On Wed, Dec 22, 2021 at 02:19:49PM +1100, raf wrote: > On Tue, Dec 21, 2021 at 06:52:23AM -0500, Ruben Safir <ru...@mrbrklyn.com> > wrote: > > > I want to add a domain for the office in addition to my current domain. > > > > I've done this before, following the outline in: > > http://www.postfix.org/VIRTUAL_README.html#canonical > > > > using > > > > [ruben@www2 ~]$ cat /etc/postfix/main.cf|grep mydest > > mydestination = www.domain1.com, www2.domain1.com, home.domain1.com, > > domain1.com, domain2.com, domain3.com, domain4.com, domain5.com, > > newistdomain.com > > > > So I can receive mail satisfactory and this has been good enough since I > > normally ssh in from remote and use mutt and all my outgoing email is > > transformed to n...@domain.com > > > > I need for select users from the newistdomain.com to have that > > n...@newistdomain.com > > > > I am using thunderbird and dovecot to pop mail from the system. At > > home, this is no problem as I am on the local network. I just set up the > > smtp server to the postfix host running postfix. > > That should probably be the same for all Thunerbird users as well. > > > mydomain = domain1.com > > masquerade_domains = domain1.com, domain1.com #which is probably wrong > > myhostname = domain1.com > > I'm sure that domain1.com doesn't need to appear twice in > the masquerade_domains parameter, but it's harmless. > > > How do I securely open postfix to relay email received from these > > specific external office locals using newistdoman.coms > > If you can already connect using Thunderbird, you must > have an entry for submission and/or submissions/smtps > (i.e., port 587 and/or 465) in /etc/postfix.master.cf,
Thunderbird can directly talk to postfix SMTP without dovecot et al? I thought it only talks to postfix on the outbound mail. This is not taylor uucp :( > you just need to override the smtpd_recipient_restrictions > or smtpd_relay_restrictions parameters there to permit > SASL-authenticated users t osend mail whereever they > want. e.g.: any alternative to SASL. It is not installed currently. I've been using plain password file authentication. > > smtps inet n - y - - smtpd > -o syslog_name=postfix/$service_name > -o smtpd_tls_wrappermode=yes > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions= > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > > submission inet n - y - - smtpd > -o syslog_name=postfix/$service_name > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_tls_auth_only=yes > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions= > -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > > Or have the relevant parameters set similarly in > /etc/postfix/main.cf. > > > and how do I get > > those accounts to default to n...@newistdoman.com ? > > I think that that's something that should be specified > in Thunderbird itself. doesn't masquarade rewrite it? > > But if the Thunderbird clients are configured with an > incorrect/non-ideal sender domain, and you need Postfix > to override that, you can probably handle that either > with canonical or generic address rewriting: > > http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical > (incoming/outgoing) > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic (outgoing only) > I'll crunch on that. The problem here is that I deal with this so infrequently that I forget everything I learned when I alter the set up. > Any parameter changes that need to be added can be > added to the service declaration in master.cf using -o > options. > > But since this is only for "select users", it probably > makes more sense for those users to just set their > correct from address in Thunderbird (unless I've > misunderstood something). > > cheers, > raf Thanks! Reuvain -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
