Discussion:
question about sending mail and postfix
Adam Hardy
2010-01-18 13:32:20 UTC
Permalink
This is possibly an exceptionally easy question to answer because I feel like
all the documentation I've read about sending mail and postfix starts at step 2,
and step 1 is just common knowledge that I somehow failed to pick up.

I have a new server online with lenny that I want to configure to send all its
mail for root to my email address, and that's all. I don't want it to receive
any email or relay or anything else.

I set this up a few years back with postfix and now trying to recreate this
setup, I am running into the problem that the mail command isn't installed. It
obviously doesn't come with postfix and there appears to be a huge choice of
packages that I could choose from in the debian repositories, but isn't there a
default? My guess is that my hosting service installed such a stripped-down
version of lenny that I didn't get it.

Any enlightenment gratefully received,

Adam
Andrei Popescu
2010-01-18 13:40:00 UTC
Permalink
On Mon,18.Jan.10, 13:32:20, Adam Hardy wrote:

> I have a new server online with lenny that I want to configure to
> send all its mail for root to my email address, and that's all. I
> don't want it to receive any email or relay or anything else.

'man aliases' and don't forget to run newaliases after you changed
/etc/aliases.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Adam Hardy
2010-01-18 15:37:12 UTC
Permalink
Andrei Popescu on 18/01/10 13:40, wrote:
> On Mon,18.Jan.10, 13:32:20, Adam Hardy wrote:
>
>> I have a new server online with lenny that I want to configure to
>> send all its mail for root to my email address, and that's all. I
>> don't want it to receive any email or relay or anything else.
>
> 'man aliases' and don't forget to run newaliases after you changed
> /etc/aliases.

I need a database ...hmmm I can see this job morphing into something a lot
bigger than I had imagined.

Is there no easier package to use for this than postfix with a database?
James Wu
2010-01-18 16:24:20 UTC
Permalink
I apologize, I just double checked and I think the "mailutils" package
is the more common one. You shouldn't need a database for it. However,
I'd check to make sure you don't already have it the mail command in
your system.

Check your PATH by typing "env | grep PATH" in the command line and
check that /usr/bin is listed. As well, type "ls /usr/bin | grep mail"
and check if you see a mail command. You don't really need postfix for
this anyways, exim which comes on lenny by default is enough for such a
simple task.

James

-----Original Message-----
From: Adam Hardy [mailto:***@cyberspaceroad.com]
Sent: January 18, 2010 10:37 AM
To: debian-***@lists.debian.org
Cc: debian-***@lists.debian.org
Subject: Re: question about sending mail and postfix

Andrei Popescu on 18/01/10 13:40, wrote:
> On Mon,18.Jan.10, 13:32:20, Adam Hardy wrote:
>
>> I have a new server online with lenny that I want to configure to
>> send all its mail for root to my email address, and that's all. I
>> don't want it to receive any email or relay or anything else.
>
> 'man aliases' and don't forget to run newaliases after you changed
> /etc/aliases.

I need a database ...hmmm I can see this job morphing into something a
lot bigger than I had imagined.

Is there no easier package to use for this than postfix with a database?



--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
***@lists.debian.org
Adam Hardy
2010-01-18 17:14:39 UTC
Permalink
James Wu on 18/01/10 16:24, wrote:
> I apologize, I just double checked and I think the "mailutils" package
> is the more common one. You shouldn't need a database for it. However,
> I'd check to make sure you don't already have it the mail command in
> your system.
>
> Check your PATH by typing "env | grep PATH" in the command line and
> check that /usr/bin is listed. As well, type "ls /usr/bin | grep mail"
> and check if you see a mail command. You don't really need postfix for
> this anyways, exim which comes on lenny by default is enough for such a
> simple task.

No problem.

I don't have mail, definitely, but I am currently testing with sendmail,
although postfix has only given me sendmail in /usr/sbin so I have to sudo to
use it.

mailutils looks like the business. And postfix is not happy about me trying to
configure it to send emails to alias addresses. I might have to check out exim
if you say it can do that too.

Thanks
Adam
Jon Dowland
2010-01-19 11:03:19 UTC
Permalink
On Mon, Jan 18, 2010 at 05:14:39PM +0000, Adam Hardy wrote:
> I don't have mail, definitely, but I am currently testing
> with sendmail, although postfix has only given me sendmail
> in /usr/sbin so I have to sudo to use it.

This is the normal location for the sendmail binary. All the
MTAs provide it there. You do not need to use sudo to reach
it - use the full path as a normal user, or add /usr/sbin to
your path temporarily:

$ /usr/sbin/sendmail

$ PATH=$PATH:/usr/sbin
$ export PATH
$ sendmail
Camaleón
2010-01-18 17:29:59 UTC
Permalink
On Mon, 18 Jan 2010 15:37:12 +0000, Adam Hardy wrote:

> Andrei Popescu on 18/01/10 13:40, wrote:
>> On Mon,18.Jan.10, 13:32:20, Adam Hardy wrote:
>>
>>> I have a new server online with lenny that I want to configure to send
>>> all its mail for root to my email address, and that's all. I don't
>>> want it to receive any email or relay or anything else.
>>
>> 'man aliases' and don't forget to run newaliases after you changed
>> /etc/aliases.
>
> I need a database ...hmmm I can see this job morphing into something a
> lot bigger than I had imagined.
>
> Is there no easier package to use for this than postfix with a database?

You don't need a "database" (at least not SQL/LDAP one) at all :-?

/etc/aliases (is just a "table") is the standard (and easiest) way to
setting up local e-mail aliases in Postfix and many other MTAs.

"man etc-aliases" will give you the whole picture about how this file is
used.

If you need more sophisticated config (delivering to local or remote
recipients), virtual aliasing in Postfix is pretty useful and quite easy
to setup, depending on you current configuration :-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-18 17:49:23 UTC
Permalink
Camaleón on 18/01/10 17:29, wrote:
> On Mon, 18 Jan 2010 15:37:12 +0000, Adam Hardy wrote:
>> Andrei Popescu on 18/01/10 13:40, wrote:
>>> On Mon,18.Jan.10, 13:32:20, Adam Hardy wrote:
>>>> I have a new server online with lenny that I want to configure to send
>>>> all its mail for root to my email address, and that's all. I don't
>
> You don't need a "database" (at least not SQL/LDAP one) at all :-?
>
> /etc/aliases (is just a "table") is the standard (and easiest) way to
> setting up local e-mail aliases in Postfix and many other MTAs.
>
> "man etc-aliases" will give you the whole picture about how this file is
> used.
>
> If you need more sophisticated config (delivering to local or remote
> recipients), virtual aliasing in Postfix is pretty useful and quite easy
> to setup, depending on you current configuration :-)

I figured that out actually but in the meantime I only managed to find another
issue. I wrote my own /etc/postfix/aliases file:

root: ***@cyberspaceroad.com

and momentarily it worked. I then added another user

adam: ***@cyberspaceroad.com

and it fell over again. I tried removing the /etc/postfix/aliases file and
putting the aliases in /etc/aliases and it still didn't work.

I get this, if it gives any clues to the problem:

Jan 18 17:35:11 ecocore postfix/smtp[22579]: 452652A8203:
to=<***@adamsdomain.org>, relay=none, delay=462, delays=462/0.02/0.05/0,
dsn=4.4.1, status=deferred (connect to private.domain.org[1.1.1.1]:25:
Connection refused)

where 1.1.1.1 is the ip address of the server.


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-18 18:35:31 UTC
Permalink
On Mon, 18 Jan 2010 17:49:23 +0000, Adam Hardy wrote:

> Camaleón on 18/01/10 17:29, wrote:

>> You don't need a "database" (at least not SQL/LDAP one) at all :-?
>>
>> /etc/aliases (is just a "table") is the standard (and easiest) way to
>> setting up local e-mail aliases in Postfix and many other MTAs.
>>
>> "man etc-aliases" will give you the whole picture about how this file
>> is used.
>>
>> If you need more sophisticated config (delivering to local or remote
>> recipients), virtual aliasing in Postfix is pretty useful and quite
>> easy to setup, depending on you current configuration :-)
>
> I figured that out actually but in the meantime I only managed to find
> another issue. I wrote my own /etc/postfix/aliases file:

Default "alias_maps" is set to lookup into "/etc/aliases" file, not "/etc/
postfix/aliases" but this can be verified with:

***
postconf -d | grep "alias_maps ="
***

That command will tell you where Postfix lookups for this table and that
is the file you'll have to "tweak".

> root: ***@cyberspaceroad.com

After making any change of the aliases file, you have to run "newaliases"
or "postalias /etc/aliases" (pointing to the right file path).

> and momentarily it worked. I then added another user
>
> adam: ***@cyberspaceroad.com
>
> and it fell over again. I tried removing the /etc/postfix/aliases file
> and putting the aliases in /etc/aliases and it still didn't work.

First, you have to find out the right location of that table.

> I get this, if it gives any clues to the problem:
>
> Jan 18 17:35:11 ecocore postfix/smtp[22579]: 452652A8203:
> to=<***@adamsdomain.org>, relay=none, delay=462,
> delays=462/0.02/0.05/0, dsn=4.4.1, status=deferred (connect to
> private.domain.org[1.1.1.1]:25: Connection refused)
>
> where 1.1.1.1 is the ip address of the server.

Are there any content filters (i.e, amavisd-new, firewall rules or any
network traffic restrictions) that are preventing e-mails going out?

Can you normally send e-mails to remote sites or is your Postfix
configured to send only "locally"?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-19 00:50:56 UTC
Permalink
Camaleón on 18/01/10 18:35, wrote:
> Are there any content filters (i.e, amavisd-new, firewall rules or any
> network traffic restrictions) that are preventing e-mails going out?
>
> Can you normally send e-mails to remote sites or is your Postfix
> configured to send only "locally"?

OK, right, so I can see now that postfix is using /etc/aliases.

I put this line in there:

adam: ***@my-normal-email.com

and ran newaliases and saw that it recreated /etc/aliases.db.

Then I ran mail and sent user 'adam' an email, checked in the log and got this:

Jan 18 23:32:32 my-other-domain postfix/pickup[31591]: 11C082A8779: uid=1000
from=<adam>
Jan 18 23:32:32 my-other-domain postfix/cleanup[32630]: 11C082A8779:
message-id=<***@my-other-domain.org>
Jan 18 23:32:32 my-other-domain postfix/qmgr[14877]: 11C082A8779:
from=<***@my-other-domain.org>, size=345, nrcpt=1 (queue active)
Jan 18 23:32:32 my-other-domain postfix/smtp[32633]: connect to
my-other-domain.vs.athnic.net[11.22.33.44]:25: Connection refused
Jan 18 23:32:32 my-other-domain postfix/smtp[32633]: 11C082A8779:
to=<***@my-other-domain.vs.athnic.net>, relay=none, delay=0.07,
delays=0.04/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to
my-other-domain.vs.athnic.net[11.22.33.44]:25: Connection refused)
(END)

where vs.athnic.net is the sub-domain of the hosting service, and
my-other-domain is the new domain I'm setting up a webserver for.

So despite the postconf command saying that it's using /etc/aliases, it's not
actually picking up the different email address from there. Maybe it doesn't get
that far though - and it will change it after - except it gets 'connection
refused' so it stops.

The connection could feasibly be blocked by a firewall belonging to the hosting
service, but port 25 is standard for SMTP and they said the standard ones were free.

but why am i seeing postfix build a connection with itself? have I got something
wrong here in the network configuration?

Just for the record, here's my postfix main.cf:

mydomain = ecocore.org
myhostname = $mydomain
myorigin = $mydomain
mynetworks_style = host
append_dot_mydomain = no
local_recipient_maps =
inet_interfaces = loopback-only


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-19 07:47:11 UTC
Permalink
On Tue, 19 Jan 2010 00:50:56 +0000, Adam Hardy wrote:

> Camaleón on 18/01/10 18:35, wrote:
>> Are there any content filters (i.e, amavisd-new, firewall rules or any
>> network traffic restrictions) that are preventing e-mails going out?
>>
>> Can you normally send e-mails to remote sites or is your Postfix
>> configured to send only "locally"?
>
> OK, right, so I can see now that postfix is using /etc/aliases.
>
> I put this line in there:
>
> adam: ***@my-normal-email.com
>
> and ran newaliases and saw that it recreated /etc/aliases.db.
>
> Then I ran mail and sent user 'adam' an email, checked in the log and
> got this:

(...)

> Jan 18
> 23:32:32 my-other-domain postfix/smtp[32633]: 11C082A8779:
> to=<***@my-other-domain.vs.athnic.net>, relay=none, delay=0.07,
> delays=0.04/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to
> my-other-domain.vs.athnic.net[11.22.33.44]:25: Connection refused) (END)
>
> where vs.athnic.net is the sub-domain of the hosting service, and
> my-other-domain is the new domain I'm setting up a webserver for.
>
> So despite the postconf command saying that it's using /etc/aliases,
> it's not actually picking up the different email address from there.
> Maybe it doesn't get that far though - and it will change it after -
> except it gets 'connection refused' so it stops.

Then you have now a problem with your Postfix setup, not "aliases" :-).

How is your Postfix global configuration done? Is it directly delivering
e-mails outside (Internet) or are you sending all the mail to your ISP
host? Is is a multi-domain setup (virtual domains)? What is Postfix's
next step, is attached to DSL line or any kind of gateway...?

Explain a bit so we can get the whole scenario about your Postfix setup.

> The connection could feasibly be blocked by a firewall belonging to the
> hosting service, but port 25 is standard for SMTP and they said the
> standard ones were free.
>
> but why am i seeing postfix build a connection with itself? have I got
> something wrong here in the network configuration?

Yes, so I think.

Not "wrong" but it seems your Postfix is not configured to properly send
out and handle virtual domains, maybe :-?

> Just for the record, here's my postfix main.cf:

(...)

> inet_interfaces = loopback-only

This can be the cause. You (or your provider) are forcing Postfix to
listen only in loopback interface (127.0.0.1) so you get a "connection
refused" error when tries to connect to [11.22.33.44] (also, the "square
brackets" means no name server resolution is done).

It seems your host is configured for local delivery only :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Jon Dowland
2010-01-19 11:08:40 UTC
Permalink
On Tue, Jan 19, 2010 at 07:47:11AM +0000, Camaleón wrote:
> On Tue, 19 Jan 2010 00:50:56 +0000, Adam Hardy wrote:
> > Jan 18
> > 23:32:32 my-other-domain postfix/smtp[32633]: 11C082A8779:
> > to=<***@my-other-domain.vs.athnic.net>, relay=none, delay=0.07,
> > delays=0.04/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to
> > my-other-domain.vs.athnic.net[11.22.33.44]:25: Connection refused) (END)

> This can be the cause. You (or your provider) are forcing Postfix to
> listen only in loopback interface (127.0.0.1) so you get a "connection
> refused" error when tries to connect to [11.22.33.44] (also, the "square
> brackets" means no name server resolution is done).
>
> It seems your host is configured for local delivery only :-?

This is not how I read the logs.

He does not want the machine running postfix to accept mail
from the outside world, so he does want it to listen only on
127.0.0.1 -- this is by design.

The "connection refused" logs are the postfix daemon
attempting to connect outbound - this does not look to be a
postfix-specific issue.

Adam, can you connect outbound to your ISPs mail server on
port 25, by hand? Use netcat if you have it, or telnet if
you do not, to test:

$ nc my-other-domain.vs.athnic.net 25
220 <more stuff>

You should get a response line like the above. If it does
not appear after a few seconds, or you get a connection
refused message, then your local ISP is blocking port 25
outbound, which is nowadays fairly common.

The ISP for your domain, who run the SMTP server, may accept
mail on alternative ports. The "submission" port 587 is
commonly used for this purpose, and is less likely to be
blocked by your home-Internet-ISP:

$ nc my-other-domain.vs.athnic.net 587
220 <more stuff>

If that works, reconfigure postfix to use port 587 instead
of 25 for it's relay host / smart host.

If it doesn't, you may have to use your ISPs relay host for
outbound mail.


--
Jon Dowland
Adam Hardy
2010-01-19 14:55:23 UTC
Permalink
Jon Dowland on 19/01/10 11:08, wrote:
> On Tue, Jan 19, 2010 at 07:47:11AM +0000, Camaleón wrote:
>> On Tue, 19 Jan 2010 00:50:56 +0000, Adam Hardy wrote:
>>> Jan 18
>>> 23:32:32 my-other-domain postfix/smtp[32633]: 11C082A8779:
>>> to=<***@my-other-domain.vs.athnic.net>, relay=none, delay=0.07,
>>> delays=0.04/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to
>>> my-other-domain.vs.athnic.net[11.22.33.44]:25: Connection refused) (END)
>
>> This can be the cause. You (or your provider) are forcing Postfix to
>> listen only in loopback interface (127.0.0.1) so you get a "connection
>> refused" error when tries to connect to [11.22.33.44] (also, the "square
>> brackets" means no name server resolution is done).
>>
>> It seems your host is configured for local delivery only :-?
>
> This is not how I read the logs.
>
> He does not want the machine running postfix to accept mail
> from the outside world, so he does want it to listen only on
> 127.0.0.1 -- this is by design.
>
> The "connection refused" logs are the postfix daemon
> attempting to connect outbound - this does not look to be a
> postfix-specific issue.
>
> Adam, can you connect outbound to your ISPs mail server on
> port 25, by hand? Use netcat if you have it, or telnet if
> you do not, to test:
>
> $ nc my-other-domain.vs.athnic.net 25
> 220 <more stuff>
>
> You should get a response line like the above. If it does
> not appear after a few seconds, or you get a connection
> refused message, then your local ISP is blocking port 25
> outbound, which is nowadays fairly common.
>
> The ISP for your domain, who run the SMTP server, may accept
> mail on alternative ports. The "submission" port 587 is
> commonly used for this purpose, and is less likely to be
> blocked by your home-Internet-ISP:
>
> $ nc my-other-domain.vs.athnic.net 587
> 220 <more stuff>
>
> If that works, reconfigure postfix to use port 587 instead
> of 25 for it's relay host / smart host.
>
> If it doesn't, you may have to use your ISPs relay host for
> outbound mail.

OK, thanks. I've resolved that confusion.

You're right, I just scanned the ports and without that config in there, port 25
is left open.

Regards
Adam


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-19 13:00:15 UTC
Permalink
Camaleón on 19/01/10 07:47, wrote:
>> Then I ran mail and sent user 'adam' an email, checked in the log and
>> got this:


>> where vs.athnic.net is the sub-domain of the hosting service, and
>> my-other-domain is the new domain I'm setting up a webserver for.
>>
> How is your Postfix global configuration done? Is it directly delivering
> e-mails outside (Internet) or are you sending all the mail to your ISP
> host? Is is a multi-domain setup (virtual domains)? What is Postfix's
> next step, is attached to DSL line or any kind of gateway...?
>
> Explain a bit so we can get the whole scenario about your Postfix setup.

All I need is for my system to send various administrative emails to my own
personal email account (on this email's domain, completely different from the
system). For instance, emails containing the results of nmap and netstat
launched by crontab and other such security checks.

The system won't have any other users than root and adam so no local emails
between accounts are needed. Everything should be directed to my personal email.

And the system shouldn't accept any external emails or allow any relaying. That
was why I had the line about inet_interfaces = loopback. I thought that would
secure it. I've taken the setting out of main.cf now.

However postfix is still ignoring my attempts to alias "root" and "adam". My
main.cf is quite slim:

mydomain = ecocore.org
myhostname = $mydomain
myorigin = $mydomain
mynetworks_style = host
append_dot_mydomain = no
local_recipient_maps =
relay_domains =


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-19 14:56:41 UTC
Permalink
On Tue, 19 Jan 2010 13:00:15 +0000, Adam Hardy wrote:

> Camaleón on 19/01/10 07:47, wrote:

>> Explain a bit so we can get the whole scenario about your Postfix
>> setup.
>
> All I need is for my system to send various administrative emails to my
> own personal email account (on this email's domain, completely different
> from the system). For instance, emails containing the results of nmap
> and netstat launched by crontab and other such security checks.
>
> The system won't have any other users than root and adam so no local
> emails between accounts are needed. Everything should be directed to my
> personal email.
>
> And the system shouldn't accept any external emails or allow any
> relaying. That was why I had the line about inet_interfaces = loopback.
> I thought that would secure it. I've taken the setting out of main.cf
> now.

O.k. I think all is more clear now :-)

You can leave that value if you are not going to use Postfix in an
intranet environment neither you are going to use it as an external/
remote MTA.

So just restore back:

***
inet_interfaces = loopback-only
***

And run "etc/init.d/postfix restart" to activate it.

As you *explicitly* installed Postfix I thought you knew beforehand what
you were doing and what you wanted to achieve.

As per your described setup, Postfix can do the job (sending e-mails to
external hosts, which is usually named "using Postfix as client") with no
problems at all, but you (being the administrator of the host) need to
understand what type of configs are available in Postfix.

Postfix is very flexible and can be configure to manage not only local
mails (let's say, between you and your own host) but also can be used to
address thousand of e-mail domains (virtual domains), usually known as
"running Postfix as server".

You can get an idea of the different setups you can get by reading this
page:

Postfix Standard Configuration Examples
http://www.postfix.org/STANDARD_CONFIGURATION_README.html

So, it should just work "out-of-the-box" without tweaking anything, at
least when installed from sources. Debian scpecific setup may vary, but
should be quite the same.

> However postfix is still ignoring my attempts to alias "root" and
> "adam". My main.cf is quite slim:

O.k. Let's evaluate again your current setup.

> mydomain = ecocore.org

What is this domain for?

I get:

***@stt008:~$ host ecocore.org
ecocore.org has address 205.153.118.230
ecocore.org mail is handled by 10 mx2.athnic.net.

This host actually exists and is running a mail server. Is that your
Postfix? I think not, I think this is your ISP address/domain name and
should not be listed here.

Just leave the default value untouched (that is, #comment it).

# mydomain = ecocore.org

> myhostname = $mydomain
> myorigin = $mydomain

You can leave these ones:

> mynetworks_style = host
> append_dot_mydomain = no
> local_recipient_maps =
> relay_domains =

And then, restart Postfix and try to send an e-mail to "root". You can do
it as follows:

***
telnet localhost 25
mail from:root
rcpt to:root
data
testing e-mail
.
quit
***

And just review (and report back) for any error or messages you got in
the log ("/var/log/mail.log") :-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-19 17:52:47 UTC
Permalink
Camaleón on 19/01/10 14:56, wrote:
> On Tue, 19 Jan 2010 13:00:15 +0000, Adam Hardy wrote:
> As you *explicitly* installed Postfix I thought you knew beforehand what
> you were doing and what you wanted to achieve.

I had to explicitly install most stuff because the hosting company who set up
lenny for me only installed the absolute minimum to run ssh.

> Postfix Standard Configuration Examples
> http://www.postfix.org/STANDARD_CONFIGURATION_README.html

Yes, I read this several times but obviously it's one of those situations where
it doesn't make sense until you know what you're doing, and as my situation
isn't one of the explicitly described common situations, I think I'm doing OK so
far.

>> mydomain = ecocore.org
>
> What is this domain for?

I want the email address from my machine to be ***@ecocore.org (which is my
domain name). I can live without this.

Finally I just de-installed postfix and purged it and re-installed everything
without the mydomain=ecocore.org and now everything works.

Jan 19 17:47:52 ecocore postfix/smtp[31979]: AE2122A81F3:
to=<***@cyberspaceroad.com>, orig_to=<***@ecocore.vs.athnic.net>,
relay=mx2.athnic.net[10.198.195.31]:25, delay=0.23, delays=0/0.01/0.12/0.1,
dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D3990328BCD)

So the reason why postfix was saying "ecocore.vs.athnic.net[10.153.118.230]:25:
Connection refused" will never be known, beyond my simple ignorance :O

Thanks for your help,

Adam


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-20 19:01:16 UTC
Permalink
I'm installing stuff onto a vserver which I have just got, and according to the
sysadmin at the hosting provider, due to their set-up, I can't configure exim to
listen on 127.0.0.1, I have to use the given IP address.

In case that doesn't make sense, I mean that I am not supposed to get this
netstat output:

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN


It should listen like this (or all hell breaks loose on their server farm):

tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN

where 10.20.30.40 is the static IP I've been given (which is then NAT'd by the
hosting provider to something else).

My vserver set-up has very simple requirements - I just want the system to send
out emails generated on the system locally, e.g. piping command output to mailx

Any enlightenment much appreciated

Adam
Alex Samad
2010-01-20 19:59:58 UTC
Permalink
On Wed, Jan 20, 2010 at 07:01:16PM +0000, Adam Hardy wrote:
> I'm installing stuff onto a vserver which I have just got, and
> according to the sysadmin at the hosting provider, due to their
> set-up, I can't configure exim to listen on 127.0.0.1, I have to use
> the given IP address.
>
> In case that doesn't make sense, I mean that I am not supposed to
> get this netstat output:
>
> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
>
>
> It should listen like this (or all hell breaks loose on their server farm):
>
> tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN
>
> where 10.20.30.40 is the static IP I've been given (which is then
> NAT'd by the hosting provider to something else).
>
> My vserver set-up has very simple requirements - I just want the
> system to send out emails generated on the system locally, e.g.
> piping command output to mailx
>
> Any enlightenment much appreciated
not sure why listening to 127.0.0.1 isn't going to work.

can I suggest if all you want is outbound mail maybe look at nullmailer

>
> Adam
>
>

--
"I think it's important to bring somebody from outside the system, the judicial system, somebody that hasn't been on the bench and, therefore, there's not a lot of opinions for people to look at."

- George W. Bush
10/04/2005
Washington, DC
On the nomination of Harriet Miers to the Supreme Court
Camaleón
2010-01-20 20:06:50 UTC
Permalink
On Wed, 20 Jan 2010 19:01:16 +0000, Adam Hardy wrote:

Tip: it's better to open a new thread ("new" post instead to "reply") if
you are changing the theme of the e-mail :-)

> I'm installing stuff onto a vserver which I have just got, and according
> to the sysadmin at the hosting provider, due to their set-up, I can't
> configure exim to listen on 127.0.0.1, I have to use the given IP
> address.
>
> In case that doesn't make sense, I mean that I am not supposed to get
> this netstat output:
>
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN
>
>
> It should listen like this (or all hell breaks loose on their server
> farm):
>
> tcp 0 0 10.20.30.40:25 0.0.0.0:*
> LISTEN
>
> where 10.20.30.40 is the static IP I've been given (which is then NAT'd
> by the hosting provider to something else).
>
> My vserver set-up has very simple requirements - I just want the system
> to send out emails generated on the system locally, e.g. piping command
> output to mailx
>
> Any enlightenment much appreciated

Are you still using Postfix? :-)

If yes, you can change -again- the "above-mentioned" ;-) value to:

***
inet_interfaces = 10.20.30.40, localhost
***

And restart Postfix.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-20 20:52:20 UTC
Permalink
Camaleón on 20/01/10 20:06, wrote:
> On Wed, 20 Jan 2010 19:01:16 +0000, Adam Hardy wrote:
>
> Tip: it's better to open a new thread ("new" post instead to "reply") if
> you are changing the theme of the e-mail :-)


Forgot about that!

> Are you still using Postfix? :-)
>
> If yes, you can change -again- the "above-mentioned" ;-) value to:
>
> ***
> inet_interfaces = 10.20.30.40, localhost
> ***
>
> And restart Postfix.

No, I'm not using postfix because the solution I found in the docs which would
have been perfect was

master_service_disable=smtp.inet

but this is only available from v2.6+ and lenny is using 2.5.x and there's
nothing for postfix in backports. I didn't realise there is a way to do it with
inet_interfaces.

Due to psychological trauma at this further set-back (i'm sensitive to this
after midnight) I ditched postfix and decided to try exim.

regards
Adam

PS are you sure about that inet_interfaces setting? I think it would result in
postfix listening on 127.0.0.1, no?


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-20 21:30:46 UTC
Permalink
On Wed, 20 Jan 2010 20:52:20 +0000, Adam Hardy wrote:

> Camaleón on 20/01/10 20:06, wrote:

>> Tip: it's better to open a new thread ("new" post instead to "reply")
>> if you are changing the theme of the e-mail :-)
>
>
> Forgot about that!

No problem, next time ;-)

>> Are you still using Postfix? :-)
>>
>> If yes, you can change -again- the "above-mentioned" ;-) value to:
>>
>> ***
>> inet_interfaces = 10.20.30.40, localhost ***
>>
>> And restart Postfix.
>
> No, I'm not using postfix because the solution I found in the docs which
> would have been perfect was
>
> master_service_disable=smtp.inet

And what is that parameter for? :-?

Let me check:

***
master_service_disable (default: empty)

Selectively disable master(8) listener ports by service type or by
service name and type.

# Turn off only the main SMTP listener port.
master_service_disable = smtp.inet
***

Ah, you wanted to disable "smtp" connections at all? Mmm, I'm still a bit
confused about your goals...

> but this is only available from v2.6+ and lenny is using 2.5.x and
> there's nothing for postfix in backports. I didn't realise there is a
> way to do it with inet_interfaces.
>
> Due to psychological trauma at this further set-back (i'm sensitive to
> this after midnight) I ditched postfix and decided to try exim.

Ouch!

Well, I cannot tell you how can this be achieved with Exim, sorry O:-)

> PS are you sure about that inet_interfaces setting? I think it would
> result in postfix listening on 127.0.0.1, no?

In "both". Look:

***
stt005:~# netstat -an | grep :25
tcp 0 0 192.168.0.5:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

stt005:~# cat /etc/postfix/main.cf | grep inet_interfaces
inet_interfaces = 192.168.0.5, localhost
***

But I dunno if this kind of setup is what you need :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-21 00:01:01 UTC
Permalink
Camaleón on 20/01/10 21:30, wrote:
>>> inet_interfaces = 10.20.30.40, localhost ***
>>>
>>
>> master_service_disable=smtp.inet
>
> And what is that parameter for? :-?
>
> Ah, you wanted to disable "smtp" connections at all? Mmm, I'm still a bit
> confused about your goals...

I would like port 25 to be closed. Surely if I'm not receiving, I don't need to
listen on it? I don't need it to send, do I?



--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Alex Samad
2010-01-21 00:30:26 UTC
Permalink
On Thu, Jan 21, 2010 at 12:01:01AM +0000, Adam Hardy wrote:
> Camaleón on 20/01/10 21:30, wrote:
> >>>inet_interfaces = 10.20.30.40, localhost ***
> >>>
> >>
> >>master_service_disable=smtp.inet
> >
> >And what is that parameter for? :-?
> >
> >Ah, you wanted to disable "smtp" connections at all? Mmm, I'm
> >still a bit confused about your goals...
>
> I would like port 25 to be closed. Surely if I'm not receiving, I
> don't need to listen on it? I don't need it to send, do I?

Have you thought about nullmailer ?

>
>
>

--
The majority of husbands remind me of an orangutang trying to play the violin.
-- Honor'e DeBalzac
Adam Hardy
2010-01-21 00:56:16 UTC
Permalink
Alex Samad on 21/01/10 00:30, wrote:
> On Thu, Jan 21, 2010 at 12:01:01AM +0000, Adam Hardy wrote:
>> Camaleón on 20/01/10 21:30, wrote:
>>>>> inet_interfaces = 10.20.30.40, localhost ***
>>>>>
>>>> master_service_disable=smtp.inet
>>> And what is that parameter for? :-?
>>>
>>> Ah, you wanted to disable "smtp" connections at all? Mmm, I'm
>>> still a bit confused about your goals...
>> I would like port 25 to be closed. Surely if I'm not receiving, I
>> don't need to listen on it? I don't need it to send, do I?
>
> Have you thought about nullmailer ?

I have but my limited investigation of nullmailer led me to believe that I must
put my email account's password into the config of the server to allow it to
pass on the emails it deals with. I'm much happier having only my personal email
address in the system's /etc/aliases file, and in the future I'll probably
change this too.


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Alex Samad
2010-01-21 02:10:11 UTC
Permalink
On Thu, Jan 21, 2010 at 12:56:16AM +0000, Adam Hardy wrote:
> Alex Samad on 21/01/10 00:30, wrote:
> >On Thu, Jan 21, 2010 at 12:01:01AM +0000, Adam Hardy wrote:
> >>Camaleón on 20/01/10 21:30, wrote:
> >>>>>inet_interfaces = 10.20.30.40, localhost ***
> >>>>>
> >>>>master_service_disable=smtp.inet
> >>>And what is that parameter for? :-?
> >>>
> >>>Ah, you wanted to disable "smtp" connections at all? Mmm, I'm
> >>>still a bit confused about your goals...
> >>I would like port 25 to be closed. Surely if I'm not receiving, I
> >>don't need to listen on it? I don't need it to send, do I?
> >
> >Have you thought about nullmailer ?
>
> I have but my limited investigation of nullmailer led me to believe
> that I must put my email account's password into the config of the

? did not thing so, I have used null mailer on system I want to recieve
emails from, just point it to a smtp server and thats all , no
userid/password setup


> server to allow it to pass on the emails it deals with. I'm much
> happier having only my personal email address in the system's
> /etc/aliases file, and in the future I'll probably change this too.
>
>

--
"I'm a patient man. And when I say I'm a patient man, I mean I'm a patient man. Nothing he [Saddam Hussein] has done has convinced me -- I'm confident the Secretary of Defense -- that he is the kind of fellow that is willing to forgo weapons of mass destruction."

- George W. Bush
08/21/2002
Crawford, TX
Adam Hardy
2010-01-21 11:13:41 UTC
Permalink
Alex Samad on 21/01/10 02:10, wrote:
> On Thu, Jan 21, 2010 at 12:56:16AM +0000, Adam Hardy wrote:
>> Alex Samad on 21/01/10 00:30, wrote:
>>> On Thu, Jan 21, 2010 at 12:01:01AM +0000, Adam Hardy wrote:
>>>> Camaleón on 20/01/10 21:30, wrote:
>>>>>>> inet_interfaces = 10.20.30.40, localhost ***
>>>>>>>
>>>>>> master_service_disable=smtp.inet
>>>>> And what is that parameter for? :-?
>>>>>
>>>>> Ah, you wanted to disable "smtp" connections at all? Mmm, I'm
>>>>> still a bit confused about your goals...
>>>> I would like port 25 to be closed. Surely if I'm not receiving, I
>>>> don't need to listen on it? I don't need it to send, do I?
>>> Have you thought about nullmailer ?
>> I have but my limited investigation of nullmailer led me to believe
>> that I must put my email account's password into the config of the
>
> ? did not thing so, I have used null mailer on system I want to recieve
> emails from, just point it to a smtp server and thats all , no
> userid/password setup

Oh. But why would you have to point it to an SMTP server if you aren't logging
on to it? Or is it an open relay smtp server?


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-21 13:33:18 UTC
Permalink
Adam Hardy on 21/01/10 11:13, wrote:
> Alex Samad on 21/01/10 02:10, wrote:
>> On Thu, Jan 21, 2010 at 12:56:16AM +0000, Adam Hardy wrote:
>>> Alex Samad on 21/01/10 00:30, wrote:
>>>> On Thu, Jan 21, 2010 at 12:01:01AM +0000, Adam Hardy wrote:
>>>>> Camaleón on 20/01/10 21:30, wrote:
>>>>>>>> inet_interfaces = 10.20.30.40, localhost ***
>>>>>>>>
>>>>>>> master_service_disable=smtp.inet
>>>>>> And what is that parameter for? :-?
>>>>>>
>>>>>> Ah, you wanted to disable "smtp" connections at all? Mmm, I'm
>>>>>> still a bit confused about your goals...
>>>>> I would like port 25 to be closed. Surely if I'm not receiving, I
>>>>> don't need to listen on it? I don't need it to send, do I?
>>>> Have you thought about nullmailer ?
>>> I have but my limited investigation of nullmailer led me to believe
>>> that I must put my email account's password into the config of the
>>
>> ? did not thing so, I have used null mailer on system I want to recieve
>> emails from, just point it to a smtp server and thats all , no
>> userid/password setup
>
> Oh. But why would you have to point it to an SMTP server if you aren't
> logging on to it? Or is it an open relay smtp server?

Just installed nullmailer. It wants me to keep my email account username and
password in /etc/nullmailer

I guess I could use a public open relay somewhere out there but I don't think
that's a long term solution.


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Alex Samad
2010-01-21 20:56:07 UTC
Permalink
On Thu, Jan 21, 2010 at 11:13:41AM +0000, Adam Hardy wrote:
> Alex Samad on 21/01/10 02:10, wrote:
> >On Thu, Jan 21, 2010 at 12:56:16AM +0000, Adam Hardy wrote:

[snip]

> >
> >? did not thing so, I have used null mailer on system I want to recieve
> >emails from, just point it to a smtp server and thats all , no
> >userid/password setup
>
> Oh. But why would you have to point it to an SMTP server if you
> aren't logging on to it? Or is it an open relay smtp server?

if you want to receive emails from this machine on another machine the
emails have to get there some how ?

as for user name on nullmailer

i have run through a dpkg-reconfigure nullmailer, first thing it asks
me is mailname of my system, then smarthosts, just put in a smtp relay,
doesn't you isp/host provide you with a relay. Then optional where to
send local emails I leave this blank. Then its all done.



>
>

--
"Justice was being delivered to a man who defied that gift from the Almighty to the people of Iraq."

- George W. Bush
12/15/2003
Washington, DC
Camaleón
2010-01-21 12:29:23 UTC
Permalink
On Thu, 21 Jan 2010 00:01:01 +0000, Adam Hardy wrote:

> Camaleón on 20/01/10 21:30, wrote:
>>>> inet_interfaces = 10.20.30.40, localhost ***
>>>>
>>>>
>>> master_service_disable=smtp.inet
>>
>> And what is that parameter for? :-?
>>
>> Ah, you wanted to disable "smtp" connections at all? Mmm, I'm still a
>> bit confused about your goals...
>
> I would like port 25 to be closed. Surely if I'm not receiving, I don't
> need to listen on it? I don't need it to send, do I?

I'm lost :-?

Didn't you say this?

***
It should listen like this (or all hell breaks loose on their server
farm):

tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN
***

So if that remains true, you do need to open port 25 "locally" and bind
Postfix to listen in that IP.

But opening a port "locally" does not mean your SMTP server can be used
from remote, in fact it cannot unless:

a) The router (frame relay, xdsl line...) of your ISP/hosting provider is
actually forwarding the requests to port 25 to your machine (by using NAT
or iptables).

b) You allow Postfix to do that.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-21 13:11:58 UTC
Permalink
Camaleón on 21/01/10 12:29, wrote:
> On Thu, 21 Jan 2010 00:01:01 +0000, Adam Hardy wrote:
>> Camaleón on 20/01/10 21:30, wrote:
>>>>> inet_interfaces = 10.20.30.40, localhost ***
>>>>>
>>>> master_service_disable=smtp.inet
>>> And what is that parameter for? :-?
>>>
>>> Ah, you wanted to disable "smtp" connections at all? Mmm, I'm still a
>>> bit confused about your goals...
>>
>> I would like port 25 to be closed. Surely if I'm not receiving, I don't
>> need to listen on it? I don't need it to send, do I?
>
> I'm lost :-?
>
> Didn't you say this?
>
> ***
> It should listen like this (or all hell breaks loose on their server
> farm):
>
> tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN
> ***
>
> So if that remains true, you do need to open port 25 "locally" and bind
> Postfix to listen in that IP.
>
> But opening a port "locally" does not mean your SMTP server can be used
> from remote, in fact it cannot unless:
>
> a) The router (frame relay, xdsl line...) of your ISP/hosting provider is
> actually forwarding the requests to port 25 to your machine (by using NAT
> or iptables).

Yes I did say I wanted postfix to listen on 10.20.30.40:25 but that was while I
was still trying to work out the basic configuration. Now that I am happy that I
know why postfix is doing something and that it works, I would like to know
whether I can completely close port 25.

One person reckons port 25 has to be open for smtp to send - is that so? I don't
think so, I thought smtp would open some high numbered port temporarily.

Or does smtp pick up the emails to be sent via port 25?

It just bugs me from a security point of view that the whole world can see port
25 open when they look at that machine and some might take it into their heads
to aim their spam canons at it.


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-21 14:19:20 UTC
Permalink
On Thu, 21 Jan 2010 13:11:58 +0000, Adam Hardy wrote:

> Camaleón on 21/01/10 12:29, wrote:

>> Didn't you say this?
>>
>> ***
>> It should listen like this (or all hell breaks loose on their server
>> farm):
>>
>> tcp 0 0 10.20.30.40:25 0.0.0.0:*
>> LISTEN ***
>>
>> So if that remains true, you do need to open port 25 "locally" and bind
>> Postfix to listen in that IP.
>>
>> But opening a port "locally" does not mean your SMTP server can be used
>> from remote, in fact it cannot unless:
>>
>> a) The router (frame relay, xdsl line...) of your ISP/hosting provider
>> is actually forwarding the requests to port 25 to your machine (by
>> using NAT or iptables).
>
> Yes I did say I wanted postfix to listen on 10.20.30.40:25 but that was
> while I was still trying to work out the basic configuration. Now that I
> am happy that I know why postfix is doing something and that it works, I
> would like to know whether I can completely close port 25.

Mmm... okay, let's paint the big picture (please, correct me if I'm
wrong) :-)

- You need to be notified by e-mail (remote account) about crontab tasks.

- You do not need a remote e-mail server neither a local e-mail server.
Only the host running crontab will be allowed to send e-emails from the
MTA (postfix, exim, whatever...)

So you setup crontab variable "MAILTO=***@mydomain.com" or
"MAILTO=localuser".

In every case (being a local or remote user), the mail should follow the
configured path, that is, it will arrive to the MTA you have installed in
the host (say Postix, Exim or any other facility).

Once the e-mail arrives into the MTA, it will be delivered to the e-mail
address you have defined, and you don't need to do anything.

> One person reckons port 25 has to be open for smtp to send - is that so?
> I don't think so, I thought smtp would open some high numbered port
> temporarily.

In fact, in my *desktop* computer, I've got that port open:

***
***@stt008:~$ netstat -an | grep 25
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
***

And I am not running here any mail server: it's just the default desktop
installation, running Exim.

So, yes, the MTA is listening in that port and I cannot find any
objection (security issue) to that. No one can send an e-mail from my
Exim unless it's inside my own computer :-)

> Or does smtp pick up the emails to be sent via port 25?

I think so.

> It just bugs me from a security point of view that the whole world can
> see port 25 open when they look at that machine and some might take it
> into their heads to aim their spam canons at it.

That is quite hard to happen. Only if your own host gets cracked by
someone in first place but in no way your computer can be reached by
"telnetting" remotely through port 25.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-21 14:45:25 UTC
Permalink
I have set up postfix to listen as below using:

inet_interfaces = 10.20.30.40

***@ecocore:~$ netstat -an |grep -i "listen "
tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN ***

I am not allowed to open it on 127.0.0.1 due to my vserver hosting rules.

The point is that I don't want to have port 25 open to the world, since I don't
want to receive any emails on this system, I just want to send.

I can't find a way to get postfix to shut that port.

I also don't want to use nullmailer or other smtp-relayers.

As stated above:
>> It just bugs me from a security point of view that the whole world can
>> see port 25 open when they look at that machine and some might take it
>> into their heads to aim their spam canons at it.

Admittedly they can't do much except flood my inbox for the two users on the
system, but I don't want to give anyone the chance to try anything.

Hopefully this explains my situation unambiguously.

BTW it's postfix v2.5

Regards
Adam
Camaleón
2010-01-21 15:44:39 UTC
Permalink
On Thu, 21 Jan 2010 14:45:25 +0000, Adam Hardy wrote:

> I have set up postfix to listen as below using:
>
> inet_interfaces = 10.20.30.40
>
> ***@ecocore:~$ netstat -an |grep -i "listen " tcp 0 0
> 10.20.30.40:25 0.0.0.0:* LISTEN ***
>
> I am not allowed to open it on 127.0.0.1 due to my vserver hosting
> rules.
>
> The point is that I don't want to have port 25 open to the world, since
> I don't want to receive any emails on this system, I just want to send.

Unless you have a external IP address assigned (dedicated or shared) and
your provider is redirecting incoming smtp traffic to your local address
where you have configured the MTA server, there is no way that someone
can establish a remote connection with your mail server host as it's
using a local (non routable) ip address.

Sorry but I fail to see your concern :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-21 16:04:00 UTC
Permalink
Camaleón on 21/01/10 15:44, wrote:
> On Thu, 21 Jan 2010 14:45:25 +0000, Adam Hardy wrote:
>
>> I have set up postfix to listen as below using:
>>
>> inet_interfaces = 10.20.30.40
>>
>> ***@ecocore:~$ netstat -an |grep -i "listen "
>> tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN ***
>>
>> I am not allowed to open it on 127.0.0.1 due to my vserver hosting
>> rules.
>>
>> The point is that I don't want to have port 25 open to the world, since
>> I don't want to receive any emails on this system, I just want to send.
>
> Unless you have a external IP address assigned (dedicated or shared) and
> your provider is redirecting incoming smtp traffic to your local address
> where you have configured the MTA server, there is no way that someone
> can establish a remote connection with your mail server host as it's
> using a local (non routable) ip address.

But I do have an external IP address assigned (e.g. 10.20.30.40, although it's
different outside the confines of this mailing list discussion) and my hosting
provider does NAT the incoming SMTP traffic to it (as standard for their
firewall) and so yes it is totally routable.

I just did a little test to send messages from thunderbird on my PC here and it
connects and will deliver, if I address the mail to one of the user accounts on
the system.

All I'm saying is that I don't need this, and I'd like to find a way to shut it
down whilst leaving the outbound mail delivery intact.



--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Eduardo M KALINOWSKI
2010-01-21 16:12:36 UTC
Permalink
On Qui, 21 Jan 2010, Adam Hardy wrote:
> All I'm saying is that I don't need this, and I'd like to find a way
> to shut it down whilst leaving the outbound mail delivery intact.

Since you've eliminated listening on the loopback interface only or
using a simple relayer like nullmailer, how about a firewall that
drops all incoming connections to port 25?


--
No anchovies unless otherwise specified.

Eduardo M KALINOWSKI
***@kalinowski.com.br
Adam Hardy
2010-01-21 17:27:06 UTC
Permalink
Eduardo M KALINOWSKI on 21/01/10 16:12, wrote:
> On Qui, 21 Jan 2010, Adam Hardy wrote:
>> All I'm saying is that I don't need this, and I'd like to find a way
>> to shut it down whilst leaving the outbound mail delivery intact.
>
> Since you've eliminated listening on the loopback interface only or
> using a simple relayer like nullmailer, how about a firewall that drops
> all incoming connections to port 25?

Sure, would be nice. But it would be nicer still if I could get postfix to
disable this at the start rather than set up postfix and then set up something
else to disable half of it..... if that makes sense.
Camaleón
2010-01-21 16:27:32 UTC
Permalink
On Thu, 21 Jan 2010 16:04:00 +0000, Adam Hardy wrote:

> Camaleón on 21/01/10 15:44, wrote:

>>> The point is that I don't want to have port 25 open to the world,
>>> since I don't want to receive any emails on this system, I just want
>>> to send.
>>
>> Unless you have a external IP address assigned (dedicated or shared)
>> and your provider is redirecting incoming smtp traffic to your local
>> address where you have configured the MTA server, there is no way that
>> someone can establish a remote connection with your mail server host as
>> it's using a local (non routable) ip address.
>
> But I do have an external IP address assigned (e.g. 10.20.30.40,
> although it's different outside the confines of this mailing list
> discussion) and my hosting provider does NAT the incoming SMTP traffic
> to it (as standard for their firewall) and so yes it is totally
> routable.

Then ask your provider to close that port because you don't need it and
it's dangerous to have such port opened.

> I just did a little test to send messages from thunderbird on my PC here
> and it connects and will deliver, if I address the mail to one of the
> user accounts on the system.

That is the standard setup for Postfix. But that does not mean your host
is an acting as an "open relay". Anyway, you can also tweak that
behaviour.

> All I'm saying is that I don't need this, and I'd like to find a way to
> shut it down whilst leaving the outbound mail delivery intact.

http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from

Try with one of these values:

mynetworks_style = host

or

mynetworks = 127.0.0.0/8

And remember to restart the Postfix service after editing "/etc/postfix/
main.cf" so changes are applied.

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-21 17:36:41 UTC
Permalink
Camaleón on 21/01/10 16:27, wrote:
>>>> The point is that I don't want to have port 25 open to the world,
>>>> since I don't want to receive any emails on this system, I just want
>>>> to send.
> [snipped]
> That is the standard setup for Postfix. But that does not mean your host
> is an acting as an "open relay". Anyway, you can also tweak that
> behaviour.
>
>> All I'm saying is that I don't need this, and I'd like to find a way to
>> shut it down whilst leaving the outbound mail delivery intact.
>
> mynetworks_style = host
>
> or
>
> mynetworks = 127.0.0.0/8

I am using mynetworks_style already but it doesn't stop SMTP listening on port 25.

I guess this is just a relatively new situation coming with the advent of
vservers that just isn't possible.

I have set smtp_client_restrictions = reject so at least postfix responds to
external SMTP requests with an aggressive sounding "Client host rejected: access
denied" message.



--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-21 20:04:22 UTC
Permalink
On Thu, 21 Jan 2010 17:36:41 +0000, Adam Hardy wrote:

> Camaleón on 21/01/10 16:27, wrote:

>>> All I'm saying is that I don't need this, and I'd like to find a way
>>> to shut it down whilst leaving the outbound mail delivery intact.
>>
>> mynetworks_style = host
>>
>> or
>>
>> mynetworks = 127.0.0.0/8
>
> I am using mynetworks_style already but it doesn't stop SMTP listening
> on port 25.

By setting that value you are not disallowing Postfix to listen to port
25. A mail server has to listen at least in "loopback:25" so it can
receive and process e-mails internally, coming from the host itself.

By setting that value what you are preventing is that "another computer"
can send any e-mails to/through your Postfix mailserver. If any of these
values are set, they will be rejected.

> I guess this is just a relatively new situation coming with the advent
> of vservers that just isn't possible.
>
> I have set smtp_client_restrictions = reject so at least postfix
> responds to external SMTP requests with an aggressive sounding "Client
> host rejected: access denied" message.

That is another approach. You can harden Postfix as much as you want.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-22 00:44:34 UTC
Permalink
Camaleón on 21/01/10 20:04, wrote:
> A mail server has to listen at least in "loopback:25" so it can
> receive and process e-mails internally, coming from the host itself.

Aha. Now we get to the crux of the matter.

Is it a feature of SMTP itself, that it cannot send an email without port 25
because it has to receive the email it is going to send first, even if only
locally as in my case, but nevertheless on port 25?





--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-22 07:29:26 UTC
Permalink
On Fri, 22 Jan 2010 00:44:34 +0000, Adam Hardy wrote:

> Camaleón on 21/01/10 20:04, wrote:
>> A mail server has to listen at least in "loopback:25" so it can receive
>> and process e-mails internally, coming from the host itself.
>
> Aha. Now we get to the crux of the matter.
>
> Is it a feature of SMTP itself, that it cannot send an email without
> port 25 because it has to receive the email it is going to send first,
> even if only locally as in my case, but nevertheless on port 25?

I'm not sure you can change that (at least for the loopback interface),
but you can try it. Here is the doc to instruct Postfix to listen in
another port:

***
16. How can I get Postfix to listen on a port other than 25?
http://www.seaglass.com/postfix/faq.html#chprt
***

But remember that "obfuscation" is not, my any means, a synonym of
"security" :-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Eduardo M KALINOWSKI
2010-01-22 13:25:52 UTC
Permalink
On Qui, 21 Jan 2010, Adam Hardy wrote:
> Aha. Now we get to the crux of the matter.
>
> Is it a feature of SMTP itself, that it cannot send an email without
> port 25 because it has to receive the email it is going to send
> first, even if only locally as in my case, but nevertheless on port
> 25?

I don't know about postfix, but exim can receive mail via stdin, if
called with some option. Generally there is a link (/usr/lib/sendmail)
that serves that purpose.

But I'm not sure if it will work if exim is not running as a deamon.
You might want to ask the exim mailing list.


--
No house is childproofed unless the little darlings are in straitjackets.

Eduardo M KALINOWSKI
***@kalinowski.com.br
John Hasler
2010-01-22 13:57:35 UTC
Permalink
Eduardo writes:
> ...but exim can receive mail via stdin, if called with some
> option. Generally there is a link (/usr/lib/sendmail) that serves that
> purpose.

> But I'm not sure if it will work if exim is not running as a deamon.

It will.
--
John Hasler
Adam Hardy
2010-01-25 01:15:25 UTC
Permalink
Adam Hardy on 21/01/10 17:36, wrote:
> Camaleón on 21/01/10 16:27, wrote:
>>>>> The point is that I don't want to have port 25 open to the world,
>>>>> since I don't want to receive any emails on this system, I just want
>>>>> to send.
>> [snipped]
>> That is the standard setup for Postfix. But that does not mean your
>> host is an acting as an "open relay". Anyway, you can also tweak that
>> behaviour.
>>> All I'm saying is that I don't need this, and I'd like to find a way to
>>> shut it down whilst leaving the outbound mail delivery intact.
>>
>> mynetworks_style = host
>>
>> or
>> mynetworks = 127.0.0.0/8
>
> I am using mynetworks_style already but it doesn't stop SMTP listening
> on port 25.
>
> I guess this is just a relatively new situation coming with the advent
> of vservers that just isn't possible.
>
> I have set smtp_client_restrictions = reject so at least postfix
> responds to external SMTP requests with an aggressive sounding "Client
> host rejected: access denied" message.

One small problem having postfix listen unnecessarily to the whole world is that
syslog logs all spam merchants attempts to abuse my postfix as an open relay. I
guess I can ignore them but I wish I didn't even get them.


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Stan Hoeppner
2010-01-25 02:08:28 UTC
Permalink
Adam Hardy put forth on 1/24/2010 7:15 PM:
> Adam Hardy on 21/01/10 17:36, wrote:
>> Camaleón on 21/01/10 16:27, wrote:
>>>>>> The point is that I don't want to have port 25 open to the world,
>>>>>> since I don't want to receive any emails on this system, I just want
>>>>>> to send.
>>> [snipped]
>>> That is the standard setup for Postfix. But that does not mean your
>>> host is an acting as an "open relay". Anyway, you can also tweak that
>>> behaviour.
>>>> All I'm saying is that I don't need this, and I'd like to find a way to
>>>> shut it down whilst leaving the outbound mail delivery intact.
>>>
>>> mynetworks_style = host
>>>
>>> or
>>> mynetworks = 127.0.0.0/8
>>
>> I am using mynetworks_style already but it doesn't stop SMTP listening
>> on port 25.
>>
>> I guess this is just a relatively new situation coming with the advent
>> of vservers that just isn't possible.
>>
>> I have set smtp_client_restrictions = reject so at least postfix
>> responds to external SMTP requests with an aggressive sounding "Client
>> host rejected: access denied" message.
>
> One small problem having postfix listen unnecessarily to the whole world
> is that syslog logs all spam merchants attempts to abuse my postfix as
> an open relay. I guess I can ignore them but I wish I didn't even get them.

Sorry I missed this thread earlier. Open /etc/postfix/master.cf and comment out
the following line with a leading #:

smtp inet n - - - - smtpd

Save the file, then execute /etc/init.d/postfix restart

You are now no longer listening for smtp connections on TCP 25, but can still
send mail generated on the local machine out through the Postfix smtp client
using the Postfix sendmail command.

If you need to be able to relay email from internal clients outbound to the net,
uncomment the following line in /etc/postfix/master.cf to enable the secure
smtpd submission listener on TCP 587:

#587 inet n - n - - smtpd -o
smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

Again, execute /etc/init.d/postfix restart to enable the listener daemon.
Configure the client MUA as you would a home PC with ISP mail. Tell it to
submit to TCP 587 on the server's IP address, enter a proper local username and
password. Your Postfix should now be relaying submission mail outbound to the
world whilst not listening on the standard smtp port, TCP 25.

Let me know if you need further assistance.

--
Stan


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Adam Hardy
2010-01-25 23:53:26 UTC
Permalink
Stan Hoeppner on 25/01/10 02:08, wrote:
> Adam Hardy put forth on 1/24/2010 7:15 PM:
>> Adam Hardy on 21/01/10 17:36, wrote:
>>> Camaleón on 21/01/10 16:27, wrote:
>>>>>>> The point is that I don't want to have port 25 open to the world,
>>>>>>> since I don't want to receive any emails on this system, I just want
>>>>>>> to send.
>>>> [snipped]
>>>> That is the standard setup for Postfix. But that does not mean your
>>>> host is an acting as an "open relay". Anyway, you can also tweak that
>>>> behaviour.
>>>>> All I'm saying is that I don't need this, and I'd like to find a way to
>>>>> shut it down whilst leaving the outbound mail delivery intact.
>>>> mynetworks_style = host
>>>>
>>>> or
>>>> mynetworks = 127.0.0.0/8
>>> I am using mynetworks_style already but it doesn't stop SMTP listening
>>> on port 25.
>>>
>>> I guess this is just a relatively new situation coming with the advent
>>> of vservers that just isn't possible.
>>>
>>> I have set smtp_client_restrictions = reject so at least postfix
>>> responds to external SMTP requests with an aggressive sounding "Client
>>> host rejected: access denied" message.
>> One small problem having postfix listen unnecessarily to the whole world
>> is that syslog logs all spam merchants attempts to abuse my postfix as
>> an open relay. I guess I can ignore them but I wish I didn't even get them.
>
> Sorry I missed this thread earlier. Open /etc/postfix/master.cf and comment out
> the following line with a leading #:
>
> smtp inet n - - - - smtpd
>
> Save the file, then execute /etc/init.d/postfix restart
>
> You are now no longer listening for smtp connections on TCP 25, but can still
> send mail generated on the local machine out through the Postfix smtp client
> using the Postfix sendmail command.

Stan,
that was the silver bullet I was looking for. I was v. hesitant about going into
the master.cf and messing anything up, but that change does exactly what I wanted.

Thanks v much
Adam


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Camaleón
2010-01-25 07:39:20 UTC
Permalink
On Mon, 25 Jan 2010 01:15:25 +0000, Adam Hardy wrote:

> One small problem having postfix listen unnecessarily to the whole world
> is that syslog logs all spam merchants attempts to abuse my postfix as
> an open relay. I guess I can ignore them but I wish I didn't even get
> them.

If your provider is not capable to close port "xx" for you, consider
using your own firewall ;-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Liam O'Toole
2010-01-20 20:41:34 UTC
Permalink
On 2010-01-20, Adam Hardy <***@cyberspaceroad.com> wrote:
> I'm installing stuff onto a vserver which I have just got, and according to the
> sysadmin at the hosting provider, due to their set-up, I can't configure exim to
> listen on 127.0.0.1, I have to use the given IP address.
>
> In case that doesn't make sense, I mean that I am not supposed to get this
> netstat output:
>
> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
>
>
> It should listen like this (or all hell breaks loose on their server farm):
>
> tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN
>
> where 10.20.30.40 is the static IP I've been given (which is then NAT'd by the
> hosting provider to something else).
>
> My vserver set-up has very simple requirements - I just want the system to send
> out emails generated on the system locally, e.g. piping command output to mailx
>
> Any enlightenment much appreciated
>
> Adam
>
>

Try running (as root) 'dpkg-reconfigure exim4-config' and follow the
prompts. An explanation of the various options is given in Section 2 of
the file /usr/share/doc/exim4-base/README.Debian.html.

Or, as others have suggested, you might be better off with a simpler MTA
such as esmtp.

Liam

--
Liam O'Toole
Birmingham, United Kingdom
Adam Hardy
2010-01-20 20:59:15 UTC
Permalink
Liam O'Toole on 20/01/10 20:41, wrote:
> On 2010-01-20, Adam Hardy <***@cyberspaceroad.com> wrote:
>> I'm installing stuff onto a vserver which I have just got, and according to the
>> sysadmin at the hosting provider, due to their set-up, I can't configure exim to
>> listen on 127.0.0.1, I have to use the given IP address.
>>
>> In case that doesn't make sense, I mean that I am not supposed to get this
>> netstat output:
>>
>> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
>>
>>
>> It should listen like this (or all hell breaks loose on their server farm):
>>
>> tcp 0 0 10.20.30.40:25 0.0.0.0:* LISTEN
>>
>> where 10.20.30.40 is the static IP I've been given (which is then NAT'd by the
>> hosting provider to something else).
>>
>> My vserver set-up has very simple requirements - I just want the system to send
>> out emails generated on the system locally, e.g. piping command output to mailx
>>
>
> Try running (as root) 'dpkg-reconfigure exim4-config' and follow the
> prompts. An explanation of the various options is given in Section 2 of
> the file /usr/share/doc/exim4-base/README.Debian.html.

I did that to begin with, since I had to install exim myself anyway. The option
to be an "internet server; mail is sent and received using SMTP" is the closest,
but as above, I don't want to receive.

I can't figure out how to get there from here though.

Adam
Boyd Stephen Smith Jr.
2010-01-20 21:23:21 UTC
Permalink
On Wednesday 20 January 2010 14:59:15 Adam Hardy wrote:
> Liam O'Toole on 20/01/10 20:41, wrote:
> > On 2010-01-20, Adam Hardy <***@cyberspaceroad.com> wrote:
> >> My vserver set-up has very simple requirements - I just want the system
> >> to send out emails generated on the system locally, e.g. piping command
> >> output to mailx
> >
> > Try running (as root) 'dpkg-reconfigure exim4-config' and follow the
> > prompts. An explanation of the various options is given in Section 2 of
> > the file /usr/share/doc/exim4-base/README.Debian.html.
>
> I did that to begin with, since I had to install exim myself anyway. The
> option to be an "internet server; mail is sent and received using SMTP" is
> the closest, but as above, I don't want to receive.

Use that setting. There will be a later question that asks you what
interfaces (or was it IPs?) that you want to listen on. Don't specify your
public interface (only lo) and you won't be receiving any mail.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
***@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
Adam Hardy
2010-01-20 23:58:35 UTC
Permalink
Boyd Stephen Smith Jr. on 20/01/10 21:23, wrote:
> On Wednesday 20 January 2010 14:59:15 Adam Hardy wrote:
>> Liam O'Toole on 20/01/10 20:41, wrote:
>>> On 2010-01-20, Adam Hardy <***@cyberspaceroad.com> wrote:
>>>> My vserver set-up has very simple requirements - I just want the system
>>>> to send out emails generated on the system locally, e.g. piping command
>>>> output to mailx
>>> Try running (as root) 'dpkg-reconfigure exim4-config' and follow the
>>> prompts. An explanation of the various options is given in Section 2 of
>>> the file /usr/share/doc/exim4-base/README.Debian.html.
>> I did that to begin with, since I had to install exim myself anyway. The
>> option to be an "internet server; mail is sent and received using SMTP" is
>> the closest, but as above, I don't want to receive.
>
> Use that setting. There will be a later question that asks you what
> interfaces (or was it IPs?) that you want to listen on. Don't specify your
> public interface (only lo) and you won't be receiving any mail.

Not allowed to do that - apparently it would foobar the local network where the
host server of my vserver sits. I've got to use the public IP address if I
configure this, but I'd feel happier if I didn't have to listen on port 25 at
all. I don't want any incoming mail - I just want to send.

Adam
Tom Furie
2010-01-21 02:50:47 UTC
Permalink
On Wed, Jan 20, 2010 at 11:58:35PM +0000, Adam Hardy wrote:
> Not allowed to do that - apparently it would foobar the local network
> where the host server of my vserver sits. I've got to use the public IP
> address if I configure this, but I'd feel happier if I didn't have to
> listen on port 25 at all. I don't want any incoming mail - I just want to
> send.

Then there is no need to be setting up a full-blown MTA. You really
should be looking at something along the lines of nullmailer or ssmtp.

Cheers,
Tom

--
Seeing is deceiving. It's eating that's believing.
-- James Thurber
Joe
2010-01-21 10:42:32 UTC
Permalink
Adam Hardy wrote:
> Boyd Stephen Smith Jr. on 20/01/10 21:23, wrote:
>> On Wednesday 20 January 2010 14:59:15 Adam Hardy wrote:
>>> Liam O'Toole on 20/01/10 20:41, wrote:
>>>> On 2010-01-20, Adam Hardy <***@cyberspaceroad.com> wrote:
>>>>> My vserver set-up has very simple requirements - I just want the
>>>>> system
>>>>> to send out emails generated on the system locally, e.g. piping
>>>>> command
>>>>> output to mailx
>>>> Try running (as root) 'dpkg-reconfigure exim4-config' and follow the
>>>> prompts. An explanation of the various options is given in Section 2 of
>>>> the file /usr/share/doc/exim4-base/README.Debian.html.
>>> I did that to begin with, since I had to install exim myself anyway. The
>>> option to be an "internet server; mail is sent and received using
>>> SMTP" is
>>> the closest, but as above, I don't want to receive.
>>
>> Use that setting. There will be a later question that asks you what
>> interfaces (or was it IPs?) that you want to listen on. Don't specify
>> your public interface (only lo) and you won't be receiving any mail.
>
> Not allowed to do that - apparently it would foobar the local network
> where the host server of my vserver sits. I've got to use the public IP
> address if I configure this, but I'd feel happier if I didn't have to
> listen on port 25 at all. I don't want any incoming mail - I just want
> to send.
>
I think what you're asking is whether the exim4 local interfaces setting
can be set to nothing. I don't think it can, if you leave it out
completely, exim4 will listen on all interfaces, but it doesn't really
matter. What you need to do is the exact opposite, and set the local IP
address here and not 127.0.0.1.

If you have iptables running, you can add a rule to block incoming
packets to port 25, which will definitely prevent any mail coming in. If
you want to get a bit fancier, you ought to be able to add an extra,
unrelated IP address to your virtual NIC, and have exim4 listen to that,
which should guarantee silence.

Exim4 will use port 25 as a source port when sending, but that is
independent of the local interface setting.

--
Joe
Adam Hardy
2010-01-21 13:01:03 UTC
Permalink
Joe on 21/01/10 10:42, wrote:
> Exim4 will use port 25 as a source port when sending, but that is
> independent of the local interface setting.

Really? I thought applications just opened random high-numbered ports for
outbound traffic.
Andrei Popescu
2010-01-21 17:54:19 UTC
Permalink
On Wed,20.Jan.10, 23:58:35, Adam Hardy wrote:

> Not allowed to do that - apparently it would foobar the local
> network where the host server of my vserver sits. I've got to use
> the public IP address if I configure this, but I'd feel happier if I
> didn't have to listen on port 25 at all. I don't want any incoming
> mail - I just want to send.

Unless I'm terribly mistaken (please point me to respective
documentation, because I would want to close that gap) there is no way a
server listening only to 127.0.0.1 is accessible or even seen from
"outside" the same computer. That is the whole point of it!

Maybe your hosting provider only wants to make sure you are not
listening to other *external* IPs?

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Adam Hardy
2010-01-21 18:19:46 UTC
Permalink
Andrei Popescu on 21/01/10 17:54, wrote:
> On Wed,20.Jan.10, 23:58:35, Adam Hardy wrote:
>
>> Not allowed to do that - apparently it would foobar the local
>> network where the host server of my vserver sits. I've got to use
>> the public IP address if I configure this, but I'd feel happier if I
>> didn't have to listen on port 25 at all. I don't want any incoming
>> mail - I just want to send.
>
> Unless I'm terribly mistaken (please point me to respective
> documentation, because I would want to close that gap) there is no way a
> server listening only to 127.0.0.1 is accessible or even seen from
> "outside" the same computer. That is the whole point of it!
>
> Maybe your hosting provider only wants to make sure you are not
> listening to other *external* IPs?

This is a virtual server on a hosting system with many others - and that's what
the sysop said:

>>>>> No - please do not touch those at all, your vserver will stop working if
you do.
>>>>>
>>>>> They are the internal IP address of the vserver. The data centre LAN is
NAT'd.
>>>>>
>>>>> 10.153.118.230 internally equates directly to 205.153.118.230 externally.
>>>>>
>>>>> All services in your vserver *must* be bound to the 10.153.118.230 IP
address.
>>>>>
>>>>> *Very important:*
>>>>> *Never allow anything to bind to localhost or 127.0.0.1.*
>>>>>
Andrei Popescu
2010-01-21 18:38:49 UTC
Permalink
On Thu,21.Jan.10, 18:19:46, Adam Hardy wrote:
>
> This is a virtual server on a hosting system with many others - and
> that's what the sysop said:

[...]

> >>>>> *Very important:*
> >>>>> *Never allow anything to bind to localhost or 127.0.0.1.*
> >>>>>

Sounds pretty strange to me, but I admit I don't know much about
virtualization.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Eduardo M KALINOWSKI
2010-01-21 18:57:10 UTC
Permalink
On Qui, 21 Jan 2010, Adam Hardy wrote:
> This is a virtual server on a hosting system with many others - and
> that's what the sysop said:
>
>>>>>> No - please do not touch those at all, your vserver will stop
>>>>>> working if you do.
>>>>>>
>>>>>> They are the internal IP address of the vserver. The data
>>>>>> centre LAN is NAT'd.
>>>>>>
>>>>>> 10.153.118.230 internally equates directly to 205.153.118.230
>>>>>> externally.
>>>>>>
>>>>>> All services in your vserver *must* be bound to the
>>>>>> 10.153.118.230 IP address.
>>>>>>
>>>>>> *Very important:*
>>>>>> *Never allow anything to bind to localhost or 127.0.0.1.*

A very weird virtualization. I'm no expert in those matters, but this
is the first time I've encountered this.



--
Worst Month of 1981 for Downhill Skiing:
August. The lift lines are the shortest, though.
-- Steve Rubenstein

Eduardo M KALINOWSKI
***@kalinowski.com.br
Boyd Stephen Smith Jr.
2010-01-21 18:49:18 UTC
Permalink
On Wednesday 20 January 2010 17:58:35 Adam Hardy wrote:
> Boyd Stephen Smith Jr. on 20/01/10 21:23, wrote:
> > On Wednesday 20 January 2010 14:59:15 Adam Hardy wrote:
> >> Liam O'Toole on 20/01/10 20:41, wrote:
> >>> On 2010-01-20, Adam Hardy <***@cyberspaceroad.com> wrote:
> >>>> My vserver set-up has very simple requirements - I just want the
> >>>> system to send out emails generated on the system locally, e.g. piping
> >>>> command output to mailx
> >>>
> >>> Try running (as root) 'dpkg-reconfigure exim4-config' and follow the
> >>> prompts.
> >>
> >> I did that to begin with, since I had to install exim myself anyway. The
> >> option to be an "internet server; mail is sent and received using SMTP"
> >> is the closest, but as above, I don't want to receive.
> >
> > Use that setting.
>
> Not allowed to do that - apparently it would foobar the local network where
> the host server of my vserver sits. I've got to use the public IP address
> if I configure this, but I'd feel happier if I didn't have to listen on
> port 25 at all. I don't want any incoming mail - I just want to send.

If you want to send, you'll have to use that setting.

You can then further configure exim4 not to listen, if you so desire. I have
mine listening on 127.0.0.1:25 ONLY. Some programs (not mail/mailx) that send
mail will expect a MTA listening on localhost and use it, so if you don't
listen on 127.0.0.1:25, expect things to break in the future.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
***@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
James Wu
2010-01-18 14:50:42 UTC
Permalink
Assuming you can install new packages, the mail command comes in the
package bsd-mailx. Otherwise, you can try using the Postfix sendmail
command. You'll probably have to read the man page as the flags are
different from mail.

James

-----Original Message-----
From: Adam Hardy [mailto:***@cyberspaceroad.com]
Sent: January 18, 2010 8:32 AM
To: debian-user
Subject: question about sending mail and postfix

This is possibly an exceptionally easy question to answer because I feel
like all the documentation I've read about sending mail and postfix
starts at step 2, and step 1 is just common knowledge that I somehow
failed to pick up.

I have a new server online with lenny that I want to configure to send
all its mail for root to my email address, and that's all. I don't want
it to receive any email or relay or anything else.

I set this up a few years back with postfix and now trying to recreate
this setup, I am running into the problem that the mail command isn't
installed. It obviously doesn't come with postfix and there appears to
be a huge choice of packages that I could choose from in the debian
repositories, but isn't there a default? My guess is that my hosting
service installed such a stripped-down version of lenny that I didn't
get it.

Any enlightenment gratefully received,

Adam


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
***@lists.debian.org
Adam Hardy
2010-01-18 15:01:21 UTC
Permalink
> -----Original Message-----
> From: Adam Hardy [mailto:***@cyberspaceroad.com]
> Sent: January 18, 2010 8:32 AM
> To: debian-user
> Subject: question about sending mail and postfix
>
> This is possibly an exceptionally easy question to answer because I feel
> like all the documentation I've read about sending mail and postfix
> starts at step 2, and step 1 is just common knowledge that I somehow
> failed to pick up.
>
> I have a new server online with lenny that I want to configure to send
> all its mail for root to my email address, and that's all. I don't want
> it to receive any email or relay or anything else.
>
> I set this up a few years back with postfix and now trying to recreate
> this setup, I am running into the problem that the mail command isn't
> installed. It obviously doesn't come with postfix and there appears to
> be a huge choice of packages that I could choose from in the debian
> repositories, but isn't there a default? My guess is that my hosting
> service installed such a stripped-down version of lenny that I didn't
> get it.

James Wu on 18/01/10 14:50, wrote:
> Assuming you can install new packages, the mail command comes in the
> package bsd-mailx. Otherwise, you can try using the Postfix sendmail
> command. You'll probably have to read the man page as the flags are
> different from mail.

Hi James
thanks. Isn't bsd-mailx just a random choice from all of those listed when I
search the repositories?


Adam
James Wu
2010-01-18 15:34:36 UTC
Permalink
There are probably multiple "mail" commands that are with different
packages. The one I mentioned, bsd-mailx, seems to be the standard one
that I've come across. It might be the "default" in some setups although
I'm not sure about that.

James

-----Original Message-----
From: Adam Hardy [mailto:***@cyberspaceroad.com]
Sent: January 18, 2010 10:01 AM
To: debian-***@lists.debian.org
Cc: debian-user
Subject: Re: question about sending mail and postfix

> -----Original Message-----
> From: Adam Hardy [mailto:***@cyberspaceroad.com]
> Sent: January 18, 2010 8:32 AM
> To: debian-user
> Subject: question about sending mail and postfix
>
> This is possibly an exceptionally easy question to answer because I
> feel like all the documentation I've read about sending mail and
> postfix starts at step 2, and step 1 is just common knowledge that I
> somehow failed to pick up.
>
> I have a new server online with lenny that I want to configure to send

> all its mail for root to my email address, and that's all. I don't
> want it to receive any email or relay or anything else.
>
> I set this up a few years back with postfix and now trying to recreate

> this setup, I am running into the problem that the mail command isn't
> installed. It obviously doesn't come with postfix and there appears to

> be a huge choice of packages that I could choose from in the debian
> repositories, but isn't there a default? My guess is that my hosting
> service installed such a stripped-down version of lenny that I didn't
> get it.

James Wu on 18/01/10 14:50, wrote:
> Assuming you can install new packages, the mail command comes in the
> package bsd-mailx. Otherwise, you can try using the Postfix sendmail
> command. You'll probably have to read the man page as the flags are >
different from mail.

Hi James
thanks. Isn't bsd-mailx just a random choice from all of those listed
when I search the repositories?


Adam


--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
***@lists.debian.org
Paul E Condon
2010-01-19 06:14:36 UTC
Permalink
On 20100118_133220, Adam Hardy wrote:
> This is possibly an exceptionally easy question to answer because I
> feel like all the documentation I've read about sending mail and
> postfix starts at step 2, and step 1 is just common knowledge that I
> somehow failed to pick up.
>
> I have a new server online with lenny that I want to configure to
> send all its mail for root to my email address, and that's all. I
> don't want it to receive any email or relay or anything else.
>
> I set this up a few years back with postfix and now trying to
> recreate this setup, I am running into the problem that the mail
> command isn't installed. It obviously doesn't come with postfix and
> there appears to be a huge choice of packages that I could choose
> from in the debian repositories, but isn't there a default? My guess
> is that my hosting service installed such a stripped-down version of
> lenny that I didn't get it.
>
> Any enlightenment gratefully received,
>
> Adam

Lenny netinstall puts exim4 on the computer as part of the base
system. Why are you trying to get postfix working? You should have
exim4 from your first boot of Lenny. Did you try exim4 and find it
wanting? Reason?

Configuring exim4 to send local mail to an external 'smarthost' is a
bit of a trick, especially if the smarthost demands password
authentication. And even that is explained in some detail in the exim4
package docs. Are you sure you *don't* have exim4 installed, but
unconfigured?

--
Paul E Condon
***@mesanetworks.net
Adam Hardy
2010-01-19 10:54:57 UTC
Permalink
Paul E Condon on 19/01/10 06:14, wrote:
> On 20100118_133220, Adam Hardy wrote:
>> This is possibly an exceptionally easy question to answer because I
>> feel like all the documentation I've read about sending mail and
>> postfix starts at step 2, and step 1 is just common knowledge that I
>> somehow failed to pick up.
>>
>> I have a new server online with lenny that I want to configure to
>> send all its mail for root to my email address, and that's all. I
>> don't want it to receive any email or relay or anything else.
>>
>> I set this up a few years back with postfix and now trying to
>> recreate this setup, I am running into the problem that the mail
>> command isn't installed. It obviously doesn't come with postfix and
>> there appears to be a huge choice of packages that I could choose
>> from in the debian repositories, but isn't there a default? My guess
>> is that my hosting service installed such a stripped-down version of
>> lenny that I didn't get it.
>>
>> Any enlightenment gratefully received,
>>
>> Adam
>
> Lenny netinstall puts exim4 on the computer as part of the base
> system. Why are you trying to get postfix working? You should have
> exim4 from your first boot of Lenny. Did you try exim4 and find it
> wanting? Reason?
>
> Configuring exim4 to send local mail to an external 'smarthost' is a
> bit of a trick, especially if the smarthost demands password
> authentication. And even that is explained in some detail in the exim4
> package docs. Are you sure you *don't* have exim4 installed, but
> unconfigured?

I'm configuring a new vserver online with a hosting provider, and they installed
the bare minimum lenny with ssh, and that obviously didn't include exim. I have
no experience with exim, and although I had only very little experience with
postfix, I did have some before I started and now I've got several hours of
mucking around with postfix as investment in it.

I may have to move exim anyway if I can't sort postfix out, but it looks like
I'm making progress.
Boyd Stephen Smith Jr.
2010-01-19 17:53:30 UTC
Permalink
On Tuesday 19 January 2010 04:54:57 Adam Hardy wrote:
> Paul E Condon on 19/01/10 06:14, wrote:
> > On 20100118_133220, Adam Hardy wrote:
> >> I have a new server online with lenny that I want to configure to
> >> send all its mail for root to my email address, and that's all. I
> >> don't want it to receive any email or relay or anything else.
> >>
> >> I am running into the problem that the mail
> >> command isn't installed. It obviously doesn't come with postfix and
> >> there appears to be a huge choice of packages that I could choose
> >> from in the debian repositories, but isn't there a default?

I don't think the end-user mail command is installed by default. A fairly
stripped-down Lenny would still include a sendmail work-alike, usually exim4-
daemon-light.

On my system, I am getting the mail command from the bsd-mailx package:
***@rei:/etc/alternatives% ls -l $(which mail)
lrwxrwxrwx 1 root root 22 2009-02-15 17:41 /usr/bin/mail ->
/etc/alternatives/mail
***@rei:/etc/alternatives% ls -l /etc/alternatives/mail
lrwxrwxrwx 1 root root 18 2009-02-15 17:41 /etc/alternatives/mail ->
/usr/bin/bsd-mailx
***@rei:/etc/alternatives% ls -l /usr/bin/bsd-mailx
-rwxr-xr-x 1 root root 91192 2008-04-27 12:20 /usr/bin/bsd-mailx
***@rei:/etc/alternatives% dpkg -S /usr/bin/bsd-mailx
bsd-mailx: /usr/bin/bsd-mailx

The "mail" utility has been marked as "LEGACY" in the UNIX standards for over
a decade. The documentation of the legacy command indicates that
"Applications should migrate to the mailx utility". IMO, Users should
probably migrate to a better local mail agent, mutt is a start, but you should
look at the packages to provide the "mail-reader" virtual. Also, there's a
"mailx" package in Lenny, but it is also provided by 3 other packages. One of
those is bsd-mailx, but the others might be just as capable.

> > Lenny netinstall puts exim4 on the computer as part of the base
> > system. Why are you trying to get postfix working? You should have
> > exim4 from your first boot of Lenny. Did you try exim4 and find it
> > wanting?
>
> I'm configuring a new vserver online with a hosting provider, and they
> installed the bare minimum lenny with ssh, and that obviously didn't
> include exim.

Are you *sure*? It's hard to get a Debian installation going without some
package that provides the virtual "mail-transport-agent", since cron needs it
and cron is Priority: important in Debian. For most packages the default
"mail-transport-agent" is exim4-daemon-light.

> I have no experience with exim, and although I had only very
> little experience with postfix, I did have some before I started and now
> I've got several hours of mucking around with postfix as investment in it.

As both have similar security records and feature lists, you should probably
use postfix anyway. Experience and patience counts for a lot in mail server
configuration.

Postfix is usually only one command away from being installed: (aptitude
install postfix). Since postfix Conflicts with mail-transport-agent other
packages that provide that virtual (e.g. exim) would be uninstalled.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
***@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
Adam Hardy
2010-01-19 19:34:21 UTC
Permalink
Boyd Stephen Smith Jr. on 19/01/10 17:53, wrote:
> On Tuesday 19 January 2010 04:54:57 Adam Hardy wrote:
>> Paul E Condon on 19/01/10 06:14, wrote:
>>> On 20100118_133220, Adam Hardy wrote:
>>>> I have a new server online with lenny that I want to configure to
>>>> send all its mail for root to my email address, and that's all. I
>>>> don't want it to receive any email or relay or anything else.
>>>>
>>>> I am running into the problem that the mail
>>>> command isn't installed. It obviously doesn't come with postfix and
>>>> there appears to be a huge choice of packages that I could choose
>>>> from in the debian repositories, but isn't there a default?
>
> I don't think the end-user mail command is installed by default. A fairly
> stripped-down Lenny would still include a sendmail work-alike, usually exim4-
> daemon-light.
>
> On my system, I am getting the mail command from the bsd-mailx package:
> ***@rei:/etc/alternatives% ls -l $(which mail)
> lrwxrwxrwx 1 root root 22 2009-02-15 17:41 /usr/bin/mail ->
> /etc/alternatives/mail
> ***@rei:/etc/alternatives% ls -l /etc/alternatives/mail
> lrwxrwxrwx 1 root root 18 2009-02-15 17:41 /etc/alternatives/mail ->
> /usr/bin/bsd-mailx
> ***@rei:/etc/alternatives% ls -l /usr/bin/bsd-mailx
> -rwxr-xr-x 1 root root 91192 2008-04-27 12:20 /usr/bin/bsd-mailx
> ***@rei:/etc/alternatives% dpkg -S /usr/bin/bsd-mailx
> bsd-mailx: /usr/bin/bsd-mailx
>
> The "mail" utility has been marked as "LEGACY" in the UNIX standards for over
> a decade. The documentation of the legacy command indicates that
> "Applications should migrate to the mailx utility". IMO, Users should
> probably migrate to a better local mail agent, mutt is a start, but you should
> look at the packages to provide the "mail-reader" virtual. Also, there's a
> "mailx" package in Lenny, but it is also provided by 3 other packages. One of
> those is bsd-mailx, but the others might be just as capable.


In mailutils package, there are both mail and mailx.

Regards
Adam
Loading...