Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020 at 07:59:21PM +1300, Peter wrote: > On 15/02/20 10:31 am, Ian Evans wrote: > > Hi, > > > > Just looking for a pointer to a recommended tutorial on setting up > > Postfix as a send only service to be able to send alert emails from a > > home server like smartmontools drive warnings etc. > > > > If this makes it easier, I do have a fully functional Postfix mail > > server on my website server. Is there a way for the home server to send > > its alert emails via the business server? Or should the home send-only > > Postfix send through Gmail somehow? > > You're basically asking postfix to fill the roll of a null mailer. Postfix > can do this but there are other tools that are simpler to configure and > better suited to that roll. I recommend msmtp: > > https://marlam.de/msmtp/ > I'm not totally convinced that any of the simple/null mailers does the job either easily or well. I have a Beaglebone Black SBC on a small boat in France and it records data such as the battery voltages. I needed to set up outgoing mail so that if/when things went wrong I would receive E-Mail telling me. After trying several 'simple' mailers I ended up installing Postfix and, after somw quite simple configuration, it has 'just worked' ever since. -- Chris Green
Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020, 11:09 AM Chris Green, wrote: > On Sat, Feb 15, 2020 at 07:59:21PM +1300, Peter wrote: > > On 15/02/20 10:31 am, Ian Evans wrote: > > > Hi, > > > > > > Just looking for a pointer to a recommended tutorial on setting up > > > Postfix as a send only service to be able to send alert emails from a > > > home server like smartmontools drive warnings etc. > > > > > > If this makes it easier, I do have a fully functional Postfix mail > > > server on my website server. Is there a way for the home server to send > > > its alert emails via the business server? Or should the home send-only > > > Postfix send through Gmail somehow? > > > > You're basically asking postfix to fill the roll of a null mailer. > Postfix > > can do this but there are other tools that are simpler to configure and > > better suited to that roll. I recommend msmtp: > > > > https://marlam.de/msmtp/ > > > I'm not totally convinced that any of the simple/null mailers does the > job either easily or well. I have a Beaglebone Black SBC on a small > boat in France and it records data such as the battery voltages. I > needed to set up outgoing mail so that if/when things went wrong I > would receive E-Mail telling me. After trying several 'simple' > mailers I ended up installing Postfix and, after somw quite simple > configuration, it has 'just worked' ever since. > > -- > Chris Green > Thanks. Getting back to another part of my question, it's a bit unclear what I should set as the myhostname and mydomain in the config files. The machine name is buster. But its dynamic DNS address is anothername.example.com. >
Re: Using Postfix to send home server alerts
Ian Evans wrote: > Just looking for a pointer to a recommended tutorial on setting up Postfix > as a send only service to be able to send alert emails from a home server > like smartmontools drive warnings etc. The problem won't be finding one. The problem will be finding less than several dozen. And selecting a "good" one from the collection. > I have seen several tutorials that touch on this, but the part I'm not > clear on is the FQDN setting. It's home server so it doesn't have a public > domain name. If everything is completely private on a local area network then one can generate any random thing. But since you are wanting to interact on the global public Internet wide area network then you must use an existing valid domain name. > If my dynamic DNS provider reaches my home server at > myhome.example.com, would that be the FQDN? I suggest yes. Since the dynamic dns provider "example.com" is a valid domain name and they are providing you with the valid FQDN name of "myhome.example.com" then yes that would be okay to use that name as your FQDN in this case. I say suggest because there are many ways to do things and this is simply one possible way. However there are limitations. I will avoid trying to describe all of the possibilities. But just note that things stretch to a certain extent. If stretched too far then anything breaks. But in exactly the above case you are talking about this will work. I am going to suggest something different. You have a web site and it has a domain name. Or you will have your own domain name for many reasons. You might want to use one of those. So *either* the dynamic dns provider name as above *or* use a name from a domain you own. In either case relay through your Internet server. > If this makes it easier, I do have a fully functional Postfix mail server > on my website server. Is there a way for the home server to send its alert > emails via the business server? Or should the home send-only Postfix send > through Gmail somehow? Using your website server solves a very important problem. The problem of needing either 1) a static IP address assignment of an IP address that is not going to be blocked by the receiving end for being in a dynamic address space or being in a blocked IP space And/Or 2) needing to control both systems on the ends of the network connection so that the remote client can authenticate and authorize the sending of email from a dynamic IP address to the server. Therefore if it were me in your position I would use your website server to receive the email connection from your home client. And then have the website server send the mail to Gmail or wherever. (Google may still be a problem for robustly accepting the email. They often are. But can only start somewhere and then cross each bridge problem as you come to them.) Your myhome.example.com client will not be able to send to Google's Gmail or practically anywhere else because it will have a dynamic IP assignment. As a practical matter almost every mail service blocks mail from dynamic IP address assignments. To block hostile agents abusing the network from virus infected systems and other compromised devices. Soo... Don't even try it. It will just be an exercise in frustration for you. Your business server website will have a static IP assignment. That will allow it to send email to other systems on the Internet such as Google's Gmail. It can operate as your mail relay. It can be configured to authorize mail from your home dynamic IP client and your home dynamic IP client can be configured to authenticate to it. With your dynamic IP home client authenticating to your website server and your website server authorizing the email relay then automated notifications from your home client can be sent to your Gmail account. That will work. That is probably the best way for you to configure your setup. Hopefully that clears up the problems you will face. With that discussion in place the next question you SHOULD be asking is what is the simplest and most robust way for you to set up the communication connection between your home client and your Internet server in order to authenticate your client and authorize the relay of mail through the server? That is the much more interesting discussion to have here. Because there are several possibilities with pros and cons to the selection. SASL with shared private keys? Public keys using certificates? Encrypted or non-encrypted connections? VPN? Several good possibilities to choose from in just as many sentences. Personally for exactly the situation you are describing I think the easiest and simplest is using a VPN. A VPN (virtual private network) connects over the Internet my remote dynamic IP clients with my static IP server. Then I configure Postfix to send the remote client email over the VPN. The server allows local (vpn-local) network connections (permit_mynetworks) and relays the mail. The authentication
Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020, 1:55 PM Bob Proulx, wrote: > Ian Evans wrote: > > Just looking for a pointer to a recommended tutorial on setting up > Postfix > > as a send only service to be able to send alert emails from a home server > > like smartmontools drive warnings etc. > > The problem won't be finding one. The problem will be finding less > than several dozen. And selecting a "good" one from the collection. > > > I have seen several tutorials that touch on this, but the part I'm not > > clear on is the FQDN setting. It's home server so it doesn't have a > public > > domain name. > > If everything is completely private on a local area network then one > can generate any random thing. But since you are wanting to interact > on the global public Internet wide area network then you must use an > existing valid domain name. > > > If my dynamic DNS provider reaches my home server at > > myhome.example.com, would that be the FQDN? > > I suggest yes. Since the dynamic dns provider "example.com" is a > valid domain name and they are providing you with the valid FQDN name > of "myhome.example.com" then yes that would be okay to use that name > as your FQDN in this case. I say suggest because there are many ways > to do things and this is simply one possible way. > > However there are limitations. I will avoid trying to describe all of > the possibilities. But just note that things stretch to a certain > extent. If stretched too far then anything breaks. But in exactly > the above case you are talking about this will work. > > I am going to suggest something different. You have a web site and it > has a domain name. Or you will have your own domain name for many > reasons. You might want to use one of those. So *either* the dynamic > dns provider name as above *or* use a name from a domain you own. In > either case relay through your Internet server. > > > If this makes it easier, I do have a fully functional Postfix mail server > > on my website server. Is there a way for the home server to send its > alert > > emails via the business server? Or should the home send-only Postfix send > > through Gmail somehow? > > Using your website server solves a very important problem. The > problem of needing either 1) a static IP address assignment of an IP > address that is not going to be blocked by the receiving end for being > in a dynamic address space or being in a blocked IP space And/Or 2) > needing to control both systems on the ends of the network connection > so that the remote client can authenticate and authorize the sending > of email from a dynamic IP address to the server. Therefore if it > were me in your position I would use your website server to receive > the email connection from your home client. And then have the website > server send the mail to Gmail or wherever. (Google may still be a > problem for robustly accepting the email. They often are. But can > only start somewhere and then cross each bridge problem as you come to > them.) > > Your myhome.example.com client will not be able to send to Google's > Gmail or practically anywhere else because it will have a dynamic IP > assignment. As a practical matter almost every mail service blocks > mail from dynamic IP address assignments. To block hostile agents > abusing the network from virus infected systems and other compromised > devices. Soo... Don't even try it. It will just be an exercise in > frustration for you. > > Your business server website will have a static IP assignment. That > will allow it to send email to other systems on the Internet such as > Google's Gmail. It can operate as your mail relay. It can be > configured to authorize mail from your home dynamic IP client and your > home dynamic IP client can be configured to authenticate to it. > > With your dynamic IP home client authenticating to your website server > and your website server authorizing the email relay then automated > notifications from your home client can be sent to your Gmail > account. That will work. That is probably the best way for you to > configure your setup. > > Hopefully that clears up the problems you will face. With that > discussion in place the next question you SHOULD be asking is what is > the simplest and most robust way for you to set up the communication > connection between your home client and your Internet server in order > to authenticate your client and authorize the relay of mail through > the server? That is the much more interesting discussion to have > here. Because there are several possibilities with pros and cons to > the selection. SASL with shared private keys? Public keys using > certificates? Encrypted or non-encrypted connections? VPN? Several > good possibilities to choose from in just as many sentences. > > Personally for exactly the situation you are describing I think the > easiest and simplest is using a VPN. A VPN (virtual private network) > connects over the Internet my remote dynamic IP
Re: Using Postfix to send home server alerts
Ian Evans wrote: > Bob Proulx wrote: > > The best solution for you is the one you understand the best. That is > > the one you can manage the easiest. > > > > Sorry if one question begets quite a few more. But that is the nature > > of these things! :-) > > Egads. 😊 Sorry! :-) > You're right. A million questions and not a "will have this project > finished in half an hour." Will have to set aside a clearer weekend day. > > It's so easy for projects like, say, zoneminder to say "check this box to > send alerts" without putting a giant asterisk next to it and suggesting > you'll need to invest in a lot of coffee. > > Thanks for outlining possible solutions. I'll look into them soon. Another possibility I didn't think to write originally is this. Since you are already using a Gmail account and wanting to deliver to your own account there. Configure your dynamic IP home client to login into Gmail using your Google credentials and send mail that way. It might work for you just fine and be a simpler solution for you than other things. Search the web for HOWTO Configure Postfix To Send Mail Using Gmail. That should turn up a number of guides on the topic! Might be just what you need. Bob
Re: Using Postfix to send home server alerts
In an earlier note, Bob Proulx said "The best solution for you is the one you understand the best. That is the one you can manage the easiest.” For me, for historical reasons, that has been Postfix. For several years, I ran a full-fledged Postfix server on a Macintosh running at home. Static IP on DSL. Worked great. About four years ago, the cost to keep the DSL at a decent speed was getting too high so I switched to cable with a dynamic IP and outsourced the mail and web hosting of my domain. But I had processes running on the computer at home that needed to send mail. Easiest thing was to just leave Postfix running and as the cable company does not allow outgoing to port 25, have Postfix relay to my new mail provider using relayhost to the submission port. Other than adding relayhost and a password file referenced by smtp_sasl_password_maps, the only other change I needed to make to Postfix was to add Cyrus SASL (I has been using dovecot for smtpd but only Cyrus is supported for smtp (client)). Even though my computer at home is now on dynamic IP, it has a host name in my domain. The IP address has only changed once in those four years and one of those processes lets me know if it changes so I can quickly update DNS. Most of the processes on my computer send via the Postfix sendmail command although there is one that sends via SMTP so having a local STMP daemon is important (it looks like MSMTP that Peter recommended only works as sendmail command replacement). I’ve only had one issue which is one of those processes at home tries to send me a text message via T-Mobile’s email to text gateway (send email to phonenum...@tmomail.net). At some point in the last year, they started detecting that the mail was being double-relayed (home to mail ISP and the mail ISP to them) and rejecting it. My workaround is to have that process send directly to my mail ISP via CURL but that’s error-prone as a network outage will cause it to fail rather than being held for retry (but since this process retrieves mail from the mail ISP via fetchmail, analyzes it for some keywords, and immediately send the mail via CURL, the outage would have to happen in that fraction of a second between fetch and send). But I just tried it right now via the Sendmail command and it worked so maybe T-Mobile realized that this was rejecting too much legitimate messages. -- Larry Stone lston...@stonejongleux.com
Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020 at 01:53:37PM -0500, Ian Evans wrote: > > [2]https://marlam.de/msmtp/ > > > I'm not totally convinced that any of the simple/null mailers does > the > job either easily or well. I have a Beaglebone Black SBC on a small > boat in France and it records data such as the battery voltages. I > needed to set up outgoing mail so that if/when things went wrong I > would receive E-Mail telling me. After trying several 'simple' > mailers I ended up installing Postfix and, after somw quite simple > configuration, it has 'just worked' ever since. > -- > Chris Green > >Thanks. Getting back to another part of my question, it's a bit unclear >what I should set as the myhostname and mydomain in the config files. >The machine name is buster. But its dynamic DNS address is >[3]anothername.example.com. > My Beaglebone Black is connected via a WiFi hotspot and isn't visible from outside at all. I just have myhostname set to a subdomain of a domain I own, mydomain isn't explicitly set at all. -- Chris Green
Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020 at 09:23:18PM +, Chris Green wrote: > On Sat, Feb 15, 2020 at 01:53:37PM -0500, Ian Evans wrote: > > > [2]https://marlam.de/msmtp/ > > > > > I'm not totally convinced that any of the simple/null mailers does > > the > > job either easily or well. I have a Beaglebone Black SBC on a small > > boat in France and it records data such as the battery voltages. I > > needed to set up outgoing mail so that if/when things went wrong I > > would receive E-Mail telling me. After trying several 'simple' > > mailers I ended up installing Postfix and, after somw quite simple > > configuration, it has 'just worked' ever since. > > -- > > Chris Green > > > >Thanks. Getting back to another part of my question, it's a bit unclear > >what I should set as the myhostname and mydomain in the config files. > >The machine name is buster. But its dynamic DNS address is > >[3]anothername.example.com. > > > My Beaglebone Black is connected via a WiFi hotspot and isn't visible > from outside at all. I just have myhostname set to a subdomain of a > domain I own, mydomain isn't explicitly set at all. > More to the point I see I have a comment at the top of main.cf that says:- # N.B. for the aliases in /etc/aliases to work (and thus for cron errors to get # sent to me) the value in myorigin must match one of the entries in mydestination -- Chris Green
