So, if I *really* wanted to relay my email...where would I do that?

Hi friends!

The title largely says what I’m looking to do - I’d like to use something like Mailjet or SMTP2Go or Mailgun to relay my outbound mail, because Aunt Google doesn’t believe my mail server is legitimate…and yes, my DNS is perfect in terms of SPF/DMARC/DKIM. I’d thumb my nose at them…except that ProtonMail doesn’t like it, either. So, a relay would, in general, be the easiest solution, I’d think…but alas, I can’t figure out where the starting point is to do that.

Lowest hanging fruit, the PostfixAdmin WebUI didn’t seem to have any configuration buttons or knobs.
Before I posted, I read through the Gitlab admin page to see if @smu44 answered my question, and didn’t see anything listed, nor did a search for “smtp” or “relay” yield anything. I didn’t see it in the .env file documentation, either.
I’m not the greatest at reading Docker Compose files, but the entries for the mailserver container didn’t seem to have an obviously-named config file that I saw.
The forums here seem to acknowledge SMTP relaying as a possibility, but didn’t seem to go into detail about the implementation.

So, I have a couple of possibilities in terms of where to relay, but if there’s a place to make the settings, I’d super appreciate being pointed in the right direction.

Thanks, everyone!

where would I do that?

can you edit postfix main.cf directly? it’s worthwhile to edit it directly, eventually there is a line where you can do what you want.

The thing you’re looking for specifically is “relayhost” and the sasl-lines to configure the authentication to the relay.

On regular postfix setup, it’s asking what kind of smtp it is. What you currently want is a “internet-site with smarthost”. The dialogue is a thin wrapper, changing a few lines in postfix main.cf alters its type.

I wonder what the missing element is to make it work for you. Make sure you’ve set the reverse dns (ptr records) - this is not something you control in your dns, but the one who owns the ip address space. ptr/rdns used to be a stronger signal than all the other acronyms. Send a mail to https://www.mail-tester.com/ to debug.

Hi @voyager529 !

Still running your self-hosted on your residential IP?

Unfortunately for you, it’s designed as an “all in a box” solution for professional hosting (as VPS providers), so you’ll have to open the hood and get your hands dirty.
BTW PostfixAdmin purpose is for managing users & mailboxes, it won’t be of help here.

This is untested by me, however I’d try the following:

• find & read the configuration guides for the relaying providers you found, for example let’s stick to https://www.smtp2go.com/setupguide/postfix/
• as the configuration has to be in main.cf file, and this file is stored inside our mailserver container, we have 2 paths here:
  1: move the file outside the Docker container by modifying the Docker Compose configuration
  2: find a way to pass our configuration to the container
• I find option 2 far way better, as it won’t interfere with future updates and keep initial configuration. It is also easier to rollback.
  Okay, but here comes the “How?” …
• from the container readme here https://github.com/mailserver2/mailserver/?tab=readme-ov-file#override-postfix-configuration, I’d try to add all the needed configuration in /mnt/repo-base/volumes/mail/postfix/custom.conf file, then restart the container (docker-compose restart mailserver)
  1: please note that this path is already exposed to mailserver container with the /mnt/repo-base/volumes/mail:/var/mail volume directive
• I don’t know how RSpamd will behave, better keep an eye on it!
• you may take care of your own domain not being relayed. Hopefully your domain is known as “local domain” and this won’t happen, according to https://www.postfix.org/postconf.5.html#relayhost

Please keep us posted!

Best regards,

Still running your self-hosted on your residential IP?

Hey! this is actually a business-grade connection, and one of the other IPs on the /28 is used for an Exchange server…so I know e-mail can be sent from the IP block =). But yes, pedantry aside, this is a truly-self-hosted instance, rather than a VPS.

so you’ll have to open the hood and get your hands dirty.

That’s how we learn! =)

BTW PostfixAdmin purpose is for managing users & mailboxes, it won’t be of help here.

I was pretty sure that was the case. The reason I said it was more so to avoid being told “there’s a button for it in PFA, did you check in there before editing config files directly?” in the event the control happened to be there.

This is untested by me,

I thought you knew everything!

however I’d try the following…
2: find a way to pass our configuration to the container
I find option 2 far way better, as it won’t interfere with future updates and keep initial configuration. It is also easier to rollback.

Same, for the same reasons.

Okay, but here comes the “How?” …
I’d try to add all the needed configuration in /mnt/repo-base/volumes/mail/postfix/custom.conf file, then restart the container (docker-compose restart mailserver)

So, I am writing here because my very first attempt was a swing-and-a-miss. Here’s my config file:

biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 3.6
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost, localhost.localdomain, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

relayhost = 192.168.1.1:25
relay_destination_concurrency_limit = 10

To which, the entire free world says “ehm…voyager…you had ONE JOB!” I know…bear with me.

First, I tried the config file both ways - one variant with just the relayhost and concurrency parameters set, and one full config file that was a copy/paste of everything already in the main.cf, since the documentation was a bit ambiguous as to whether the custom.conf file appended the main.cf contents, or replaced it. The behavior was the same either way.

Part of my plan to test it, is the fact that the router in front of the server is a Sophos UTM appliance, which does perform SMTP relaying as well as spam filtering. I was curious if I could just use the UTM instead of SMTP2Go, not because I had an issue with the service, but because it seemed like a good first step because there were only two steps involved - enable the relay, and add the server IP to the allow list.

Well, interestingly enough, the Sophos firewall doesn’t seem to show any attempts, passed or failed, at relaying mail through it.

This obviously calls for some more testing. Will SMTP2Go do a better job? Do I need to look at more granular Sophos logs? Can we get more information from the Postfix logs about its attempts?

Stay tuned to find out!!

Thank you so much for the pointers thus far. I’m looking forward to providing de facto documentation for future /e/Cloud users, especially those of us who believe ‘my data is MY data’ applies best when we own the servers

Okay, so I’ve clawed the slightest bit of progress here…

The file I’m editing:
/mnt/repo-base/volumes/mail/postfix/custom.conf

now, according to the Github page for mailserver2, if I run:

mnt/repo-base# docker logs -f mailserver |grep configuration

I should see

[INFO] Custom Postfix configuration file loaded

But instead I get

cannot open a temp file //var/mail/rspamd/hsmp-XXXXXXXG9SIJ2 to write hyperscan cache: No such file or directory
mv: cannot move '/etc/dovecot/conf.d/10-mail.conf' to '/etc/dovecot/conf.d/10-mail.conf.tpl': Device or resource busy
mv: cannot move '/etc/dovecot/conf.d/90-quota.conf' to '/etc/dovecot/conf.d/90-quota.conf.tpl': Device or resource busy
cannot open a temp file //var/mail/rspamd/hsmp-XXXXXXX91ODJ2 to write hyperscan cache: No such file or directory
sed: cannot rename /etc/clamav/sedvGrdYr: Device or resource busy
sed: cannot rename /etc/clamav/sedcN5QM4: Device or resource busy
[INFO] clamav-unofficial-sigs is disabled (user configuration not found)
2024-02-27 13:34:09 #59(main) <aa88b6>; main; main: rspamd 3.7.5 is loading configuration, build id: release
WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22
2024-02-27T13:34:10.258714+00:00 mail postfix/master[147]: daemon started -- version 3.7.9, configuration /etc/postfix
2024-02-27 13:41:32 #55(main) <1c80b9>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-02-27T13:41:33.134258+00:00 mail postfix/master[164]: daemon started -- version 3.7.9, configuration /etc/postfix
2024-04-05 19:44:30 #59(main) <cfe219>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-04-05T19:44:31.266106+00:00 mail postfix/master[167]: daemon started -- version 3.7.9, configuration /etc/postfix
2024-05-09 13:52:16 #54(main) <84f2ba>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-05-09T13:52:16.942129+00:00 mail postfix/master[171]: daemon started -- version 3.7.9, configuration /etc/postfix
2024-05-09 14:19:12 #57(main) <2c84b9>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-05-09T14:19:12.888074+00:00 mail postfix/master[167]: daemon started -- version 3.7.9, configuration /etc/postfix
2024-05-09 14:32:17 #63(main) <48c15a>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-05-09T14:32:17.616482+00:00 mail postfix/master[168]: daemon started -- version 3.7.9, configuration /etc/postfix
2024-05-09 17:16:04 #60(main) <7e05c2>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-05-09T17:16:05.319025+00:00 mail postfix/master[168]: daemon started -- version 3.7.9, configuration /etc/postfix
^C
root@mail:/mnt/repo-base#

Which leads me to believe that the config file isn’t being loaded.

Now, I haven’t made any other config changes, but I figured I’d do some comparisons.

The Github page says that the location for the file is /mnt/docker/mail/postfix/custom.conf, which i’ve confirmed does map to /var/mail/postfix/custom.conf,and I did a chmod 777 on the file.

Am I missing a step where MS2 needs to be told to look at the custom.conf file? because it seems that it’s not reading it.

Thanks!!

I attempted to reproduce with a well-known custom configuration (used years ago as a attempt to diagnose a relaying problem).

Custom file content and characteristics:

# /mnt/docker/mail/postfix/custom.conf

# main.cf parameters

debug_peer_list = smtp-in.orange.fr
debug_peer_level = 3

root@vcs1:/mnt/repo-base/volumes/mail/postfix# ll custom.conf
-rw-r--r-- 1 root root 119 May 10 08:12 custom.conf

Output for docker logs -f mailserver|grep configuration:

mv: cannot move '/etc/dovecot/conf.d/10-mail.conf' to '/etc/dovecot/conf.d/10-mail.conf.tpl': Device or resource busy
mv: cannot move '/etc/dovecot/conf.d/90-quota.conf' to '/etc/dovecot/conf.d/90-quota.conf.tpl': Device or resource busy
sed: cannot rename /etc/clamav/sedfi5783: Device or resource busy
sed: cannot rename /etc/clamav/sedOdwWku: Device or resource busy
sed: can't read /etc/logrotate.d/clamav-daemon: No such file or directory
sed: can't read /etc/logrotate.d/clamav-freshclam: No such file or directory
[INFO] Custom Postfix configuration file loaded
[INFO] clamav-unofficial-sigs is enabled (user configuration found)
2024-05-09 07:40:45 #1153(main) <e5e843>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-05-09T07:40:46.259700+00:00 mail postfix/master[1255]: daemon started -- version 3.7.10, configuration /etc/postfix
2024-05-10 06:12:18 #59(main) <411371>; main; main: rspamd 3.7.5 is loading configuration, build id: release
2024-05-10T06:12:18.797974+00:00 mail postfix/master[162]: daemon started -- version 3.7.10, configuration /etc/postfix

Output for docker-compose logs mailserver|grep configuration (I prefer this one, easier to read):

mailserver                      | [INFO] Custom Postfix configuration file loaded
mailserver                      | [INFO] clamav-unofficial-sigs is enabled (user configuration found)
mailserver                      | 2024-05-09 07:40:45 #1153(main) <e5e843>; main; main: rspamd 3.7.5 is loading configuration, build id: release
mailserver                      | 2024-05-09T07:40:46.259700+00:00 mail postfix/master[1255]: daemon started -- version 3.7.10, configuration /etc/postfix
mailserver                      | 2024-05-10 06:12:18 #59(main) <411371>; main; main: rspamd 3.7.5 is loading configuration, build id: release
mailserver                      | 2024-05-10T06:12:18.797974+00:00 mail postfix/master[162]: daemon started -- version 3.7.10, configuration /etc/postfix

take a look at the timestamps! The “Custom Postfix configuration file loaded” appears only before 2024-05-09 timestamp, not at 2024-05-10!

OK, I understand: yesterday, while digging into your question, I modified my docker-compose.yml to add - DISABLE_CLAMAV=true for mailserver (I don’t need it, and disabling saves a lot of memory!).
→ Doing this leads to a container re-creation.
Confirmed by taking a look at https://github.com/mailserver2/mailserver/blob/fd944a75b42ec10837e335bb53e56bbe6413c4aa/rootfs/usr/local/bin/setup.sh#L292: custom conf is added by setup.sh script, which is run only once at container creation.

(here my memory takes control of keyboard to apology: “Sorry, I’m getting old and some of my synapses are not doing well anymore”)

Easy fix (note I added -t to docker-compose logs):

root@vcs1:/mnt/repo-base# docker-compose stop mailserver
Stopping mailserver ... done
root@vcs1:/mnt/repo-base# docker-compose rm mailserver
Going to remove mailserver
Are you sure? [yN] y
Removing mailserver ... done
root@vcs1:/mnt/repo-base# docker-compose up -d
.
.
.
Creating mailserver ... done
.
.
.
root@vcs1:/mnt/repo-base# docker-compose logs -t mailserver|grep configuration
mailserver                      | 2024-05-10T06:32:34.829377245Z [INFO] Custom Postfix configuration file loaded
mailserver                      | 2024-05-10T06:32:43.688081850Z [INFO] clamav-unofficial-sigs is enabled (user configuration found)
mailserver                      | 2024-05-10T06:32:51.371919162Z 2024-05-10 06:32:51 #1151(main) <d53582>; main; main: rspamd 3.7.5 is loading configuration, build id: release
mailserver                      | 2024-05-10T06:32:51.599405183Z 2024-05-10T06:32:51.599228+00:00 mail postfix/master[1254]: daemon started -- version 3.7.10, configuration /etc/postfix

This is much better!

As a side note: you can easily dump the running configuration with docker-compose exec mailserver postconf

I’m eager to read your feedback!

Best regards,

So, maybe there is something else…

You may try to add RUA, RUF, fo DMARC tags: https://mxtoolbox.com/dmarc/details/dmarc-tags.
Also, if you enabled MTA-STS, you can also add rua to _smtp._tls: https://support.google.com/a/answer/9276512?hl=en.

They are enabled for one of my domains (to postmaster alias), and I receive reports from Microsoft and Google.

Huzzah!! Success!

The condensed solution and thread summary for someone else who’s looking to implement SMTP Relaying and wants to ‘skip to the end’…

1.) create the file /mnt/repo-base/volumes/mail/postfix/custom.conf.
2.) Within the file, add a line that stipulates your relay. In my case, it’s
relayhost = 192.168.1.1:25 .

My case is a particularly easy one, because my Sophos UTM does the relaying, and since the only thing on the LAN which sends outbound e-mail is the /e/Cloud server, i’m cool with using the Sophos function of specifying which LAN hosts can relay, and using that as de facto authentication. However, if you’re using a relay that requires a username and password, you’d probably have some more lines to add. The example from the SMTP2Go page was this:

    smtp_sasl_auth_enable = yes
	smtp_sasl_password_maps = static:yourSMTP2GOUsername:yourSMTP2GOPassword
	smtp_sasl_security_options = noanonymous
	smtp_tls_security_level = may
	header_size_limit = 4096000
	relayhost = [mail.smtp2go.com]:2525
	relay_destination_concurrency_limit = 20

If you’re using a different service, it’s likely that you’ll find a search result if you look for ‘postfix config proxmox’ or a similar search string. If it’s a commercially available relay service, someone has configured Postfix for it.

Whatever the config, the ONLY thing that needs to be in the custom config file are the parameters regarding the relay; the container will get the rest of the config options from the main.cf file it otherwise reads.

3.) The Mailserver container loads custom config files only if they’re present during container creation. To accomplish this, run the following commands:

cd /mnt/repo-base
docker-compose stop mailserver
docker-compose rm mailserver
docker-compose up -d

I added the first command because i was very clearly reminded that running the docker-compose commands from any other folder is a source of disaster. Don’t make my mistake =).

After this…mail relayed just swimmingly!!

Thank you for your help in solving my issue, as always.

I’m very happy you could make it work!

For sure this thread will help others.

This topic was automatically closed after 90 days. New replies are no longer allowed.