Hi all,
I run my own domain @stoffel.org and I'm trying to fix a problem
sending email to @charter.net users, since Spectrum has blocked my
Linode's ASN number completely. My IP passes all the RBL blacklists
their first line support suggested I check, but I find my IP for
mail.stoffel.org in the UCEPROTECT-3 spam list. Nothing I can do
about it. Running postfix 3.5.13
Since I'm also a charter customer for my internet, I've got an email
account with them, so I'd like to just route all email for
@charter.net addresses through their transport.
Everything else should just route naturally to where ever the MX
record points.
My host also has dovecot for local virtual users, with postscreen and
spamassasin setup as well.
I tried setting up /etc/postfix/transport_maps like this:
charter.net [mobile.charter.net]:587
But it started routing all my outgoing email through them, which isn't
going to work. So I'm missing something here. Do I need to setup a
seperate instance for sending email to @charter.net through an
authenticated connection?
I though about using relay_domains = charter.net, but I certainly
don't want anyone to be able to use my host to try and spam that
domain. I really just want SASL authenticated clients who send email
from my stoffel.org domain to be routed (and possibly have the from:
header re-written and a reply-to: header added) through an
authenticated path into charter.net.
I know this should be possible, just not finding the setting in my
personal mail archive of the list, or in google-foo.
$ postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.5
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
message_size_limit = 55000000
milter_connect_macros = i j {daemon_name} v {if_name} _
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
mydestination = localhost
myhostname = mail.stoffel.org
mynetworks_style = host
myorigin = $myhostname
non_smtpd_milters = inet:127.0.0.1:8891
postscreen_access_list = permit_mynetworks
postscreen_greet_action = enforce
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/sender_bcc
smtp_sasl_password_maps = hash /etc/postfix/saslpass
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client
zen.spamhaus.org
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination, check_sender_access
hash:/etc/postfix/local_domains
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.stoffel.org/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.stoffel.org/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
spamass-dovecot_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport_maps
virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps
virtual_mailbox_domains = stoffel.org play.stoffel.org mail.stoffel.org
virtual_mailbox_maps = sqlite:/etc/postfix/virtual_users.cf
virtual_transport = spamass-dovecot
=====================================================================
$ postconf -Mf
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o header_checks=regexp:/etc/postfix/header_checks
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unauth_destination
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=mail argv=/usr/bin/maildrop -d ${recipient}
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
spamass-dovecot unix - n n - - pipe flags=DRhu
user=mail:mail argv=/usr/bin/spamc -u debian-spamd -e
/usr/lib/dovecot/deliver -a ${recipient} -d ${user}@${domain}
postlog unix-dgram n - n - 1 postlogd
