Using B3 to relay outgoing mail

[eramoli]

Hi,

Quite often I am connected to netowrks other than my own and I would like to send e-mails at these times. The challenge is that my ISP only allows me to send e-mail if I am connected to his network. This results in that I need to identify the outgoing mail server for the network I am connected to and use that one in my e-mail client.

This is a hassle that I would like to avoid.

My thinking is as follows. Could I install a relay application on B3 that my computer would send the e-mails to regardless on which network I am conected. The relay application would then send the e-mail to the normal outgoing mail server of my ISP.

Is this a good solution?
Any better proposals?
How do I do it?

Best Regards,
Morgan

PS
I do not want to use a web interface to send the e-mails.
DS

[Gordon]

Not so simple.

Essentially what you want is to use the B3 as your mail host and send everything off through your ISP's mail server. That's the easy part: install postfix and configure it to use your ISP as it's smarthost. Now the thing is that you want to be able to address this server not only from within your LAN environment, but also from various unknown public addresses; this will make you vulnerable to become a very popular spam relaying address.

Things you can do:

• Change the SMTP listener port to something high (1000+), provided your email client supports this. This will rid you of most port scanners even noticing your email server. It may also actually be a requirement because some ISP's will simply refuse to pass any traffic for port 25, in any direction, that is not handled by their own mail server.
• Add authentication. I've never done this myself, but postfix has SASL support. Note that this does not add encryption, so there's no real safety in this.
• Use ssh tunnelling...
• ...or VPN

Also note that whether any of these will work depend on what the "hostile network" allows for outbound traffic.

[Binkem]

Actually this would be a very useful function with all the smartphone and tablets around, provided its handled securely and is accessible from most smartphones and tablets. My ISP accepts only smtp from its own network, my 3g provider only accepts mail on its 3g network, my work e-mail has different smtp servers for intranet and the internet etc. etc. Having a single, secure smtp-server via my Bubba would be a bonus to me.

[Ubi]

Setting up SMTP-AUTH with postfix is a breeze if you abuse the dovecot authentication. Running on the 587 submission port generally works, but anything over 1024 is generally OK as well.

I suppost this recipe may work:
http://www.adomas.org/2006/08/postfix-dovecot/

[eramoli]

Hi,

I found two HowTo on the excito wiki
http://wiki.excito.org/wiki/index.php/S ... MTP-server
http://wiki.excito.org/wiki/index.php/S ... ated_relay

I will later try to follow these and see if I manage to get it working.

Question: Does the configuaration mail interface on the http://b3 connect to postfix or does it connect to another mail sending application, like sendmail?

/Morgan

[Ubi]

to postfix. It is nearly impossible to have both postfix and Sendmail active on the same box . HOWEVER postfix includes the "sendmail" command, which is present for compatibility and has nothing to do with the Sendmail package.

[Gordon]

I'd say the most likely thing is that the webmail interface uses SMTP and IMAP socket functions provided by PHP

[eramoli]

Hi Again,

When executing the following command

Code: Select all

echo "Test mail" | mail -s "This is a test mail" eek@myisp.com

and logged in as root everything works as it should. When logged in as a "normal" user I get the following message in /var/log/mail,log

Code: Select all

Nov 3 01:39:27 MorganB3 postfix/sendmail[11585]: fatal: open /etc/postfix/main.cf: Permission denied

Must I manually change the permission on the main.cf file? and to what? or should a normal not have the possibility to send an e-mail in this way?

/Morgan

[Ubi]

There really is no point in restricting main.cf to root on a system like bubba. But, if you want to retain some extra security, create a group called staff

Code: Select all

groupadd staff

add yourself

Code: Select all

usermod -G myname stafff

then allow yourself access to main.cf

Code: Select all

chgrp staff /etc/postfix/main.cf
chmod g+w /etc/postfix/main.cf

[Gordon]

I have no problem using sendmail command with these rights:

Code: Select all

gordon@eagle:~> ls -l /etc/postfix/
total 404
-rw-r--r--  1 root root 13424 2004-07-01 00:11 access
-rw-r--r--  1 root root 12288 2005-02-01 11:07 access.db
-rw-r--r--  1 root root  9053 2004-07-01 00:11 canonical
-rw-r--r--  1 root root 12288 2005-02-01 11:07 canonical.db
-rw-r--r--  1 root root 14722 2004-07-01 00:11 header_checks
-rw-r--r--  1 root root 11942 2004-07-01 00:11 LICENSE
-rw-r--r--  1 root root 26834 2011-10-06 10:23 main.cf
-rw-r--r--  1 root root 26670 2005-02-15 17:50 main.cf.backup
-rw-r--r--  1 root root 13213 2004-07-01 00:11 main.cf.default
-rw-r--r--  1 root root 26633 2005-02-03 11:46 main.cf.SuSEconfig
-rw-r--r--  1 root root   673 2004-07-01 00:11 makedefs.out
-rw-r--r--  1 root root  6882 2004-07-01 00:11 master.cf
-rw-r--r--  1 root root  2083 2004-07-01 00:11 openssl_postfix.conf.in
-rw-r--r--  1 root root 13136 2004-07-01 00:11 postfix-files
-rwxr-xr-x  1 root root  5800 2004-07-01 00:11 postfix-script
-rwxr-xr-x  1 root root 21207 2004-07-01 00:11 post-install
-rw-r--r--  1 root root   199 2004-07-01 00:11 relay_ccerts
-rw-r--r--  1 root root 12288 2005-02-01 11:07 relay_ccerts.db
-rw-r--r--  1 root root  6374 2004-07-01 00:11 relocated
-rw-r--r--  1 root root 12288 2005-02-01 11:07 relocated.db
-rw-------  1 root root   172 2005-02-03 11:46 sasl_passwd
-rw-------  1 root root 12288 2005-02-03 11:46 sasl_passwd.db
-rw-------  1 root root   172 2004-07-01 00:11 sasl_passwd.YaST2.save
-rw-r--r--  1 root root   413 2005-02-03 11:46 sender_canonical
-rw-r--r--  1 root root 12288 2005-02-03 11:46 sender_canonical.db
-rw-r--r--  1 root root   412 2004-07-01 00:11 sender_canonical.YaST2.save
-rw-r--r--  1 root root 10902 2004-07-01 00:11 transport
-rw-r--r--  1 root root 12288 2005-02-01 11:07 transport.db
-rw-r--r--  1 root root 11189 2005-02-03 11:46 virtual
-rw-r--r--  1 root root 12288 2005-02-03 11:46 virtual.db
-rw-r--r--  1 root root 11188 2004-07-01 00:11 virtual.YaST2.save

Guess what distribution this is

[Ubi]

Well, apparently not bubba...

RHEL also makes main.cf 644 standard so I guess it's ok.

[eramoli]

The main.cf file was only readable for owner, after changed it to be readable for group and other it works as it should, sending e-mail from a normal user that is.

I have some other problems now but I will try some more tings before asking more questions

/Morgan

[DanielM]

Well, I wouldn't want ANYONE to write in my main.cf. Could end up nasty...

/Daniel

edit: Erhm. I mean ANYONE like in EVERYONE. I want to be writing in it myself. Just not those other guys

[Ubi]

Daniel, get some coffee before posting, this was about group READING, not group WRITING permissions.

[DanielM]

Daniel, get some coffee before posting, this was about group READING, not group WRITING permissions.

Nope. I don't drink coffee. Could do with tea though. Or Jägermeister.

I misread. Since the file seems to be world readable per default I thought you were talking about writing

/Daniel