Code Monkey home page Code Monkey logo

docs's People

Contributors

xtuc avatar

Stargazers

avatar

Watchers

avatar avatar

Forkers

nexxai

docs's Issues

Mailout: Port redirection

This issue is to keep track of the recent tests and documentation of the minimum postfix configuration needed for the port redirection. For other mail-servers we should ask the community to help on that.

Basic interface with mailout

TBD

Minimum postfix configuration

When receiving on port 25 (or NATed over from custom port 2525), the default configuration should be sufficient. In mater.cf the main service that handles the incoming mails is submission (TBC). Commonly found reasons for not being able to receive mails on port 465 and 587 are either due to postfix blocking the connection or TLS is missconfigured. For the postfix settings the user should check that the following options allow to receive:

## These are placeholder settings for now. DO NOT use these settings as we have not tested the security yet.
## If others have experience and insight setting these options please comment.

## TODO: find the appropriate safe options to:
## 1) Deny access to non-authenticated users to send mails from the service
## 2a) Allow receiving the mails from mailout receiving MX record
## 2b) Allow receiving the mails from arbitrary source. (Useful for overriding mailout on IPv6)
## PS: it is not recommended to have ONLY these options set/unset, but 

submission inet n       -       n       -       -       smtpd                                                               
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject                 
#  -o smtpd_client_restrictions=permit_sasl_authenticated                                                                       
#  -o smtpd_reject_unlisted_recipient=no                                                                           
#  -o smtpd_client_restrictions=$mua_client_restrictions                                                           
#  -o smtpd_helo_restrictions=$mua_helo_restrictions                                                               
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
smtps     inet  n       -       n       -       -       smtpd                                                              
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject                 
#  -o smtpd_client_restrictions=permit_sasl_authenticated                                                                       
#  -o smtpd_reject_unlisted_recipient=no                                                                           
#  -o smtpd_client_restrictions=$mua_client_restrictions                                                           
#  -o smtpd_helo_restrictions=$mua_helo_restrictions                                                               
#  -o smtpd_sender_restrictions=$mua_sender_restrictions

Otherwise mailout is properly configured to allow setting:

submission inet n       -       n       -       -       smtpd                        
  -o smtpd_tls_auth_only=yes
smtps     inet  n       -       n       -       -       smtpd             
  -o smtpd_tls_auth_only=yes

TLS certificate

Misconfiguration here has also lead to a few issues with mailout relaying mails, particularly when setting up additional MX subdomains to redirect the mails.
Coming soon: recommended and simple configuration for setting up manual and automatic certificate renewal using certbot, step and caddy.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.