Configure o mailgun como relayhost no topo do servidor de postfix existente já usando o sasl

3

Eu posso estar latindo completamente na árvore errada aqui, mas vou perguntar de qualquer maneira.

Eu segui um tutorial para configurar um servidor Mails no Ubuntu 14.04 com postfix, dovecot e mysql.

Agora eu tenho o setup mailgun para lidar com o envio de e-mails (também conhecido como relayhost) de forma segura / confiável.

O problema que tenho é que o usuário / senha de minhas contas de e-mail existentes pararam de funcionar por algum motivo (o envio de e-mails da CLI ainda funciona no servidor) e estou me perguntando se é possível configurar as credenciais de correspondência em um maneira que não interfira com o usuário / senha existente.

Este é um modelo do meu master.cf antes do relay

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    # The first text sent to a connecting process.
    smtpd_banner = $myhostname ESMTP $mail_name
    biff = no
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    readme_directory = no

    # ---------------------------------
    # SASL parameters
    # ---------------------------------

    # Use Dovecot to authenticate.
    smtpd_sasl_type = dovecot
    # Referring to /var/spool/postfix/private/auth
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain =
    smtpd_sasl_authenticated_header = yes

    # ---------------------------------
    # TLS parameters
    # ---------------------------------

    # The default snakeoil certificate. Comment if using a purchased
    # SSL certificate.
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

    # Uncomment if using a purchased SSL certificate.
    # smtpd_tls_cert_file=/etc/ssl/certs/example.com.crt
    # smtpd_tls_key_file=/etc/ssl/private/example.com.key

    # The snakeoil self-signed certificate has no need for a CA file. But
    # if you are using your own SSL certificate, then you probably have
    # a CA certificate bundle from your provider. The path to that goes
    # here.
    # smtpd_tls_CAfile=/etc/ssl/certs/ca-bundle.crt

    # Ensure we're not using no-longer-secure protocols.
    smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

    smtp_tls_note_starttls_offer = yes
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # Note that forcing use of TLS is going to cause breakage - most mail servers
    # don't offer it and so delivery will fail, both incoming and outgoing. This is
    # unfortunate given what various governmental agencies are up to these days.
    #
    # Enable (but don't force) all incoming smtp connections to use TLS.
    smtpd_tls_security_level = may
    # Enable (but don't force) all outgoing smtp connections to use TLS.
    smtp_tls_security_level = may

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    # ---------------------------------
    # TLS Updates relating to Logjam SSL attacks.
    # See: https://weakdh.org/sysadmin.html
    # ---------------------------------

    smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-        SHA
    smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem

    # ---------------------------------
    # SMTPD parameters
    # ---------------------------------

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    # will it be a permanent error or temporary
    unknown_local_recipient_reject_code = 450
    # how long to keep message on queue before return as failed.
    # some have 3 days, I have 16 days as I am backup server for some people
    # whom go on holiday with their server switched off.
    maximal_queue_lifetime = 7d
    # max and min time in seconds between retries if connection failed
    minimal_backoff_time = 1000s
    maximal_backoff_time = 8000s
    # how long to wait when servers connect before receiving rest of data
    smtp_helo_timeout = 60s
    # how many address can be used in one message.
    # effective stopper to mass spammers, accidental copy in whole address list
    # but may restrict intentional mail shots.
    smtpd_recipient_limit = 16
    # how many error before back off.
    smtpd_soft_error_limit = 3
    # how many max errors before blocking it.
    smtpd_hard_error_limit = 12

    # This next set are important for determining who can send mail and relay mail
    # to other servers. It is very important to get this right - accidentally producing
    # an open relay that allows unauthenticated sending of mail is a Very Bad Thing.
    #
    # You are encouraged to read up on what exactly each of these options accomplish.

    # Requirements for the HELO statement
    smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
    # Requirements for the sender details
    smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender,         reject_unknown_sender_domain, reject_unauth_pipelining, permit
    # Requirements for the connecting server
    smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
    # Requirement for the recipient address. Note that the entry for
    # "check_policy_service inet:127.0.0.1:10023" enables Postgrey.
    smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient,         reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
    smtpd_data_restrictions = reject_unauth_pipelining
    # This is a new option as of Postfix 2.10, and is required in addition to
    # smtpd_recipient_restrictions for things to work properly in this setup.
    smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient,         reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit

    # require proper helo at connections
    smtpd_helo_required = yes
    # waste spammers time before rejecting them
    smtpd_delay_reject = yes
    disable_vrfy_command = yes

    # ---------------------------------
    # General host and delivery info
    # ----------------------------------

    myhostname = mail.example.com
    myorigin = /etc/hostname
    # Some people see issues when setting mydestination explicitly to the server
    # subdomain, while leaving it empty generally doesn't hurt. So it is left empty here.
    # mydestination = mail.example.com, localhost
    mydestination =
    # If you have a separate web server that sends outgoing mail through this
    # mailserver, you may want to add its IP address to the space-delimited list in
    # mynetworks, e.g. as 10.10.10.10/32.
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    mynetworks_style = host

    # This specifies where the virtual mailbox folders will be located.
    virtual_mailbox_base = /var/vmail
    # This is for the mailbox location for each user. The domainaliases
    # map allows us to make use of Postfix Admin's domain alias feature.
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
    # and their user id
    virtual_uid_maps = static:150
    # and group id
    virtual_gid_maps = static:8
    # This is for aliases. The domainaliases map allows us to make
    # use of Postfix Admin's domain alias feature.
    virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
    # This is for domain lookups.
    virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

    # ---------------------------------
    # Integration with other packages
    # ---------------------------------------

    # Tell postfix to hand off mail to the definition for dovecot in master.cf
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1

    # Use amavis for virus and spam scanning
    content_filter = amavis:[127.0.0.1]:10024

    # ---------------------------------
    # Header manipulation
    # --------------------------------------

    # Getting rid of unwanted headers. See: https://posluns.com/guides/header-removal/
    header_checks = regexp:/etc/postfix/header_checks
    # getting rid of x-original-to
    enable_original_recipient = no

Isso é o que eu adicionei ao master.cf do postfix para retransmitir através de mailgun

relayhost = smtp.mailgun.org
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:[email protected]:password
smtp_sasl_security_options = noanonymous

Apenas outra coisa que eu mudei são os certificados gerados através do letsencrypt.org

Para resumir: Existe uma maneira de manter as credenciais por usuário e usar mailgun para enviar emails? (Sem ter que criar cada conta através do CLI)

Agradecemos antecipadamente por qualquer ajuda e, por favor, avise-nos se algo não estiver claro ou se forem necessárias mais informações.

ATUALIZAÇÃO DE MENSAGEM DE ERRO :

Dec 14 19:24:47 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=190.18.x.x, lip=172.31.x.x, mpid=24023, TLS, session=<ak1PoOAmqQC+EoSW>
Dec 14 19:24:48 mail postfix/smtpd[24014]: Anonymous TLS connection established from unknown[190.18.x.x]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Dec 14 19:24:50 mail postfix/smtpd[24014]: warning: unknown[190.18.x.x]: SASL PLAIN authentication failed:
Dec 14 19:24:50 mail postfix/smtpd[24014]: lost connection after AUTH from unknown[190.18.x.x]
Dec 14 19:24:50 mail postfix/smtpd[24014]: disconnect from unknown[190.18.x.x]

Os usuários podem usar o imap / smtp com suas credenciais geradas antes de adicionar o relé smtp. Meu melhor palpite é que o postfix está tentando usar esse usuário: passe configurado para o relé.

    
por Lord Otori 14.12.2015 / 19:58

0 respostas

Tags