vpn access for thunderbird to postfix. also have dovecot. user can receive but not send email

September 11, 2019 84 views
Email

I have a user who installed vpn/ip masking software for web browsing. It appears to also affect thunderbird. He can’t send email. I’m running Ubuntu 16, postfix, and dovecot. I’d prefer to keep postfix locked down so it can’t be used by random people as a relay. How can I allow the user to send email when his ip address is changing randomly?

No one else is affected.

3 Answers

Hello,

Can you please describe the issue that the user is experiencing with more details? Is he receiving any error messages when trying to use Thunderbird or the messages? Also when you say that postfix is locked down, do you mean that you need to whitelist IPs in order for someone to connect and send their emails?

Looking forward to your reply.

Alex

Postfix main.cf

e See /usr/share/postfix/main.cf.dist for a commented, more complete version 20120805 set relayhost to mail.marchreport.com to get aroun arin 20121011 undo above change 20160825 RS add greylisting using postgrey (check_policy 20180603 RS temp tuen off mailman Debian specific: Specifying a file name will cause the first line of that file to be used as the name. The Debian default is /etc/mailname. myorigin = /etc/mailname Moved the queue!

queuedirectory = /usr/local/postfix
smtpd
banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

defaultdestinationrecipientlimit = 80
default
destinationconcurrencylimit = 60
localdestinationconcurrencylimit = 10
smtp
mxsessionlimit=75
smtpdestinationconcurrency_limit = 75

Some queue things - RAD maximalqueuelifetime =5d minimalbackofftime = 1000 maximalbackofftime = 4000

bouncequeuelifetime = 12h
maximalqueuelifetime =1d
minimalbackofftime = 300s
maximalbackofftime = 1000s
qmgrmessageactivelimit = 50000
qmgr
messagerecipientlimit = 50000
disablednslookups = no

This is for Mailman things

ownerrequestspecial = no
localrecipientmaps = proxy:unix:passwd.byname $aliasmaps
smtpd
helorequired = yes
disable
vrfycommand = yes
strict
rfc821_envelopes = yes

2016-02-13 RS duplicate entry unknownlocalrecipientrejectcode = 550

relaydomainsrejectcode = 554
unknown
addressrejectcode = 550
unknownclientrejectcode = 554
unknown
hostnamerejectcode = 550
unknownlocalrecipientrejectcode = 554
unknownrelayrecipientrejectcode = 554
nonfqdnrejectcode = 554
invalid
hostnamerejectcode = 554
multirecipientbouncerejectcode = 554
unknownvirtualaliasrejectcode = 554
unknownvirtualmailboxrejectcode = 554
unverifiedsenderreject_code = 554

Deliver Qmail style

home_mailbox = Maildir/

Max size of any message with envelope - extra big for mailing those logs Probably shouldn’t be mailing them. Rachel 1/12/08 increased 3^?20121230 by RS

messagesizelimit = 30960000

Size of a mailbox or mailfile - must be smaller than above number

mailboxsizelimit = 40960000

Adjusted to fight dos 1/27/13

smtpdclientconnectionratelimit = 100
smtpdclientconnectioncountlimit = 50

smtpdclientconnectionratelimit = 30 smtpdclientconnectioncountlimit = 10

smtpdclientconnectionlimitexceptions = $mynetworks,.sgeinc.com,localhost

defaultprocesslimit = 50

defaultprocesslimit = 150

appending .domain is the MUA’s job.

appenddotmydomain = no

Uncomment the next line to generate “delayed mail” warnings delaywarningtime = 12h Slow down bad sites

smtpdsofterrorlimit = 10
smtpd
harderrorlimit = 20
smtpderrorsleep_time = 1s

TLS parameters smtpdtlscertfile=/etc/postfix/certs/postfixpublic_cert.pem smtpdtlskeyfile=/etc/postfix/certs/postfixprivate_key.pem

smtpdtlscertfile=/usr/lib/ssl/certs/dovecot.pem
smtpd
tlskeyfile=/usr/lib/ssl/private/dovecot.pem
smtpdusetls=yes
smtpdtlsauthonly=no
smtpd
tlssessioncachedatabase = btree:$queuedirectory/smtpdtlscache
smtptlssessioncachedatabase = btree:$queuedirectory/smtpscache

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for information on enabling SSL in the smtp client.

myhostname = sge.sgeinc.com
alias_maps = hash:/etc/aliases

,hash:/usr/local/mailman/data/aliases

alias_database = hash:/etc/aliases

,hash:/usr/local/mailman/data/aliases virt domain stuff here - spg

virtualaliasdomains = hash:/etc/postfix/virtualaliasdomains
virtualaliasmaps = hash:/etc/postfix/virtualaliasmaps

myorigin = /etc/mailname
mydomain = sgeinc.com

mydestination = sge.sgeinc.com ruserved.com

mydestination = sge.sgeinc.com, $mydomain, localhost.$mydomain localhost
relayhost =

20161024 RS mynetworks = 199.181.141.0/24,127.0.0.0/8,192.168.0.0/16,75.180.132.0/24

mynetworks = 159.89.179.40,127.0.0.0/8,192.168.0.0/16,100.4.219.205,89.187.178.196

89.187.178.196 100.4.219.205 rmarczak See above mailbox limit mailboxsizelimit = 0

recipientdelimiter = +
inet_interfaces = all

smtpdsenderrestrictions=checksenderaccess hash:/etc/postfix/access Sender restrictions:

smtpdsenderrestrictions =
permitmynetworks,
reject
nonfqdnsender,
rejectunknownsender_domain,
permit

2016-02-15 RS the following line should allow relay until smtp auth implimented

smtpdrelayrestrictions =

smtpdclientrestrictions =

2015-11-14 RS add header checks via pcre (Perl regular expressions) 2018-06-03 RS remove temporarily headerchecks = pcre:/etc/postfix/headerchecks.pcre

smtpdrecipientrestrictions =
#permitmynetworks,
#reject
nonfqdnrecipient,
rejectinvalidhostname,
rejectunauthpipelining,
checkclientaccess hash:/var/lib/pop-before-smtp/hosts,
rejectunknownsenderdomain,
reject
unknownrecipientdomain,
permitmynetworks,
check
clientaccess hash:/etc/postfix/internalnetworks,
checksenderaccess hash:/etc/postfix/notourdomainassender,
rejectunauthdestination,
checkrecipientaccess hash:/etc/postfix/roleaccountexceptions,
check
heloaccess hash:/etc/postfix/helochecks,
#rejectnonfqdnhostname,
reject
invalidhostname,
check
sendermxaccess cidr:/etc/postfix/bogusmx,
#reject
rblclient bl.spamcop.net,
reject
rhsblsender dsn.rfc-ignorant.org,
reject
rblclient combined.rbl.msrbl.net,
reject
rblclient multi.uribl.com,
#reject
rblclient dul.dnsbl.sorbs.net,
reject
rblclient sbl-xbl.spamhaus.org,
#reject
rblclient dnsbl.sorbs.net,
reject
rblclient cbl.abuseat.org,
reject
rblclient ix.dnsbl.msrbl.net,
reject
rblclient rabl.nuclearelephant.com,
# The following checks the greylist
check
policyservice inet:127.0.0.1:10023,
#reject
unverified_sender,
permit

2012/07/07 RS added mailman stuff for fultonweather 2016/05/22 RS NOTE: mailman now in /usr/local/mailman 2016/05/22 RS removed fultonweather an marchreport relay_domains=lists.sgeinc.com,lists.marchreport.com,lists.fultonnyweather.org

relay_domains=lists.sgeinc.com

relayrecipientmaps =hash:/var/lib/mailman/data/virtual-mailman

transport_maps = hash:/etc/postfix/transport

mailmandestinationrecipient_limit = 1

smtpdrestrictionclasses =
hasourdomainassender

hasourdomainassender =
checksenderaccess hash:/etc/postfix/ourdomainas_sender
reject

smtpdtlsexclude_ciphers = EXPORT

Maybe the problem is with dovecot not recording the pop-before-smtp stuff. Might be lost when I changed to DO.

Have another answer? Share your knowledge.