>>>>> "Joachim" == Joachim Lindenberg <postfix-us...@lindenberg.one> writes:
> UCEProtect are gangsters, even the founder admits: > https://uceprotect.wtf/. You don´t want to do anything about it, > except you are located in Europe and can complain to their customers > and authorities violating GDPR. Yup, I wish I could do something about them since they are doing a disservice, but it's charter.net in the US who are really to blame here for blocking my IP by being lazy. This is why I hate the US telecoms market in alot of ways... > -----Ursprüngliche Nachricht----- > Von: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> Im > Auftrag von John Stoffel > Gesendet: Freitag, 2. Dezember 2022 17:37 > An: Postfix users <postfix-users@postfix.org> > Betreff: Send email to one @domain.com via authenticated relay? > Hi all, > I run my own domain @stoffel.org and I'm trying to fix a problem sending > email to @charter.net users, since Spectrum has blocked my Linode's ASN > number completely. My IP passes all the RBL blacklists their first line > support suggested I check, but I find my IP for mail.stoffel.org in the > UCEPROTECT-3 spam list. Nothing I can do about it. Running postfix 3.5.13 > Since I'm also a charter customer for my internet, I've got an email account > with them, so I'd like to just route all email for @charter.net addresses > through their transport. > Everything else should just route naturally to where ever the MX > record points. > My host also has dovecot for local virtual users, with postscreen and > spamassasin setup as well. > I tried setting up /etc/postfix/transport_maps like this: > charter.net [mobile.charter.net]:587 > But it started routing all my outgoing email through them, which isn't going > to work. So I'm missing something here. Do I need to setup a seperate > instance for sending email to @charter.net through an authenticated > connection? > I though about using relay_domains = charter.net, but I certainly don't want > anyone to be able to use my host to try and spam that domain. I really just > want SASL authenticated clients who send email from my stoffel.org domain to > be routed (and possibly have the from: > header re-written and a reply-to: header added) through an authenticated path > into charter.net. > I know this should be possible, just not finding the setting in my personal > mail archive of the list, or in google-foo. > $ postconf -nf > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > append_dot_mydomain = no > biff = no > compatibility_level = 3.5 > disable_vrfy_command = yes > html_directory = /usr/share/doc/postfix/html > inet_interfaces = all > inet_protocols = ipv4 > local_recipient_maps = $virtual_mailbox_maps > message_size_limit = 55000000 > milter_connect_macros = i j {daemon_name} v {if_name} _ > milter_default_action = accept > milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} > milter_protocol = 6 > mydestination = localhost > myhostname = mail.stoffel.org > mynetworks_style = host > myorigin = $myhostname > non_smtpd_milters = inet:127.0.0.1:8891 > postscreen_access_list = permit_mynetworks > postscreen_greet_action = enforce > readme_directory = /usr/share/doc/postfix > recipient_delimiter = + > sender_bcc_maps = hash:/etc/postfix/sender_bcc > smtp_sasl_password_maps = hash /etc/postfix/saslpass > smtp_tls_loglevel = 1 > smtp_tls_security_level = may > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > smtp_tls_wrappermode = yes > smtpd_banner = $myhostname ESMTP $mail_name > smtpd_client_restrictions = permit_mynetworks, reject_rbl_client > zen.spamhaus.org > smtpd_milters = inet:127.0.0.1:8891 > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, check_sender_access > hash:/etc/postfix/local_domains > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /etc/letsencrypt/live/mail.stoffel.org/fullchain.pem > smtpd_tls_key_file = /etc/letsencrypt/live/mail.stoffel.org/privkey.pem > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_database = > btree:${data_directory}/smtpd_scache > smtpd_use_tls = yes > spamass-dovecot_destination_recipient_limit = 1 > transport_maps = hash:/etc/postfix/transport_maps > virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps > virtual_mailbox_domains = stoffel.org play.stoffel.org mail.stoffel.org > virtual_mailbox_maps = sqlite:/etc/postfix/virtual_users.cf > virtual_transport = spamass-dovecot > ===================================================================== > $ postconf -Mf > smtp inet n - n - 1 postscreen > smtpd pass - - n - - smtpd > dnsblog unix - - n - 0 dnsblog > tlsproxy unix - - n - 0 tlsproxy > submission inet n - y - - smtpd > -o syslog_name=postfix/submission > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_sasl_security_options=noanonymous > -o header_checks=regexp:/etc/postfix/header_checks > -o > smtpd_recipient_restrictions=permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unauth_destination > pickup unix n - y 60 1 pickup > cleanup unix n - y - 0 cleanup > qmgr unix n - n 300 1 qmgr > tlsmgr unix - - y 1000? 1 tlsmgr > rewrite unix - - y - - trivial-rewrite > bounce unix - - y - 0 bounce > defer unix - - y - 0 bounce > trace unix - - y - 0 bounce > verify unix - - y - 1 verify > flush unix n - y 1000? 0 flush > proxymap unix - - n - - proxymap > proxywrite unix - - n - 1 proxymap > smtp unix - - y - - smtp > relay unix - - y - - smtp > showq unix n - y - - showq > error unix - - y - - error > retry unix - - y - - error > discard unix - - y - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - y - - lmtp > anvil unix - - y - 1 anvil > scache unix - - y - 1 scache > maildrop unix - n n - - pipe flags=DRhu > user=mail argv=/usr/bin/maildrop -d ${recipient} > bsmtp unix - n n - - pipe flags=Fq. > user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient > scalemail-backend unix - n n - 2 pipe flags=R > user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} > ${user} ${extension} > spamass-dovecot unix - n n - - pipe flags=DRhu > user=mail:mail argv=/usr/bin/spamc -u debian-spamd -e > /usr/lib/dovecot/deliver -a ${recipient} -d ${user}@${domain} > postlog unix-dgram n - n - 1 postlogd