I have a webserver that I want to route all outgoing email through my mailinabox server.
I have tried following this post and guide but am getting errors:
discourse .mailinabox.email/t/how-to-send-email-from-miab-using-an-external-smtp-relay/4248
www.linode .com/docs/guides/postfix-smtp-debian7/
I setup my postfix in Satellite mode, created a user on mailinabox and am trying to connect using that.
Using port 25 I am getting “Relay access denied”, using port 587 I am getting “Must issue a STARTTLS command first”.
I am testing using the following command:
echo "body of your email" | mail -s "This is a subject" -a "From:you@example.com" recipient@elsewhere.com
All configuration changes are done on the mailserver postfix side.
Is there something I need to do on the mailinabox side?
Should I be using port 25 or 587?
This seems like a pretty basic thing to setup but it just isnt working for me.
Can someone please assist?
You should be using port 465 with TLS, not STARTTLS on 587 and especially not 25. It sounds like your MIAB might be outdated, it switched away from STARTTLS on 587 a while ago.
Thanks that is really helpful. I am running the latest version of MiaB (v70) and the error I am getting now is: “certificate verification failed” “untrusted issuer”.
I tried following these steps:
If your Mail-in-a-Box is using self-signed certificates, the remote machine will not trust the connection.
Copy /home/user-data/ssl/ssl_certificate.pem from your Mail-in-a-Box to the remote machine.
Add it to the trusted certificates store (distribution specific). On Debian/Ubuntu, move the certificate to /usr/local/share/ca-certificates/ and rename it so its extension is crt. Run sudo update-ca-certificates to add it to the trusted certificate store.
=====================
The MiaB server’s postfix was in fact using a self signed cert, which I copied over and added to the webserver but it still doesnt trust the certificate.
This shouldn’t be related, the mail server’s certificates are being handled directly. Maybe try running management/ssl_certificates.py and see if it errors?
thanks, I was able to locate the command and run it.
it says that all certificates are valid and they were all created and managed by letsencrypt.
I would expect that postfix would recognize any certificates from letsencrypt, is that not necessarily the case?
I supposed I could manually try to add the certificates to the web server postfix unless anyone has any other suggestions.
The letsencrypt certificates are used by the webserver. They do nothing for postfix.
I think a good guide to follow for what you want is this one: Mail-in-a-Box Advanced Configuration Guide (I have never used it, but trying to think with you)
When you try this, what commands are you running on which machine?
There should be absolutely no need to copy, create, install or configure any certificates on the server you want to send the messages from.
All you need to do is install an MTA (e.g. Postfix) in a satellite configuration, which basically means that the MTA acts as an SMTP client and then authenticates via port 587 or 465 to an account/mailbox on MiaB (just like a desktop client would) and then sends the emails through that mailbox/account.
Edit:
The ca-certificates package must of course be installed on the sending server in order for Postfix, or whatever MTA/smtp client you are using to be able to use TLS/SSL when connecting to MiaB.
Also, you might consider using msmtp instead of Postfix, which is lighter and should be easier to configure, although the instructions for Postfix @KiekerJan’s linked to should work as well.
Btw, here’s my cheat sheet, on how to configure msmtp. It’s been a while since I’ve tested it, but maybe it helps, otherwise see the docs in my link above:
# Default values for all accounts
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
syslog LOG_MAIL
# Accounts
account notifications@yourdomain.net
host mail.yourdomain.net
port 587
set_from_header on
from webserver@yourdomain.net
user notifications@yourdomain.net
password Sup3rs3cr3tPa$$w0rd
# Default account
account default: notifications@yourdomain.net
# Include /etc/aliases
aliases /etc/aliases
I tried msmtp but am now getting the following error when trying a test:
sendmail: the server sent an empty reply
sendmail: could not send mail (account default from etc msmtprc)
Can’t send mail: sendmail process failed with error code 76
I am using the following line to test with:
echo “relay test” | mail -s “relay test” testemail @ home net
I was setup a notifications account and was able to easily connect to it using outlook pop.
my mailinabox server definitely doesnt have 587 open. the mail-guide page only shows port 465 and including tls on the instructions. this is what I am seeing when I connect with outlook. when I change outlook to port 587 it wont connect.
is there any way to check which ssl cert is being received and processed during the connection?
could this be an IPv6 issue? I am seeing the connection hang and the MiaB side is showing the IPv6 address of the server I am trying to relay from. is there a way to force the connection as IPv4 or configure MiaB to trust the IPv6 address?
Nov 7 10:46:56 box postfix/submission/smtpd[2540997]: connect from unknown[]