miab is great. But having mail land in spam boxes is a pain, and it’s too hard to setup a ‘clean’ ip and keep it clean. I resorted to using a relayhost so someone else can look after the ip (went with amazon ses).
I then wrote this script to automate the process of adjusting postfix/main.cf settings (and dovecot/dovecot.conf so that sieve messages send too).
I put it in /home/user-data/tools (assuming that directory won’t get wiped in an update) then chmod +x
Now I can run it with $ sudo /home/user-data/tools/relayhost.sh myrelayhost.com myrelayhostPORT relayhostUSER relayhostPWORD
I put a test on the front so that the script won’t run if the relayhost is already set… thinking that might be handy if I want to automatically run the script as a check?
Anyway, here it is for what it’s worth.
#!/bin/bash
# This script will add a relayhost for outgoing emails in MAIB
# the script takes four arguments
# - relay host url
# - port
# - username
# - password
# eg. $ sudo /.../add-relay-host.sh example.com 587 username password
#
# I was using Ubuntu 22.04, mail-in-a-box version 60 and aws ses as relayhost
# https://docs.aws.amazon.com/ses/latest/dg/postfix.html and then I moved back to Ubuntu 18.04 and miab 57 and it works there too.
#
#--------------
#
# check if arguments url:port username password have all been inclued when calling the sript
if [ $# -ne 4 ]; then
echo "this script requires four arguments relayhost.url port username password"
exit 1
fi
# ok... looks like we've got something to work with, so let's go
relayhost=$1
port=$2
username=$3
password=$4
#
# check to see if relay host is ALREADY set? look for existence of 'relayhost=?' ie anything (.*) after the '='
grep -qx 'relayhost = ' /etc/postfix/main.cf
if [ $? -eq 1 ] ; then
#
# relayhost IS set... do you really want to change it? 15seconds to answer, otherwise exit
echo "you've already got a relayhost set"
TMOUT=15 read -r -p "Do you really want to reload? [y/N] " response
response=${response,,}
if [[ "$response" =~ ^(yes|y)$ ]]
#
# if YES (you do want to prceed) then delete a few things, ready to do again below
then echo 'OK... redoing relayhost setup'
# removed the relayhost details in postfix
# clear dovecot
sed -i '/plugin {/d' /etc/dovecot/dovecot.conf
sed -i '/sieve_vacation_send_from_recipient = yes/d' /etc/dovecot/dovecot.conf
sed -i '/} # added/d' /etc/dovecot/dovecot.conf
else echo '....Leaving settings as-is'
# if NO (or timeout) then just exit and don't change anything
exit
fi
fi
# If relayhost is not already set, or if you have chosen to proceed despite the fact it's already set...
# create a password encryption
# but first removed the old one if it's tehre
if test -f "/etc/postfix/sasl_passwd"; then
rm /etc/postfix/sasl_passwd
fi
if test -f "/etc/postfix/sasl_passwd.db"; then
rm /etc/postfix/sasl_passwd.db
fi
# then create the new one
touch /etc/postfix/sasl_passwd
# append your arguments to it
echo "[${relayhost}]:${port} ${username}:${password}" >> /etc/postfix/sasl_passwd
# create a hash database
postmap hash:/etc/postfix/sasl_passwd
# set permissions
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
#
#------------------------------
# **** THIS BIT COULD VARY WITH THE RELAY HOST PROVIDER YOU USE
# append the following to bottom of /etc/postfix/main.cf
# this stuff comes from here https://docs.aws.amazon.com/ses/latest/dg/postfix.html
postconf -e "relayhost = [${relayhost}]:${port}" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes"
#
postconf -e "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
#
#------------------------------
#***** I found that auto-reply/outof-office (ie seive generated) emails did not send with amazon SES unless I added this next bit
# add this to the bottom of dovecot/dovecot.conf, otherwise vacation replies may not work
echo "plugin {" >> /etc/dovecot/dovecot.conf
echo " sieve_vacation_send_from_recipient = yes" >> /etc/dovecot/dovecot.conf
echo " } # added" >> /etc/dovecot/dovecot.conf
#
# restart postfix and dovecot services
systemctl restart dovecot postfix
echo ' all done!'
exit