Building and running Postfix as unprivileged user

Dear Postfix folks, In our infrastructure, we are building Postfix from source with an unprivileged user, and also try to run most services as an unprivileged user. Privileged ports are forwarded to unprivileged ports, used by the service, by configuring Linux’ packet filter rules with *iptab

Re: postfix newbe - which standard configuration to use

2021-04-26 21:55 időpontban IL Ka ezt írta: > Hi. > > Do you have email addresses in different domains? Do you own all these > domains (have access to their DNS configuration etc)? > Do you want to receive emails for these domains? Hi. One of them I own, have access to DNS configuration, th

Re: postfix newbe - which standard configuration to use

Hi. In most cases you shouldn't send email from @gmail through your server, because gmail has SPF policy (srv record in DNS) and only gmail servers are allowed to send emails from this domain (email sent from another IP will go to spam). You can configure your server to forward these emails via gm

Re: postfix newbe - which standard configuration to use

Hi. Thank you for your detailed answer! That what I need. My home server have no static, but public internet address using freedns. This weakness was draw me to use VPS with static, public ip address. I do not need to receive any emails on my VPS (I using my home server to that, storing emai

Re: Building and running Postfix as unprivileged user

Paul Menzel: > Dear Postfix folks, > > In our infrastructure, we are building Postfix from source with an > unprivileged user, and also try to run most services as an unprivileged > user. Privileged ports are forwarded to unprivileged ports, used by the > service, by configuring Linux? packet f

Re: Building and running Postfix as unprivileged user

Dear Wietse, Am 27.04.21 um 14:49 schrieb Wietse Venema: Paul Menzel: In our infrastructure, we are building Postfix from source with an unprivileged user, and also try to run most services as an unprivileged user. Privileged ports are forwarded to unprivileged ports, used by the service, by

Re: postfix newbe - which standard configuration to use

Hello, On Tue, 27 Apr 2021, R-VISOR-TOVIS wrote: My home server have no static, but public internet address using freedns. This weakness was draw me to use VPS with static, public ip address. [...] Seem to be I need sasl authentication between my home server and vps server. That mean I need t

Re: Building and running Postfix as unprivileged user

On 4/27/21 9:30 AM, Paul Menzel wrote: > Dear Wietse, > > > Am 27.04.21 um 14:49 schrieb Wietse Venema: >> Paul Menzel: > >>> In our infrastructure, we are building Postfix from source with an >>> unprivileged user, and also try to run most services as an unprivileged >>> user. Privileged ports

Re: Building and running Postfix as unprivileged user

On 27 Apr 2021, at 07:30, Paul Menzel wrote: > Thank you for your prompt reply. Searching for *unprivileged* in the mailing > list archives, I actually only found discussion of containers, and Victor’s > reply in the thread *Should I be root or postfix user to execute postfix > commands?* [1]:

Re: Building and running Postfix as unprivileged user

On 27 Apr 2021, at 9:30, Paul Menzel wrote: I am still wondering, why for example the files in `/etc/postfix` have to be owned by root. There are tasks which various Postfix executables (notably master, postdrop, postsuper, and postqueue) perform which can only be done by root. How those exe

Re: postfix newbe - which standard configuration to use

> > > I do not need to receive any emails on my VPS (I using my home server to > that, storing emails starting from 2002 using dovecot and roundcube - we > are happy with this). > Hm.. how can you receive emails for your domain on your home server? What will the MX record contain? > Seem to be I

Re: SPF/DMARC modified by host en route

[TBird goofy URL-ification of everything left intact because I'm too lazy to fix someone else's MUA garbage] On 26 Apr 2021, at 9:13, Jeff Abrahamson wrote: ARC-Authentication-Results: i=1; [mx.google.com](); dkim=pass header.i=@[p27.eu]() h

Re: Building and running Postfix as unprivileged user

> On Apr 27, 2021, at 9:30 AM, Paul Menzel wrote: > > I am still wondering, why for example the files in `/etc/postfix` have to be > owned by root. > > If you have a search term, I should use, I happily search through the list > archive. http://postfix.1071664.n5.nabble.com/Rootless-postfix-t

Re: Building and running Postfix as unprivileged user

Paul Menzel: > I am still wondering, why for example the files in `/etc/postfix` have > to be owned by root. Because they are configuration files that are read by programs that run as ROOT. If a non-root user can change change or rename files, then that user controls a program that runs as ROOT.

Re: postfix newbe - which standard configuration to use

"Hm.. how can you receive emails for your domain on your home server? What will the MX record contain?" Debian 10 buster exim4 as an MTA with smarthost setup (smarthost is used to be a server of my internet provider, using per user authentication with password). Mails are collected by fethcmail

Re: SPF/DMARC modified by host en route

On 27/04/2021 19:33, Bill Cole wrote: [TBird goofy URL-ification of everything left intact because I'm too lazy to fix someone else's MUA garbage] Yes, sorry.  For some purposes it would be better that I use mutt. For work (where I am now), compatibility with others leaves me using thunderbird

Debian - Postfix rejecting user (User unknown in local recipient table (in reply to RCPT TO command))

I have set up Postfix / Dovecot on Centos a number of time, a few weeks ago I set up a Debian server with Postfix / Dovecot and it went fine. I'm doing the same again today but keep getting bounces when sending to any virtual domain on the new server, with the error: Recipient address rejected: Us

Re: Debian - Postfix rejecting user (User unknown in local recipient table (in reply to RCPT TO command))

Neil Farmstrong: > I have set up Postfix / Dovecot on Centos a number of time, a few > weeks ago I set up a Debian server with Postfix / Dovecot and it went > fine. I'm doing the same again today but keep getting bounces when > sending to any virtual domain on the new server, with the error: > > R

Re: Debian - Postfix rejecting user (User unknown in local recipient table (in reply to RCPT TO command))

Dear Wietse Thank you for your reply. I had been looking at mydestination as the cause earlier, however my working server does not set this so I gave up on that. When I try mydestination = localhost this now changes the error to "User unknown in virtual alias table". The suggested fix for this o

Re: Debian - Postfix rejecting user (User unknown in local recipient table (in reply to RCPT TO command))

> On Apr 27, 2021, at 6:31 PM, Neil Farmstrong > wrote: > > I had been looking at mydestination as the cause earlier, however my > working server does not set this so I gave up on that. When I try > mydestination = localhost this now changes the error to "User unknown > in virtual alias table".

Re: Debian - Postfix rejecting user (User unknown in local recipient table (in reply to RCPT TO command))

I have commented out virtual_alias_domains and mail is now passing to Clam AV (although failing due to a Clam AV error) so this appears to be solved. Still very confused why it would be different on this server though. On Tue, 27 Apr 2021 at 23:31, Neil Farmstrong wrote: > > Dear Wietse > > Tha