Question

vpn access for thunderbird to postfix. also have dovecot. user can receive but not send email

Posted September 11, 2019 301 views
Email

I have a user who installed vpn/ip masking software for web browsing. It appears to also affect thunderbird. He can’t send email. I’m running Ubuntu 16, postfix, and dovecot. I’d prefer to keep postfix locked down so it can’t be used by random people as a relay. How can I allow the user to send email when his ip address is changing randomly?

No one else is affected.

Add a comment
Rickmghc
By:
Rickmghc
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

3 answers
alexdo September 12, 2019

Hello,

Can you please describe the issue that the user is experiencing with more details? Is he receiving any error messages when trying to use Thunderbird or the messages? Also when you say that postfix is locked down, do you mean that you need to whitelist IPs in order for someone to connect and send their emails?

Looking forward to your reply.

Alex

Reply Report
Rickmghc September 12, 2019

Postfix main.cf

e See /usr/share/postfix/main.cf.dist for a commented, more complete version

20120805 set relayhost to mail.marchreport.com to get aroun arin

20121011 undo above change

20160825 RS add greylisting using postgrey (check_policy

20180603 RS temp tuen off mailman

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

myorigin = /etc/mailname

Moved the queue!

queuedirectory = /usr/local/postfix
smtpdbanner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

defaultdestinationrecipientlimit = 80
defaultdestinationconcurrencylimit = 60
localdestinationconcurrencylimit = 10
smtpmxsessionlimit=75
smtpdestinationconcurrency_limit = 75

Some queue things - RAD

maximalqueuelifetime =5d

minimalbackofftime = 1000

maximalbackofftime = 4000

bouncequeuelifetime = 12h
maximalqueuelifetime =1d
minimalbackofftime = 300s
maximalbackofftime = 1000s
qmgrmessageactivelimit = 50000
qmgrmessagerecipientlimit = 50000
disablednslookups = no

This is for Mailman things

ownerrequestspecial = no
localrecipientmaps = proxy:unix:passwd.byname $aliasmaps
smtpdhelorequired = yes
disablevrfycommand = yes
strictrfc821_envelopes = yes

2016-02-13 RS duplicate entry unknownlocalrecipientrejectcode = 550

relaydomainsrejectcode = 554
unknownaddressrejectcode = 550
unknownclientrejectcode = 554
unknownhostnamerejectcode = 550
unknownlocalrecipientrejectcode = 554
unknownrelayrecipientrejectcode = 554
nonfqdnrejectcode = 554
invalidhostnamerejectcode = 554
multirecipientbouncerejectcode = 554
unknownvirtualaliasrejectcode = 554
unknownvirtualmailboxrejectcode = 554
unverifiedsenderreject_code = 554

Deliver Qmail style

home_mailbox = Maildir/

Max size of any message with envelope - extra big for mailing those logs

Probably shouldn’t be mailing them. Rachel 1/12/08

increased 3^?20121230 by RS

messagesizelimit = 30960000

Size of a mailbox or mailfile - must be smaller than above number

mailboxsizelimit = 40960000

Adjusted to fight dos 1/27/13

smtpdclientconnectionratelimit = 100
smtpdclientconnectioncountlimit = 50

smtpdclientconnectionratelimit = 30

smtpdclientconnectioncountlimit = 10

smtpdclientconnectionlimitexceptions = $mynetworks,.sgeinc.com,localhost

defaultprocesslimit = 50

defaultprocesslimit = 150

appending .domain is the MUA’s job.

appenddotmydomain = no

Uncomment the next line to generate “delayed mail” warnings

delaywarningtime = 12h

Slow down bad sites

smtpdsofterrorlimit = 10
smtpdharderrorlimit = 20
smtpderrorsleep_time = 1s

TLS parameters

smtpdtlscertfile=/etc/postfix/certs/postfixpublic_cert.pem

smtpdtlskeyfile=/etc/postfix/certs/postfixprivate_key.pem

smtpdtlscertfile=/usr/lib/ssl/certs/dovecot.pem
smtpdtlskeyfile=/usr/lib/ssl/private/dovecot.pem
smtpdusetls=yes
smtpdtlsauthonly=no
smtpdtlssessioncachedatabase = btree:$queuedirectory/smtpdtlscache
smtptlssessioncachedatabase = btree:$queuedirectory/smtpscache

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

information on enabling SSL in the smtp client.

myhostname = sge.sgeinc.com
alias_maps = hash:/etc/aliases

,hash:/usr/local/mailman/data/aliases

alias_database = hash:/etc/aliases

,hash:/usr/local/mailman/data/aliases

virt domain stuff here - spg

virtualaliasdomains = hash:/etc/postfix/virtualaliasdomains
virtualaliasmaps = hash:/etc/postfix/virtualaliasmaps

myorigin = /etc/mailname
mydomain = sgeinc.com

mydestination = sge.sgeinc.com ruserved.com

mydestination = sge.sgeinc.com, $mydomain, localhost.$mydomain localhost
relayhost =

20161024 RS mynetworks = 199.181.141.0/24,127.0.0.0/8,192.168.0.0/16,75.180.132.0/24

mynetworks = 159.89.179.40,127.0.0.0/8,192.168.0.0/16,100.4.219.205,89.187.178.196

89.187.178.196 100.4.219.205 rmarczak

See above mailbox limit

mailboxsizelimit = 0

recipientdelimiter = +
inet_interfaces = all

smtpdsenderrestrictions=checksenderaccess hash:/etc/postfix/access

Sender restrictions:

smtpdsenderrestrictions =
permitmynetworks,
rejectnonfqdnsender,
rejectunknownsender_domain,
permit

2016-02-15 RS the following line should allow relay until smtp auth implimented

smtpdrelayrestrictions =

smtpdclientrestrictions =

2015-11-14 RS add header checks via pcre (Perl regular expressions)

2018-06-03 RS remove temporarily

headerchecks = pcre:/etc/postfix/headerchecks.pcre

smtpdrecipientrestrictions =
#permitmynetworks,
#rejectnonfqdnrecipient,
rejectinvalidhostname,
rejectunauthpipelining,
checkclientaccess hash:/var/lib/pop-before-smtp/hosts,
rejectunknownsenderdomain,
rejectunknownrecipientdomain,
permitmynetworks,
checkclientaccess hash:/etc/postfix/internalnetworks,
checksenderaccess hash:/etc/postfix/notourdomainassender,
rejectunauthdestination,
checkrecipientaccess hash:/etc/postfix/roleaccountexceptions,
checkheloaccess hash:/etc/postfix/helochecks,
#rejectnonfqdnhostname,
rejectinvalidhostname,
checksendermxaccess cidr:/etc/postfix/bogusmx,
#rejectrblclient bl.spamcop.net,
rejectrhsblsender dsn.rfc-ignorant.org,
rejectrblclient combined.rbl.msrbl.net,
rejectrblclient multi.uribl.com,
#rejectrblclient dul.dnsbl.sorbs.net,
rejectrblclient sbl-xbl.spamhaus.org,
#rejectrblclient dnsbl.sorbs.net,
rejectrblclient cbl.abuseat.org,
rejectrblclient ix.dnsbl.msrbl.net,
rejectrblclient rabl.nuclearelephant.com,
# The following checks the greylist
checkpolicyservice inet:127.0.0.1:10023,
#rejectunverified_sender,
permit

2012/07/07 RS added mailman stuff for fultonweather

2016/05/22 RS NOTE: mailman now in /usr/local/mailman

2016/05/22 RS removed fultonweather an marchreport relay_domains=lists.sgeinc.com,lists.marchreport.com,lists.fultonnyweather.org

relay_domains=lists.sgeinc.com

relayrecipientmaps =hash:/var/lib/mailman/data/virtual-mailman

transport_maps = hash:/etc/postfix/transport

mailmandestinationrecipient_limit = 1

smtpdrestrictionclasses =
hasourdomainassender

hasourdomainassender =
checksenderaccess hash:/etc/postfix/ourdomainas_sender
reject

smtpdtlsexclude_ciphers = EXPORT

Maybe the problem is with dovecot not recording the pop-before-smtp stuff. Might be lost when I changed to DO.

Reply Report
Rickmghc September 13, 2019
[deleted]
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help