I am trying to reconfigure a (currently working) debian 10 postfix configuration because we have moved to Office365 as SMTP server. The postfix mail configuration is only used for sending out mails that the server itself generates (logcheck mails etc). The only change I thought I had to make was changing the relayhost setting from: relayhost = some.mail.provider:465 to: relayhost = smtp.office365.com:587 **Problem:** However, that doesn't work. In /var/log/syslog I get Sep 21 15:03:30 pasteur postfix/smtp: SSL_connect error to smtp.office365.com[40.101.137.34]:587: -1 Sep 21 15:03:30 pasteur postfix/smtp: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: Sep 21 15:03:30 pasteur postfix/smtp: EC2809EF92: Cannot start TLS: handshake failure **Question**: Anybody knows a solution? I played around with various postfix settings in /etc/postfix/main.cf but that doesn't work. For example, changing smtp_tls_security_level = encrypt to ... = may results in syslog entries such as smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt" (or stronger) My postfix settings in /etc/postfix/main.cf are: # Ansible managed smtpd_banner = $myhostname ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html # default to 2 on fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # Enable SASL authentication smtp_sasl_auth_enable = yes smtp_sasl_password_maps = static::************ smtp_sasl_security_options = noanonymous smtp_tls_wrappermode = yes smtp_use_tls = yes smtp_tls_security_level = encrypt # General myhostname = pasteur..com myorigin = /etc/mailname mydestination = $myhostname localhost.$mydomain localhost pasteur mynetworks = "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all relayhost = smtp.office365.com:587

I configured an SMTP server (Postfix) on an AWS instance. However, as a defense against spam most well-managed emailservers will reject messages ***sent*** from any host whose IP does not resolve back to the same hostname of the sending server. When I sent a test message from the CLI: mail -s 'TEST Subject' addressOfRecpient@test.com <<< 'Test Message Sent from Postfix Server' It gets rejected by the recipient's mailserver. ***How do I create a PTR record for the Elastic IP assigned to my AWS mailserver?***

I am trying to get open SASL to work on CentOS 6.2. I followed this tutorial: http://wiki.centos.org/HowTos/postfix_sasl I suspect it works perfectly for CentOS 5.x so all I really need is an update for use on CentOS 6.2. I was feeling confident right up until I discovered half way through that dovecot.conf goes mad with these settings. This link recommends that people running CentOS 6 use a different method. http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Neither of the methods outlined in these links work. Also I don't know how to get Open-Xchange to use SMTP authentication. It seems to be very poorly documented and their CE forum is not letting me post, nor is it showing much activity at all.

sender_email - email address that does not exist, but must be used as FROM address, because receiver host rejects emails from other emails. receiver_email - email that is supposed to receive the sent message local_smtp - SMTP server that is installed on another computer in the local network and forwards all received messages to external_smtp external_smtp - SMTP server that is installed on a computer in another network and rejects all emails that do not come from sender_email I have configured sendmail to send emails from sender_email and authenticate with user/password to local_smtp that is supposed to send the email message further to external_smtp that only accepts emails sent from a specific email, which is sender_email in this case. However, judging from the log files sendmail authenticates with external_smtp instead of local_smtp. I do not want to authenticate with external_smtp, because that is up to local_smtp. logfile: 10745 >> EHLO mgmt-snmp 10759 >> MAIL From: AUTH=sender_email 10759 >> This is a MIME-encapsulated message 10759 >>> 10759 >>> --t8IEdmbX010759.1442587188/mgmt-snmp 10759 >>> 10759 >>> The original message was received at Fri, 18 Sep 2015 16:39:48 +0200 10759 >>> from root@localhost 10759 >>> 10759 >>> ----- The following addresses had permanent fatal errors ----- 10759 >>> receiver_email 10759 >>> (reason: 530 authentication required) 10759 >>> I guess it has something to do with AUTH=sender_email, but I do not know how to change it. sendmail.mc: divert(-1)dnl #----------------------------------------------------------------------------- # $Sendmail: debproto.mc,v 8.14.4 2014-02-11 13:02:08 cowboy Exp $ # # Copyright (c) 1998-2010 Richard Nelson. All Rights Reserved. # # cf/debian/sendmail.mc. Generated from sendmail.mc.in by configure. # # sendmail.mc prototype config file for building Sendmail 8.14.4 # # Note: the .in file supports 8.7.6 - 9.0.0, but the generated # file is customized to the version noted above. # # This file is used to configure Sendmail for use with Debian systems. # # If you modify this file, you will have to regenerate /etc/mail/sendmail.cf # by running this file through the m4 preprocessor via one of the following: # * make (or make -C /etc/mail) # * sendmailconfig # * m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf # The first two options are preferred as they will also update other files # that depend upon the contents of this file. # # The best documentation for this .mc file is: # /usr/share/doc/sendmail-doc/cf.README.gz # #----------------------------------------------------------------------------- divert(0)dnl # # Copyright (c) 1998-2005 Richard Nelson. All Rights Reserved. # # This file is used to configure Sendmail for use with Debian systems. # define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: sendmail.mc, v 8.14.4-4.1ubuntu1 2014-02-11 13:02:08 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE dnl # dnl # General defines dnl # dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot() dnl # into this directory before writing files. dnl # If *all* your user accounts are under /home then use that dnl # instead - it will prevent any writes outside of /home ! dnl # define(confSAFE_FILE_ENV', ')dnl dnl # dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!! dnl # Remove `, Addr=' clauses to receive from any interface dnl # If you want to support IPv6, switch the commented/uncommentd lines dnl # FEATURE(`no_default_msa')dnl dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl dnl # dnl # Be somewhat anal in what we allow define(`confPRIVACY_FLAGS',dnl `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl dnl # dnl # Define connection throttling and window length define(confCONNECTION_RATE_THROTTLE', 15')dnl define(confCONNECTION_RATE_WINDOW_SIZE',10m')dnl dnl # dnl # Features dnl # dnl # use /etc/mail/local-host-names FEATURE(`use_cw_file')dnl dnl # dnl # The access db is the basis for most of sendmail's checking FEATURE(access_db', , skip')dnl dnl # dnl # The greet_pause feature stops some automail bots - but check the dnl # provided access db for details on excluding localhosts... FEATURE(greet_pause', 1000')dnl 1 seconds dnl # dnl # Delay_checks allows senderrecipient checking FEATURE(delay_checks', friend', `n')dnl dnl # dnl # If we get too many bad recipients, slow things down... define(confBAD_RCPT_THROTTLE',3')dnl dnl # dnl # Stop connections that overflow our concurrent and time connection rates FEATURE(conncontrol', nodelay', `terminate')dnl FEATURE(ratecontrol', nodelay', `terminate')dnl dnl # dnl # If you're on a dialup link, you should enable this - so sendmail dnl # will not bring up the link (it will queue mail for later) dnl define(confCON_EXPENSIVE',True')dnl dnl # dnl # Dialup/LAN connection overrides dnl # include(`/etc/mail/m4/dialup.m4')dnl include(`/etc/mail/m4/provider.m4')dnl dnl LOCAL_CONFIG dnl EXPOSED_USER(root uucp)dnl # users exempt from masquerading dnl LOCAL_USER(root)dnl dnl MASQUERADE_AS(`external_smtp')dnl dnl FEATURE(`allmasquerade')dnl dnl FEATURE(`masquerade_envelope')dnl dnl FEATURE(`nullclient', local_smtp)dnl LOCAL_CONFIG ## Custom configurations below (will be preserved) define(SMART_HOST', local_smtp')dnl define(confAUTH_MECHANISMS', EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(authinfo', hash /etc/mail/authinfo')dnl define(RELAY_MAILER_ARGS', TCP $h 25')dnl dnl # dnl # Default Mailer setup MAILER_DEFINITIONS MAILER(`local')dnl MAILER(`smtp')dnl authinfo: AuthInfo:local_smtp "U:root" "I:my_username" "P:my_password"

I am using Zenoss for monitoring purpose. I have been using its mail service for a long time. Suddenly my mail service in zenoss stopped and started showing - Connection unexpectedly closed and no mails are outgoing. When I ran the mail command via CLI, the mail goes to the email address. While executing the zenoss script for mailer won't work and throws out the error as shown above. My server is RHEL 5.3 x86_64, with Zenoss 4.2 & sendmail email server. ### Sendmail logs & Zenoss email conf Apr 11 07:14:30 XXXhostnameXX sendmail: r3BBDgia013582: lost input channel from localhost.localdomain [127.0.0.1] to MTA after mail Apr 11 07:14:30 XXXhostnameXX sendmail: r3BBDgia013582: from=, size=146972, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Zenoss is following basic smtp connection as emailing is done by local sendmail server (localhost) in port 25. No specific configuration is used.

I found the following in the logs: sssd_kcm: Starting up postfix/submission/smtpd: initializing the server-side TLS engine postfix/submission/smtpd: connect from unknown[::1] postfix/submission/smtpd: warning: connect to Milter service unix:/run/spamass-milter/spamass-milter.sock: No such file or directory postfix/submission/smtpd: setting up TLS connection from unknown[::1] postfix/submission/smtpd: unknown[::1]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH" postfix/submission/smtpd: SSL_accept:before SSL initialization postfix/submission/smtpd: SSL_accept:before SSL initialization postfix/submission/smtpd: SSL_accept:SSLv3/TLS read client hello postfix/submission/smtpd: SSL_accept:SSLv3/TLS write server hello postfix/submission/smtpd: SSL_accept:SSLv3/TLS write change cipher spec postfix/submission/smtpd: SSL_accept:TLSv1.3 write encrypted extensions postfix/submission/smtpd: SSL_accept:SSLv3/TLS write certificate postfix/submission/smtpd: SSL_accept:TLSv1.3 write server certificate verify postfix/submission/smtpd: SSL_accept:SSLv3/TLS write finished postfix/submission/smtpd: SSL_accept:TLSv1.3 early data postfix/submission/smtpd: SSL3 alert read:fatal:bad certificate postfix/submission/smtpd: SSL_accept:error in error postfix/submission/smtpd: SSL_accept error from unknown[::1]: -1 postfix/submission/smtpd: warning: TLS library problem: error:0A000412:SSL routines::sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1586:SSL alert number 42: postfix/submission/smtpd: lost connection after STARTTLS from unknown[::1] postfix/submission/smtpd: disconnect from unknown[::1] ehlo=1 starttls=0/1 commands=1/2 Those two lines show up any time a user presses a "Password reset" button on a User authentication form. This is happening on all Django projects hosted on a VPS at the moment. Consequently, the server does not send the email that initiates the reset. Instead, users see "Server Error (500)" on the browser. This phenomenon is new. The pages were working months before. The log entries seem to suggest that the certificates are bad. I have renewed all certs on that server in an attempt to resolve the issue but the it persists. Note that mail submission via remote and local clients are working perfectly. I would appreciate guidance on how to remedy the situation. **# postconf | grep cert | grep smtp** smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_CApath = /etc/pki/tls/certs smtp_tls_cert_file = smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_eccert_file = smtp_tls_eckey_file = $smtp_tls_eccert_file smtp_tls_fingerprint_cert_match = smtp_tls_key_file = $smtp_tls_cert_file smtp_tls_scert_verifydepth = 9 smtp_tls_secure_cert_match = nexthop, dot-nexthop smtp_tls_verify_cert_match = hostname smtpd_tls_ask_ccert = no smtpd_tls_ccert_verifydepth = 9 smtpd_tls_cert_file = /etc/letsencrypt/live/site.com/fullchain.pem smtpd_tls_dcert_file = smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_eccert_file = smtpd_tls_eckey_file = $smtpd_tls_eccert_file smtpd_tls_req_ccert = no tlsproxy_client_cert_file = $smtp_tls_cert_file tlsproxy_client_dcert_file = $smtp_tls_dcert_file tlsproxy_client_eccert_file = $smtp_tls_eccert_file tlsproxy_client_scert_verifydepth = $smtp_tls_scert_verifydepth tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth tlsproxy_tls_cert_file = $smtpd_tls_cert_file tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert

I am trying to set up my own mail server (for 'fun'). I followed this tutorial to the bone. But I get this error message: imap-login: Disconnected (auth failed, 2 attempts in 9 secs): user=, method=PLAIN, rip=203.210.7.43, lip=1.2.3.4, TLS: Disconnected, session= I am using the SSL certificate and key I have for my nginx web server, on the same machine. I disabled plaintext authentication by adding these two lines (as per tutorial) to /etc/dovecot/conf.d/10-auth.conf: disable_plaintext_auth = yes auth_mechanisms = plain login But the method in the log entry still says PLAIN, and TLS is Disconnected. Could that be an issue? There're too many configurations to post them all here. if you think you need more information, please tell me which parts and I will update my question.

I'm using Vultr for Web Hosting and according to them they have unblocked all SMTP Ports (25, 465, 587, 2525). Now after setting up apache server and installing Postfix, Dovecot and SpamAssassin when I tested it by sending the mail I got this error: Connection could not be established. getaddrinfo for mail.domain.com failed: Temporary failure in name resolution When I run nslookup against the domain I get a valid IP but when I run it against mail.domain.com I get this error message: ** server can't find mail.domain.com: SERVFAIL I have allow both port 25 and 587 in the ufw. I checked the status of both port 25 and 587 using different technique that I found on the internet (nmap, netstat, iptables). These are the result: Does anyone know what I'm doing wrong and how can I open port 25 and 587 so that I will be able to send and receive emails. Thanks

I am trying to setup a mail server with postfix/dovecot/maria DB on centos 7 and have seem to hit a roadblock. I am not able to send emails to internal users and the logs suggest "mail transport unavailable". I checked few resources online and dont seem to find help, the services are up and running. /var/log/maillog Mar 9 21:30:41 server postfix/qmgr: 2222637E93F: from=, size=472, nrcpt=1 (queue active) Mar 9 21:30:41 server postfix/qmgr: warning: connect to transport private/dovecot: No such file or directory Mar 9 21:30:41 server postfix/error: 2222637E93F: to=, relay=none, delay=0.14, delays=0.09/0.03/0/0.02, dsn=4.3.0, status=deferred (mail transport unavailable) Mar 9 21:34:53 server postfix/pickup: 59F6E2D66A4: uid=0 from= Mar 9 21:34:53 server postfix/cleanup: 59F6E2D66A4: message-id= Mar 9 21:34:53 server postfix/qmgr: 59F6E2D66A4: from=, size=472, nrcpt=1 (queue active) Mar 9 21:34:53 server postfix/qmgr: warning: connect to transport private/dovecot: No such file or directory Mar 9 21:34:53 server postfix/error: 59F6E2D66A4: to=, relay=none, delay=0.17, delays=0.12/0.03/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable) Mar 9 21:35:22 server postfix/qmgr: C47911FB57A: from=, size=476, nrcpt=1 (queue active) Mar 9 21:35:22 server postfix/error: C47911FB57A: to=, relay=none, delay=540, delays=540/0/0/0, dsn=4.3.0, status=deferred (mail transport unavailable) I need to find out the source of the error.

We are setting up a Postfix mail relay to accept only authenticated smtp sessions and forward them to our backend smarthosts. CentOS 6.8
postfix-2.6.6-6.el6_7.1.x86_64
cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-md5-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64
We have installed and configured Postfix as well as SASL according to a couple of tutorials and references from the postfix manual on postfix.org, although we seem to have a couple of configuration or permission errors. Any help would be appreciated. --- [root@server]# saslpasswd2 -c -u test.com test Password: test123 Again (for verification): test123 [root@server]# sasldblistusers2 test@test.com: userPassword [root@server]# testsaslauthd -u test@test.com -p test123 0: NO "authentication failed" [root@server]# tail -n1 /var/log/messages Jan 13 08:10:19 server saslauthd: do_auth : auth failure: [user=test@test.com] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] [root@server]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mydomain = testing.com myhostname = smtp.testing.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relayhost = [mx01.testing.com]:25 sample_directory = /usr/share/doc/postfix-2.6.6/samples sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_fallback_relay = [mx02.testing.com]:25 smtp_tls_CAfile = /etc/postfix/ssl/smtp.testing.com.ca-file smtp_tls_cert_file = /etc/postfix/ssl/smtp.testing.com.crt smtp_tls_key_file = /etc/postfix/ssl/smtp.testing.com.key smtp_use_tls = yes smtpd_banner = $myhostname ESMTP ($mail_version) smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/ssl/smtp.testing.com.ca-file smtpd_tls_cert_file = /etc/postfix/ssl/smtp.testing.com.crt smtpd_tls_key_file = /etc/postfix/ssl/smtp.testing.com.key smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 [root@server]# cat /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 log_level: 7 [root@server]# cat /etc/postfix/master.cf smtp inet n - n - - smtpd -v #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -v # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING SMTP Client Log Stat Connected. Recv 13/01/2017 8:34:12 AM: 220 smtp.test.com ESMTP (2.6.6) Sent 13/01/2017 8:34:12 AM: EHLO SendSMTPv2.19.0.1 Recv 13/01/2017 8:34:12 AM: 250-smtp.securmail.net.au250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-AUTH=LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN Sent 13/01/2017 8:34:12 AM: STARTTLS Recv 13/01/2017 8:34:12 AM: 220 2.0.0 Ready to start TLS Sent 13/01/2017 8:34:12 AM: EHLO SendSMTPv2.19.0.1 Recv 13/01/2017 8:34:12 AM: 250-smtp.test.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-AUTH=LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN Sent 13/01/2017 8:34:12 AM: MAIL FROM: Recv 13/01/2017 8:34:12 AM: 250 2.1.0 Ok Sent 13/01/2017 8:34:12 AM: RCPT TO: Recv 13/01/2017 8:34:12 AM: 554 5.7.1 : Relay access denied Sent 13/01/2017 8:34:12 AM: RSET Recv 13/01/2017 8:34:13 AM: 250 2.0.0 Ok [root@Sserver]# tail -n 50 /var/log/maillog Jan 13 08:34:23 server/smtpd: NOQUEUE: reject: RCPT from xx.xx.xx.xx.isp.com[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= Jan 13 08:34:23 server/smtpd: generic_checks: name=reject_unauth_destination status=2 Jan 13 08:34:23 server/smtpd: > xx.xx.xx.xx.isp.com[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied Please let me know if any more logs or configuration extracts would be helpful. Thanks in advance

I am trying to set up a mailserver using OpenSMTPD. My configuration is:

listen on enp4s0f2
action "save" maildir "/mail/%{rcpt}"
match for rcpt-to regex ".*" action "save"

/mail is globally rwx. journalctl logs for when an email arrives:

Apr 28 08:06:31 greysky smtpd: info: OpenSMTPD 7.5.0-portable starting
Apr 28 08:07:00 greysky smtpd: a99185e682bda8d6 smtp connected address=209.85.218.43 host=mail-ej1-f43.google.com
Apr 28 08:07:01 greysky smtpd: a99185e682bda8d6 smtp failed-command command="RCPT TO:" result="550 Invalid recipient: "
Apr 28 08:07:01 greysky smtpd: a99185e682bda8d6 smtp disconnected reason=quit

where domain.com is the server's domain. I am using NixOS, in case that is relevant.

Is it possible to set up system mail on a linux box to be sent via a different smtp server - maybe even with authentication? If so, how do I do this? If that's unclear, let give an example. If I'm at the command line and type: cat body.txt | mail -s "just a test" myfriend@hisdomain.com is it possible to have that be sent via an external SMTP server, like G-mail ? I'm not looking for "a way to send mail from gmail from the command line" but rather an option to configure the entire system to use a specific SMTP server, or possibly one account on an SMTP server (maybe overriding the from address).

🔍 Context I'm working on a Lua script that sends emails via SMTP with STARTTLS. The script successfully connects to the SMTP server, but authentication sometimes fails with the error: authentication not supported This happens after the STARTTLS handshake. I'm not sure if I'm sending the SMTP commands in the correct order or if there's an issue with the authentication method. ✅ What the Script Does 📡 Connects to an SMTP server (supports both TLS and SSL) 🔒 Implements STARTTLS when using port 587 🔑 Authenticates using AUTH LOGIN 🛠 Includes a debugging function to log SMTP commands and responses ⚠️ Issue Description The script connects to the SMTP server (port 587 or 465). If using port 587, it sends EHLO, then STARTTLS. After TLS is enabled, it tries to authenticate, but the server rejects authentication. If using port 465, the script connects via SSL directly, but authentication still fails. 🛠 Debugging Log Sample Here’s an example of the log output when using port 587:

-bash
[SMTP DEBUG] Sent : EHLO localhost
[SMTP DEBUG] Received : 250-smtp.example.com
[SMTP DEBUG] Sent : STARTTLS
[SMTP DEBUG] Received : 220 Ready to start TLS
[SMTP DEBUG] Sent : EHLO localhost  >SMTP: Connect to SMTP (port 587 or 465)
    alt Port 587 (STARTTLS)
        SMTP->>Client: 220 Service Ready
        Client->>SMTP: EHLO localhost
        SMTP->>Client: 250-AUTH PLAIN LOGIN
        Client->>SMTP: STARTTLS
        SMTP->>Client: 220 Ready to start TLS
        Client->>Client: Upgrade to TLS Mode
        Client->>SMTP: EHLO localhost (again?)
    else Port 465 (SSL Direct)
        Client->>Client: Direct SSL/TLS Connection
    end

    Client->>SMTP: AUTH LOGIN
    SMTP->>Client: 334 Username Prompt
    Client->>SMTP: (Base64 Encoded Email)
    SMTP->>Client: 334 Password Prompt
    Client->>SMTP: (Base64 Encoded Password)
    SMTP->>Client: 235 Authentication Successful

    Client->>SMTP: MAIL FROM:
    SMTP->>Client: 250 OK
    Client->>SMTP: RCPT TO:
    SMTP->>Client: 250 OK
    Client->>SMTP: DATA
    SMTP->>Client: 354 Start mail input
    Client->>SMTP: (Email Content)
    Client->>SMTP: .
    SMTP->>Client: 250 Message Accepted

    Client->>SMTP: QUIT
    SMTP->>Client: 221 Bye

Questions -- Do I need to send EHLO again after STARTTLS? Are my SMTP commands correctly ordered? How can I further debug the authentication failure? Any help would be greatly appreciated! 🚀

A few days ago I started to care a lot about my data security, I end up nmaping myself with: nmap 127.0.0.1 Surprise, surprise, I have lots of active services listen to localhost: $ nmap 127.0.0.1 Starting Nmap 5.21 ( http://nmap.org ) at 2013-05-05 00:19 WEST Nmap scan report for localhost (127.0.0.1) Host is up (0.00025s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds The only one that I *might* use is ssh (although it is probably not well configured, I will keep this matter to another question). As far as I know ipp protocol is used by CUPS to share my printers, I don't need to share them, just access printers from a server. This is the output of netstat -lntup by the root user, removing the localhost addresses: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 497/sshd tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN 2217/dropbox tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 892/smbd tcp 0 0 0.0.0.0:50022 0.0.0.0:* LISTEN 1021/rpc.statd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 892/smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 906/rpcbind tcp6 0 0 :::22 :::* LISTEN 497/sshd tcp6 0 0 :::42712 :::* LISTEN 1021/rpc.statd tcp6 0 0 :::445 :::* LISTEN 892/smbd tcp6 0 0 :::139 :::* LISTEN 892/smbd tcp6 0 0 :::111 :::* LISTEN 906/rpcbind udp 0 0 0.0.0.0:51566 0.0.0.0:* 615/avahi-daemon: r udp 0 0 0.0.0.0:68 0.0.0.0:* 7362/dhclient udp 0 0 0.0.0.0:111 0.0.0.0:* 906/rpcbind udp 0 0 192.168.1.255:137 0.0.0.0:* 1782/nmbd udp 0 0 192.168.1.67:137 0.0.0.0:* 1782/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 1782/nmbd udp 0 0 192.168.1.255:138 0.0.0.0:* 1782/nmbd udp 0 0 192.168.1.67:138 0.0.0.0:* 1782/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 1782/nmbd udp 0 0 0.0.0.0:655 0.0.0.0:* 906/rpcbind udp 0 0 0.0.0.0:17500 0.0.0.0:* 2217/dropbox udp 0 0 0.0.0.0:5353 0.0.0.0:* 615/avahi-daemon: r udp 0 0 0.0.0.0:34805 0.0.0.0:* 1021/rpc.statd udp6 0 0 :::40192 :::* 1021/rpc.statd udp6 0 0 :::111 :::* 906/rpcbind udp6 0 0 :::655 :::* 906/rpcbind udp6 0 0 :::5353 :::* 615/avahi-daemon: r udp6 0 0 :::42629 :::* 615/avahi-daemon: r How do I configure those services so they only listen to the outside world when I'm actually using them?

I am trying to send mail from the command line as root using s-nail via a SMTP server. I have a bespoke /etc/.mailrc file associated with an account with the login details of the SMTP server. My MTA is Postfix a virtual server with ISPConfig. EVERYTHING WAS working fine until I upgraded from Ubuntu 22.04 LTS to 24.04 LTS Now, when I use s-nail, I get an error: *s-nail: /root/mail/sent: No such entry, file or directory s-nail: Failed to save message in /root/mail/sent - message not sent /root/dead.letter 10/243* I think the problem lies in the way s-nail interfaces with Postfix, in other words how it accesses the virtual mail directories created by ISPConfig. But is could possibly be something else related to the Ubuntu upgrade. I would like it to access directories in a specific UserAcount under var/vmail. How can I make changes to that configuration, which is presumably something that s-nail knows about? I keep regular backups and have confirmed that during the Ubuntu process, there were no changes in the Postfix configuration file.

I've got a mail server set up using postfix, dovecot, opendkim, and spamassassin. After a bit of hassle, I managed to get incoming mail working--I even set this account up using that server. However, I've got a problem with outgoing mail. My ISP, fat as it is, blocks communications through port 25... meaning that, obviously, sending messages doesn't work. Here's logs after attempting to send to my old Protonmail account (from Neomutt on an external machine):

postfix/qmgr: 7E2BD9006AB: from=, size=479, nrcpt=1 (queue active)
// disconnect from external client
postfix/smtp: connect to mail.protonmail.ch[185.70.41.101]:25: Connection timed out
postfix/smtp: connect to mail.protonmail.ch[185.70.41.101]:25: Connection timed out
postfix/smtp: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
postfix/smtp: 44DED90068A: to=, relay=none, delay=115, delays=55/0.05/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)

So, yeah... ISP blocks port 25 (outgoing), so I need a way to bypass this. One way I saw a lot about was configuring to use an external smtpd. I'd either have to use my ISP's (not ideal) or, set up postfix on my friend's VPS (not exactly ideal either but if all else fails I'll ask him). TECHNICALLY I could ask my ISP to unblock port 25, but that, well, might not work. However, I'd instead like to route all outgoing mail to port 465 or 587 of external servers, **not** 25, using only my local postfix setup. I couldn't find anything about this online, and changing the outgoing smtp port to an alternate port in master.cf still sends stuff through 25. So, how should I go about doing this? Keep in mind, if there's literally nothing I can do then I can just ask my friend for his VPS postconf -n:

alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/bin
compatibility_level = 3.6
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Mail/Inbox/
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/lib/dovecot/deliver
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname $mydomain localhost localhost.localdomain
mydomain = doma.in
myhostname = mail.doma.in
mynetworks = 127.0.0.0/8 [::1]/128 MY.IP/32 192.168.86.1 192.168.86.0/24
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = inet:127.0.0.1:12301
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
relay_domains = $mydestination
sample_directory = /etc/postfix
sendmail_path = /usr/bin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_tls_CAfile = /etc/letsencrypt/live/doma.in/cert.pem
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_security_level = may
smtpd_milters = inet:127.0.0.1:12301
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/doma.in/fullchain.pem
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
smtpd_tls_key_file = /etc/letsencrypt/live/doma.in/privkey.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
unknown_local_recipient_rject_code = 550

I have been using sendmail to send out mails using internally available mail server. But currently port 25 is blocked for security reasons. I would like to know if there is a way to specify port number in the sendmail utility. I am trying to make use of the secure SMTP-MSA port 587 as an alternative assuming I could get that port opened up. I was not able to find anything in the man pages for sendmail. Is there any alternate utility that could do this?

I've Thunderbird 115.13.0 on Ubuntu 22.04 and I have my email which is configured properly automatically by Thunderbird for IMAP and SMTP servers from Microsoft outlook office 365. However, now it has problem for both IMAP and SMTP (I can authenticate with OAuth2 in a login page inside Thunderbird without issue). The issue is:

The mail server for account xxx@yyy responded: User is authenticated but not connected

My email belongs to an organisation and I don't have admin rights to change anything to authentication. Any helps would be appreciated for that issue.

I'm running protonmail-bridge on a server on my home network, and I'd like to have several other machines utilize it as their IMAP/SMTP server without having to run duplicate copies of the bridge everywhere. However, as near as I can tell, protonmail-bridge does not offer any configuration options to instruct it to listen for traffic anywhere except the local loopback interface. I understand the desire to avoid exposing it to public networks, and anticipate the lack of configurability is for that purpose, but if any of the machines I want to connect to it on my home network are compromised, my perimeter is already breached in a much more serious way and so I am unconcerned by the security implications. In attempting to make the protonmail-bridge service accessible, I've tried a number of approaches. I also run an NGinX server on that box, and I initially attempted to set that up as a mail proxy, only to discover the amount of work required is unreasonable (completely removing my existing NGinX service, working around issues with repos I've run into to download new binaries, getting proper flags to compile with the mail extension, etc.). After concluding that approach was excessive, I started trying to reconfigure firewalld (it's a centos 7 box) to assign both loopback and my NIC to the same zone and do port forwarding; that consistently failed as well. Out of curiosity, I explored setting up socat, and succeeded with the following command:

socat -d -d -lmlocal2 TCP4-LISTEN:25,bind=100.100.181.49,su=nobody,fork,range=100.100.181.0/24,reuseaddr TCP4:127.0.0.1:1025

Through that, I was able to telnet to my local NIC's address and reach the protonmail-bridge server. However, I dislike the idea of daemonizing a pair of permanent socat processes just to make this operable. I found a suggestion on doing this with IPTables (in this answer ) and so I shut down firewalld and migrated to using iptables directly. However, having implemented an equivalent rule for my network, I continue to get connection refused when trying to reach the protonmail-bridge service via my internal NIC's address. Is there any way to actually do this by configuring my centos box's built-in services and standard services like iptables or network manager, or do the OS and tools' internal limitations around considering loopback traffic martian mean I will inevitably have to set up some daemons and keep socat tunnels up permanently for both SMTP and IMAP traffic?

## My Requirements I have two email servers, james and winmail. They hold same users, for example, account 1@example.com exists both in james and winmail. When someone sends a email to 1@example.com, I expect that both james and winmail receive that email, and the eml content should be exactly the same. ## My Attempts I tried to configure two MX in DNS. But it can only map example.com to james **or** winmail, not both. Then I try postfix, which means example.com resolved to postfix server, and when postfix receives the email, it should forward this email to james **and** winmail without saving it to local storage. However, /etc/postfix/transport only supports map example.com to one server too. So how can I make postfix forward every email to these two SMTP servers at the same time?