the
> header.
>
> At the moment, I need to know what in this configuration could be
> causing the mail to bounce back to me. At the moment, only local mail is
> delivered.
>
> I simply need the mail to exit my server after it is sent without being
> refused. All relevant ports are open on the endpoint I want to send to.
>
> I think I am trying to configure a satellite site but I did not specify
> that during installation.
>
> On 8/6/21 7:23 PM, Viktor Dukhovni wrote:
>
> On Fri, Aug 06, 2021 at 10:59:00PM +0000,
> masstransitk...@365stops.org wrote:
>
> On 8/6/21 1:00 AM, Viktor Dukhovni wrote:
>
> On Fri, Aug 06, 2021 at 03:05:03AM +0000,
> masstransitk...@365stops.org wrote:
>
> I followed your advice and now the traffic is
> hitting my gateway as it
> should. The problem is, now it's getting refused.
>
> Firewall rules specify input interface in DNAT rules
> now. So instead of
> simply forwarding ports 587 and 465, it is also
> requiring that the
> public interface is the originating one. Let's call
> it "enp1s0".
>
> I eagerly await your feedback.
>
>
> I eagerly await the relevant log entries (and "postconf
> -nf" + "postconf -Mf"
> outputs) posted to the list.
>
>
> Here are the results for postconf -nf:
>
>
> And what question did you want to ask in relation to this
> configuration,
> and where are the relevant logs? Post your reply to the
> postfix-users
> *list*, not to my personal email address.
>
> ###BEGIN OUTPUT###
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> compatibility_level = 2
> daemon_directory = /usr/lib/postfix/sbin
> data_directory = /var/lib/postfix
> debug_peer_list = 127.0.0.1
> debugger_command =
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> $daemon_directory/$process_name $process_id & sleep 5
> home_mailbox = Maildir/
> inet_interfaces = all
> inet_protocols = ipv4
> local_recipient_maps = unix:passwd.byname $alias_maps
> mail_owner = postfix
> mailbox_size_limit = 18253611008
> mailq_path = /usr/bin/mailq
> message_size_limit = 10485760
> mydestination = $myhostname, localhost.$mydomain, localhost,
> $mydomain
> mydomain = krowverse.services
> myhostname = mx.krowverse.services
> mynetworks = 127.0.0.0/8 172.16.101.0/27
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> proxy_interfaces = 172.16.101.4
> relay_domains =
> relayhost = [mx.krowverse.services]
> sendmail_path = /usr/sbin/postfix
> setgid_group = postdrop
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_tcp_port = submission
> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_banner = $myhostname ESMTP
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks,
> reject_invalid_hostname
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_auth_destination,
> permit_sasl_authenticated, reject_rbl_client cbl.abuseat.org,
> reject_rbl_client bl.spamcop.net, reject_rbl_client
> sbl.spamhaus.org,
> reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client
> zen.spamhaus.org, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_cert_file =
>
> /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/fullchain.pem
> smtpd_tls_key_file =
>
> /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/privkey.pem
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_session_cache_database =
> btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> unknown_local_recipient_reject_code = 550
>
> ###END OUTPUT###
>
> And here is the output of postconf -Mf:
>
> ###BEGIN OUTPUT###
> smtp inet n - y - - smtpd
> submission inet n - n - - smtpd -v
> -o syslog_name=postfix/submission
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_tls_auth_only=yes
> smtps inet n - y - - smtpd
> -o syslog_name=postfix/smtps
> -o smtpd_tls_wrappermode=yes
> -o
>
> smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain
> -o milter_macro_daemon_name=ORIGINATING
> pickup unix n - y 60 1 pickup
> cleanup unix n - y - 0 cleanup
> qmgr unix n - n 300 1 qmgr
> tlsmgr unix - - y 1000? 1 tlsmgr
> rewrite unix - - y - - trivial-rewrite
> bounce unix - - y - 0 bounce
> defer unix - - y - 0 bounce
> trace unix - - y - 0 bounce
> verify unix - - y - 1 verify
> flush unix n - y 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - y - - smtp
> relay unix - - y - - smtp
> -o syslog_name=postfix/$service_name
> showq unix n - y - - showq
> error unix - - y - - error
> retry unix - - y - - error
> discard unix - - y - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - y - - lmtp
> anvil unix - - y - 1 anvil
> scache unix - - y - 1 scache
> postlog unix-dgram n - n - 1 postlogd
> maildrop unix - n n - - pipe flags=DRhu
> user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp unix - n n - - pipe flags=Fqhu
> user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe flags=F
> user=ftn
> argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe flags=Fq.
> user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient
> scalemail-backend unix - n n - 2 pipe flags=R
> user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop}
> ${user} ${extension}
> mailman unix - n n - - pipe flags=FR
> user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
> ${nexthop}
> ${user}
>
> ###END OUTPUT###
>
> I hope this helps. I eagerly await your feedback.
>
>
> Sadly none is possible, without the relevant context.
>
> --
> Viktor.
>
publickey - masstransitkrow@365stops.org - 20be2ea5.asc
Description: application/pgp-keys
