Feature request: Allow mox to function as a relay server

[ay0ks]

It would be awesome if mox would be able to act as a relay server between other mox instances (or any other mail servers), and display relayed email since it's being saved with dovecot IIRC.

[mjl-]

Hi @ay0ks! Could you explain more about your use-case/issue/problem/goal? In my mind, "relaying" (as not implemented) is about mox accepting incoming email on port 25 (unauthenticated) that mox is then supposed to add to its queue and to start trying to deliver. Such relaying is done typically only allowed for connections from some internal IPs. DKIM signatures would either already have been added, or would be added as part of the relay.

Mox currently only allows incoming authenticated "submission", on ports 465 and 587. Messages must have a configured domain in the "From" header of the message.

Both when sending from email clients, and when sending from applications in automated fashion, I always use authenticated submission. I haven't had the need for (unauthenticated) relay.

Also see issue #108.

Btw, mox has its own IMAP server. Dovecot isn't used.

[ay0ks]

I need a relay because Amazon Support declined my several requests to remove RDNS limits (aka create a PTR record for their ip address), I have a VPS hosted at another provider, but I cannot migrate everything from AWS to that VPS, so it will be easier for me to host a relay on the VPS and point my servers to it. I assume this functionality will be useful not only for me

[mjl-]

OK, trying to gather information, some questions:

• Are you relaying messages with domains in the message "From" header that aren't configured on the VPS to which you want to relay? I.e. do you expect that any message should be added to the queue for delivery? And are DKIM-signatures added to messages on the AWS machines already, or do you want the VPS to which you relay to add them?
• Why do you need to relay, instead of authenticated SMTP submission (configured in applications)? I can think of some reasons: You cannot configure applications sending email with SMTP credentials, or there are too many applications to reconfigure. Or various tools are using /usr/sbin/sendmail to send email. Mox has a sendmail-like mode, where it can be installed as /usr/sbin/sendmail. See https://pkg.go.dev/github.com/mjl-/mox#hdr-mox_sendmail. Perhaps it's a reasonable solution.
• Would you relay over the public internet (as opposed to over an internal network/VPN)? If so, you would need a way to configure which IPs are allowed to relay. This is a big reason for me to want to use authenticated SMTP submission: I don't enjoy keeping IPs configured in all the right places, I find accounts/credentials easier to manage.

I'm trying to understand the considerations people have with setting up email relaying.

[ay0ks]

To make it easier to visualise, this is how it's going to work the best: a.com (internal mox / or public but with the same problem as me) b.com (public mail server, could be anything, not only mox) c.com (public relay that shares accounts with a.com using ldap or active directory)

test@a.com sends mail to test@b.com a.com adds dkim signature to the message a.com is relaying the message to c.com c.com verifies that message is from one of the relay clients c.com sends email from a.com to b.com

If mox supports ldap I could help with this, I'll get more familiar with the codebase

[ay0ks]

Oh, I forgot to add in the initial message what the exact problem is: Google/Microsoft Outlook or any major mail providers are dropping messages from servers that don't have a PTR record, especially Google is enforcing this