On Wed, Jan 12, 2022 at 11:14:34AM +1100, raf wrote: > On Tue, Jan 11, 2022 at 01:20:49PM -0500, Ruben Safir <ru...@mrbrklyn.com> > wrote: > > > On Thu, Jan 06, 2022 at 02:09:45PM +1100, raf wrote: > > > On Wed, Jan 05, 2022 at 04:10:26AM -0500, Ruben Safir > > > <ru...@mrbrklyn.com> wrote: > > > > > > > > > > /etc/postfix/main.cf: > > > > > > > smtpd_sasl_type = dovecot > > > > > > > smtpd_sasl_path = private/auth > > > > > > > > > > > > Can't this be done with tls withouth dovecot or sasl? > > > > > > > > > > Authentication is needed by Dovecot for IMAP access > > > > > to read email. So it should be available for use by > > > > > Postfix as well. > > > > > > > > > It is not working anyway. The reason is that > > > > A) It won't relay > > B) The IP addresses are mmarked in spamhoause as not valid for email > > service > > > > Outbound Email policy of Cablevision/OptimumOnline for this IP range > > > > (Jan 2007) Email sent from this IP block via port 25 (SMTP) should only > > be sent via the designated outbound mail server for Optimum Online > > customers: mail.optimum.net The use of port 25 is obsolete, you should > > use port 465/TLS (SMTPS) or port 587 (SMTP-Submit /w STARTTLS) to send > > mail, whether you are using Optimum's server or a third-party ISP's > > server. > > > > See OOL's support site at > > http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=39 > > > > Standard-tier OOL customers are blocked from sending/receiving mail via > > port 25 (SMTP) to any other servers since 2004. See OOL support site: > > http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=876 > > > > You may send mail via another ISP by using SMTP-Submit (port 587) or > > SMTPS (port 465/TLS) service, if your third-party ISP's mail server > > supports this service. > > > > It is hiting on port 587 so I don't know a way around this that is > > satisfactory. it is BS and annoying > > http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=876http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=876 > > The above sounds very different to what I thought you > were talking about. I thought you were saying that > *your* Postfix server wasn't relaying email for your > users, and that some form of user authentication > (Dovecot SASL or TLS client certificates) was needed > locally to be able to allow relaying *by* your Postfix > server. >
That is right. When I initially set it up I set it up so it would not be an open rely outside my local network. Now I am trying to send and recieve from an outside client. > The above sounds like your problem is that your Postfix > server needs to send all outgoing mail via a specific > *remote* mail server (Cablevision/OptimumOnline), and > that *it* won't relay your email unless your Postfix > server authenticates itself to that remote server, so > that that remote server will be willing to relay mail > that comes out of your Postfix server. That's a very > different problem. > Not at all. This was just triggered when I tried to send email from the remote client. spamhause didn't like it, despite the fact that it was tickling 587 for submition (and then relay). I sort of fixed that by telling spamhause they the ip block is OK (even though it is dynamic al likely to change). It still won't relay though, and I dread having to open the relay. > If that's the case, your Postfix doesn't need access to > Dovecot's SASL abilities, or to TLS client certificates. > It just needs to connect to the remote mail server in > the way that that server requires, by sypplying a username > and password to it. > I haven't yet put in the dovecot authentication yet, but it looks like I will need to. I am not sure it will relay even if I do though. I wish there was a howto on this. There are a lot of sasl options I decided since I am doing all this to update both postfix and dovecot from source. This is a stand alone device and I really do not feel like having to upgrade the entire OS for is microsystem and there are no upgrade packages. this is a lot of sasl options: www2:~ # grep sasl /etc/postfix/* /etc/postfix/main.cf:smtp_sasl_auth_enable = no /etc/postfix/main.cf:smtp_sasl_security_options = /etc/postfix/main.cf:smtp_sasl_password_maps = /etc/postfix/main.cf:smtpd_sasl_auth_enable = no /etc/postfix/main.cf.rpmnew:#smtpd_sasl_type = dovecot (I pray that this will be produced by ./configure and I won't need to do this all by hand). /etc/postfix/makedefs.out:SYSLIBS = -lldap -llber -lpcre -lsasl2 -lssl -lcrypto -ldb -lnsl -lresolv /etc/postfix/makedefs.out:CC = gcc $(WARN) -I. -I../../include -DHAS_LDAP -DHAS_PCRE -DUSE_SASL_AUTH -I/usr/include/sasl -DMAX_DYNAMIC_MAPS -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/pgsql -DUSE_CYRUS_SASL -DUSE_TLS -fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -Wno-comments /etc/postfix/makedefs.out:EXPORT = AUXLIBS='-lldap -llber -lpcre -lsasl2 -lssl -lcrypto' CCARGS='-I. -I../../include -DHAS_LDAP -DHAS_PCRE -DUSE_SASL_AUTH -I/usr/include/sasl -DMAX_DYNAMIC_MAPS -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/pgsql -DUSE_CYRUS_SASL -DUSE_TLS -fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -Wno-comments' OPT='-O' DEBUG='' /etc/postfix/master.cf:# -o smtpd_sasl_auth_enable=yes /etc/postfix/master.cf:# -o smtpd_sasl_auth_enable=yes /etc/postfix/master.cf:# -o smtpd_sasl_auth_enable=yes /etc/postfix/master.cf:# -o smtpd_sasl_auth_enable=yes /etc/postfix/master.cf.rpmnew:# -o smtpd_sasl_auth_enable=yes /etc/postfix/master.cf.rpmnew:# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject /etc/postfix/master.cf.rpmnew:# -o smtpd_sasl_auth_enable=yes /etc/postfix/master.cf.rpmnew:# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject /etc/postfix/sasl_passwd:# sasl_passwd grep: /etc/postfix/system: Is a directory grep: /etc/postfix/tls: Is a directory > > P.S. The URLs above are inaccessible. Perhaps they only > exist for their customers. The optimum.custhelp.com > domain doesn't even resolve to an address for me. Yeah - I noticed that... -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
