By Rickmghc
I have a user who installed vpn/ip masking software for web browsing. It appears to also affect thunderbird. He can’t send email. I’m running Ubuntu 16, postfix, and dovecot. I’d prefer to keep postfix locked down so it can’t be used by random people as a relay. How can I allow the user to send email when his ip address is changing randomly?
No one else is affected.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Postfix main.cf
e See /usr/share/postfix/main.cf.dist for a commented, more complete version
20120805 set relayhost to mail.marchreport.com to get aroun arin
20121011 undo above change
20160825 RS add greylisting using postgrey (check_policy
20180603 RS temp tuen off mailman
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
#myorigin = /etc/mailname
#Moved the queue! queue_directory = /usr/local/postfix smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no
default_destination_recipient_limit = 80 default_destination_concurrency_limit = 60 local_destination_concurrency_limit = 10 smtp_mx_session_limit=75 smtp_destination_concurrency_limit = 75
Some queue things - RAD
#maximal_queue_lifetime =5d #minimal_backoff_time = 1000 #maximal_backoff_time = 4000 bounce_queue_lifetime = 12h maximal_queue_lifetime =1d minimal_backoff_time = 300s maximal_backoff_time = 1000s qmgr_message_active_limit = 50000 qmgr_message_recipient_limit = 50000 disable_dns_lookups = no
This is for Mailman things
owner_request_special = no local_recipient_maps = proxy:unix:passwd.byname $alias_maps smtpd_helo_required = yes disable_vrfy_command = yes strict_rfc821_envelopes = yes
2016-02-13 RS duplicate entry unknown_local_recipient_reject_code = 550
relay_domains_reject_code = 554 unknown_address_reject_code = 550 unknown_client_reject_code = 554 unknown_hostname_reject_code = 550 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 non_fqdn_reject_code = 554 invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_sender_reject_code = 554
Deliver Qmail style
home_mailbox = Maildir/
Max size of any message with envelope - extra big for mailing those logs
Probably shouldn’t be mailing them. Rachel 1/12/08
increased 3^?20121230 by RS
message_size_limit = 30960000
Size of a mailbox or mailfile - must be smaller than above number
mailbox_size_limit = 40960000
Adjusted to fight dos 1/27/13
smtpd_client_connection_rate_limit = 100 smtpd_client_connection_count_limit = 50 #smtpd_client_connection_rate_limit = 30 #smtpd_client_connection_count_limit = 10 smtpd_client_connection_limit_exceptions = $mynetworks,.sgeinc.com,localhost #default_process_limit = 50 default_process_limit = 150
appending .domain is the MUA’s job.
append_dot_mydomain = no
Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 12h
Slow down bad sites
smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 smtpd_error_sleep_time = 1s
TLS parameters
#smtpd_tls_cert_file=/etc/postfix/certs/postfix_public_cert.pem #smtpd_tls_key_file=/etc/postfix/certs/postfix_private_key.pem smtpd_tls_cert_file=/usr/lib/ssl/certs/dovecot.pem smtpd_tls_key_file=/usr/lib/ssl/private/dovecot.pem smtpd_use_tls=yes smtpd_tls_auth_only=no smtpd_tls_session_cache_database = btree:$queue_directory/smtpd_tls_cache smtp_tls_session_cache_database = btree:$queue_directory/smtp_scache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
myhostname = sge.sgeinc.com alias_maps = hash:/etc/aliases
,hash:/usr/local/mailman/data/aliases
alias_database = hash:/etc/aliases #,hash:/usr/local/mailman/data/aliases
#virt domain stuff here - spg virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
myorigin = /etc/mailname mydomain = sgeinc.com #mydestination = sge.sgeinc.com ruserved.com mydestination = sge.sgeinc.com, $mydomain, localhost.$mydomain localhost relayhost = #20161024 RS mynetworks = 199.181.141.0/24,127.0.0.0/8,192.168.0.0/16,75.180.132.0/24 mynetworks = 159.89.179.40,127.0.0.0/8,192.168.0.0/16,100.4.219.205,89.187.178.196
89.187.178.196 100.4.219.205 rmarczak
See above mailbox limit
#mailbox_size_limit = 0 recipient_delimiter = +_ inet_interfaces = all
#smtpd_sender_restrictions=check_sender_access hash:/etc/postfix/access
Sender restrictions:
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
#2016-02-15 RS the following line should allow relay until smtp auth implimented smtpd_relay_restrictions =
smtpd_client_restrictions =
2015-11-14 RS add header checks via pcre (Perl regular expressions)
2018-06-03 RS remove temporarily
header_checks = pcre:/etc/postfix/header_checks.pcre
smtpd_recipient_restrictions = #permit_mynetworks, #reject_non_fqdn_recipient, reject_invalid_hostname, reject_unauth_pipelining, check_client_access hash:/var/lib/pop-before-smtp/hosts, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, check_client_access hash:/etc/postfix/internal_networks, check_sender_access hash:/etc/postfix/not_our_domain_as_sender, reject_unauth_destination, check_recipient_access hash:/etc/postfix/roleaccount_exceptions, check_helo_access hash:/etc/postfix/helo_checks, #reject_non_fqdn_hostname, reject_invalid_hostname, check_sender_mx_access cidr:/etc/postfix/bogus_mx, #reject_rbl_client bl.spamcop.net, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client multi.uribl.com, #reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client sbl-xbl.spamhaus.org, #reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, # The following checks the greylist check_policy_service inet:127.0.0.1:10023, #reject_unverified_sender, permit
#2012/07/07 RS added mailman stuff for fultonweather #2016/05/22 RS NOTE: mailman now in /usr/local/mailman #2016/05/22 RS removed fultonweather an marchreport relay_domains=lists.sgeinc.com,lists.marchreport.com,lists.fultonnyweather.org relay_domains=lists.sgeinc.com
relay_recipient_maps =hash:/var/lib/mailman/data/virtual-mailman
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1
smtpd_restriction_classes = has_our_domain_as_sender
has_our_domain_as_sender = check_sender_access hash:/etc/postfix/our_domain_as_sender reject
smtpd_tls_exclude_ciphers = EXPORT
Maybe the problem is with dovecot not recording the pop-before-smtp stuff. Might be lost when I changed to DO.
This comment has been deleted
Hello,
Can you please describe the issue that the user is experiencing with more details? Is he receiving any error messages when trying to use Thunderbird or the messages? Also when you say that postfix is locked down, do you mean that you need to whitelist IPs in order for someone to connect and send their emails?
Looking forward to your reply.
Alex
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.