I have two SMTP servers listening on ports 2525 and 2526.
But I have only 1 public IP address.
I'd like to use postfix (already installed on my server) to receive emails only for domain xxx.company.com and domain yyy.company.com, and redirect those emails to server 1 (port 2525) for domain xxx.company.com and server 2 (port 2526) for domain yyy.company.com.
Postfix will not be used to send emails. Just receive.
I tried several postfix configurations but I haven't figured out how to do this properly.
For now, I end up with this:
In main.cf:
mydomain = company.com
mydestination = xxx.company.com, yyy.company.com
relay_domains = xxx.company.com, yyy.company.com
transport_maps = hash:/etc/postfix/transport
local_recipient_maps =
unknown_local_recipient_reject_code = 550
In transport.cf:
*xxx.company.com 2525:[localhost]
*yyy.company.com 2526:[localhost]
In master.cf, the following line has been uncommented:
local unix - n n - - local
But I still have an "unknown user" error if my maillog file.
I would like to be more accurate for local_recipients so I don't let the entire world enter my postfix.
Does anyone have an out-of-the-box example of such kind of configuration ?
Thanks,
Jeremy B.
Your main.cf should be
#/etc/postfix/main.cf
mydomain = company.com
mydestination = xxx.company.com, yyy.company.com
relay_domains =
transport_maps = hash:/etc/postfix/transport
local_recipient_maps = hash:/etc/postfix/local_users
also add the following files
#/etc/postfix/local_users
# Here ACCEPT can be anything,postfix doesn't use it.
someuser#xxx.company.com ACCEPT
someuser#yyy.company.com ACCEPT
#/etc/postfix/transport
xxx.company.com smtp:[localhost]:2525
yyy.company.com smtp:[localhost]:2526
# modify localhost, if the server1 and server2 is not on localhost
Hope that helps.
Related
I am setting up a fail2ban instance, everything works fine as expected, but I have been noticing some rules has built-in ports, for example:
...
[domino-smtp]
port = smtp,ssmtp
logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log
...
filter = sshd
logpath = /var/log/auth.log
port = ssh
...
[phpmyadmin-syslog]
port = http,https
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
...
So, when it states that port is ssh or http or whatever, where do fail2ban get these bindings from? How do I know what ports can I use as names and which as just port numbers?
Named ports are used by many tools besides f2b. In most Linux distributions they are defined in /etc/services (a subset of IANA's official list).
Am on an Amazon AWS EC2 Linux AMI Server. I used "Bill's Linux Qmail Toaster v. 0.9.4" at Bill's Linux Qmail Toaster v. 0.9.4 to install the various software packages there, specifically: daemontools, ucspi-tcp, qmail, vpopmail, dovecot, squirrel mail, autorespond, ezmlm-idx and qmailadmin. Qmail, Vpopmail and Dovecot are all working well, having tested as below...
Testing SMTP using telnet localhost 25 has no errors.
Testing IMAP using telnet localhost 143 has no errors.
Testing POP3 using telnet localhost 110 has no errors.
Question #1
Attempting to use squirrel mail brought the frontend error "ERROR: Connection dropped by IMAP server." which I couldn't figure where to check for error log(s). Someone please help. Where do I check to understand this error and fix it?
Question #2
I installed roundcube after squirrel mail failed. I followed the approach at RoundCube Installation. Attempting to login with roundcube shows no frontend error but does not login either. When I survey the roundcube/config/config.inc.php I find only the following basic settings...
$config = array();
$config['db_dsnw'] = 'mysqli://acc:passwd#localhost/roundcube';
$config['default_host'] = 'localhost';
$config['smtp_server'] = 'localhost';
$config['smtp_port'] = 25;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['support_url'] = '';
$config['product_name'] = 'Roundcube Webmail';
$config['des_key'] = 'some_des_key';
$config['plugins'] = array(
'archive',
'zipdownload',
);
$config['skin'] = 'larry';
Are these settings essential for a successful roundcube setup?
Question #3
When I investigate dovecot.conf, which I got after applying the exact steps at Dovecot Installation I see that almost all options and paths are actually commented out, for instance:
base_dir = /var/run/dovecot/
login_dir = /var/run/dovecot/login
login_executable = /usr/local/libexec/dovecot/imap-login
mail_executable = /usr/local/libexec/dovecot/imap
...
login_executable = /usr/local/libexec/dovecot/pop3-login
mail_executable = /usr/local/libexec/dovecot/pop3
auth_socket_path = /var/run/dovecot/auth-master
...
auth_executable = /usr/local/libexec/dovecot/dovecot-auth
...
I haven't tried uncommenting because some like /var/run/dovecot/auth-master do not even seem to exist on my system.
Is this configuration file with such (apparent mistakes) usual and usable?
I run the smtp server and gitlab on the same machine, and i am sure the the smtp server which runs the 25 port works because i receive the mail after running the this command --echo "This is the body of the email" | mail -s "This is the subject line" user#example.com. And i configure the gitlab like this in the /etc/gitlab/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "localhost"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = "myRootName"
gitlab_rails['smtp_password'] = "myRootPassword"
#gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = false
Can someone help? Thanks!
If you run a local MTA on the gitlab server there is nothing you need to configure explicitly. The SMTP settings in the gitlab.rb are only required if you use an external server or needs special configuration.
We run gitlab on Debian 8 here with the default installation of postfix. Works out of the box. But exim4 should work just fine as well.
You DO have to configure the following properties:
gitlab_rails['gitlab_email_from'] = 'gitlab#example.com'
gitlab_rails['gitlab_email_display_name'] = 'GitLab'
I have a strange problem that recently popped on my Debian Squeeze server.
I've had Exim4 configured to use SMTP-AUTH with encryption setup and running on this box for a long time, but now it doesn't work.
At first I thought it was maybe my certificates expired, but that wasn't the case, they're good for several more years.
It appears that the server isn't listening on port 25 any longer.
If I try to telnet to port 25 it times out.
If I run netstat -tulpen on the server nothing is listening on port 25.
I'm using the splitconf for Exim4.
In conf.d/main I'm enabling MAIN_TLS_ENABLE=true
In conf.d/auth/30_exim4-config_examples I have the following
# Authenticate against local passwords using sasl2-bin
# Requires exim_uid to be a member of sasl group, see README.Debian.gz
plain_saslauthd_server:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
#
login_saslauthd_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
# don't send system passwords over unencrypted connections
server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
On the server if I run this command:
swaks -a -tls -q HELO -s localhost -au A_USER_NAME -ap '<>'
I get this ...
=== Trying localhost:25...
* Error connecting 0.0.0.0 to localhost:25:
* IO::Socket::INET: connect: Connection refused
Can someone point me to some more advanced debugging techniques?
OK. I figured it out.
Comcast blocks port 25. I don't know why this is coming up now, unless they've recently started blocking it.
I had to change a line in /etc/default/exim4
From this
SMTPLISTENEROPTIONS='-oX 25 -oP /var/run/exim4/exim.pid'
To this
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
I also added this to /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
tls_on_connect_ports=465
It's odd that this just popped up, unless a Debian package updated the /etc/default/exim4 file. It's confusing, but it's working. Hopefully this will be helpful to someone in the future.
Cheers.
How should I check if my ISP blocks port 25?
cmd> telnet <some well known email provider IP> 25
to determine which exactly host (subdomain) is listening port 25:
nslookup -q=MX <top-level domain>
For example:
cmd> nslookup -q=MX gmail.com
gmail.com MX preference = 50, mail exchanger = gsmtp147.google.com
gmail.com MX preference = 50, mail exchanger = gsmtp183.google.com
gmail.com MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt2.gmail-smtp-in.l.google.com
gsmtp147.google.com internet address = 209.85.147.27
gsmtp183.google.com internet address = 64.233.183.27
gmail-smtp-in.l.google.com internet address = 64.233.183.114
cmd> telnet gsmtp147.google.com 25
220 mx.google.com ESMTP l27si12759488waf.25
On Linux, you can 'dig', I guess.
http://www.canyouseeme.org/
telnet host 25
Just select a host that you know is listening on port 25.
You could call them and ask.
Probing a server that listens on your desired port is of course the best option, as abatishchev has shown.
In the case where you can't find an "echo" service on your desired port or you want to know who is blocking you on the path you can resort to firewalking. Firewalking probes the path by starting with a Time-To-Live (TTL) set to zero and then icrementing it by one each iteration. When you stop getting "ICMP TTL Exceeded" messages that means the next hop in the chain is filtering your packets.
You can use hping3 to do this:
:~$ hping3 -z -T -p 25 server.com
or use Firewalk which was created for exactly this.
Edit: Any NAT devices on the route will silently destroy your results since the TTL is reset to whatever sane value the router sees fit.