Mail Server configuration

[cfinu]

I have installed the syncloud for Raspberry 3B+, in general a very great thing !!!. I have two issues regarding the Mail Server (here the POSTFIX installation):

1. In the current configuration it does not support encrypted connection to SMTPD (I have changed the potfix main.cf file manually, and it worked afterwards. I would appreciate to have this security configuration out of the box.
2. To allow sending mails over a smtp relay, one would need to configure the SMTP client with SASL authentication. For that POSTFIX requires the Cyrus SASL libraries, which are not included. The relay is needed because when sending mails from POSTFIX server with a dynamic IP address, almost all receiver mail systems handle these mails as spam.

[cyberb]

1. Could you tell us what config change is needed?

This is our mail repo with all the configs: https://github.com/syncloud/mail

Config: https://github.com/syncloud/mail/blob/master/config/postfix/main.cf

2. Postfix build is here, looks like libsasl is included, do you know the library name? https://github.com/syncloud/3rdparty/tree/master/postfix

PR request would be ideal, just fork, make the change and push back to your repo.

Thanks for helping.

[cfinu]

Sorry I am not really familiar with GIT and Linux build or installations, I only read in the POSTFIX documentation that it uses Dovecot SASL for the SMTP deamon, but only Cyrus sasl for the SMTP client.

/var/log/mail.log says: 'warning: unsupported SASL client implementation: cyrus' After consulting google I found that information.

What I changed in main.cf was to add at the end of the file following lines:

smtpd_tls_cert_file = /opt/data/platform/syncloud.crt smtpd_tls_key_file = /opt/data/platform/syncloud.key smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_auth_only = no

This 'auth_only = no' and 'security_level = may' seems to be necessary because rouncube does not use TLS to access local postix server.

[cyberb]

I have added the TLS flags you mentioned.

With Cyrus SASL lib it is a bit more complex. We are using dovecot with postfix and it is used as smtpd sasl auth mechanism (using local LDAP server). That is why Cyrus sasl support was not compiled into postfix. People say that you can combine the two at the same time and I compiled Cyrus support.

As I understand you still need to choose sasl method per protocol (smtp, pop, ...) and I am not sure how this going to help as we are still using dovecot:

smtpd_sasl_path = {{ app_data_dir }}/dovecot/private/auth
smtpd_sasl_auth_enable = yes

Are you saying we should switch to cyrus for smtpd and use dovecote for the rest?

[cfinu]

What I read was that postfix can use SASL from cyrus only or from cyrus and dovecot in parallel, but the smtp client uses automatically the cyrus SASL (and only this). The smtpd configuration can be kept as it is (with dovecot).

I tried with following settings for smtp client to send mails over a relay host (but not finally tested):

smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = static:#user#:#password# smtp_tls_security_level = may relayhost = [smtp.1und1.de]:587

[cyberb]

Cannot start postfix after adding cyrus support:

Jun 21 08:30:10 6df32260b9f2 postfix/master[871]: warning: process /opt/app/mail/postfix/usr/libexec/postfix/smtpd pid 985 exit status 1
Jun 21 08:30:10 6df32260b9f2 postfix/master[871]: warning: /opt/app/mail/postfix/usr/libexec/postfix/smtpd: bad command startup -- throttling 

[cyberb]

Ok it was our build server playing some tricks on me. I was able to build postfix with client sasl support.

So in terms of client flags (smtp), I am not sure if I need to include anytbing. by default.

Also to let you know every update resets all the config files to the package version.

So unless you copy them somewhere your changes will be lost.

If it is really needed I can introduce device specific overrides in /data/mail/config for example and include them in some form.

[cfinu]

Great to hear, that postfix is working now wth the cyrus sasl support, thanks. Anyhow it is a devce or user specific setting, but when it could be done in a separate config file, which is not overwirtten during update would be perfect. But as far as I read there is no 'include' directive in postfix main.cf. Missing this the device specific config has always to be copied manually again into the main.cf after a update. For me not a big issue.

[cyberb]

New mail version with the fixes has been released.