Re: [Bacula-users] bsmtp from within a container

2022-08-05 Thread Justin Case 
Thank you Josh, I got it now.
I had to relax 2 SPAM settings, but didn’t need to ignore authentication for 
local machines.
If someone later on needs details, let me know.
Thanks again!
 J/C

> On 4. Aug 2022, at 16:24, Josh Fisher  wrote:
> 
> 
> On 8/2/22 16:46, Justin Case wrote:
>> The container uses the container ID as hostname. nothing I can do about it 
>> with DNS.
>> I will retire the Synology mail server at somepoint but that is months in 
>> the future.
>> 
>> I disabled authentication for local networks, but still:
>> 504 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified 
>> hostname
> 
> 
> Fix the Synology mail server instead of the container. Look at advanced 
> security rules (Mail Delivery > Security > Advanced) for the 'Reject HELO 
> hostnames without fully qualified domain name (FQDN)' and 'Reject unknown 
> HELO hostnames' rule settings.
> 
> 
>> 
>>> On 2. Aug 2022, at 22:29, dmitri maziuk  wrote:
>>> 
>>> On 2022-08-02 2:16 PM, Justin Case wrote:
 I run the mailserver put its basically a tightly baked postfix dovecot 
 under Synology DSM UI. So I won’t manually change config files. But 
 “Ignore authorization for LAN connections” sounds reasonable, I have 
 activated that now. Lets see if that helps.
>>> It has to know 172.x is a "LAN" connection... if they don't have a way to 
>>> set $mynetworks, I think you might want to add a raspi to your home lab to 
>>> run a proper postfix instance. ;)
>>> 
 This does, however, not solve the problem that the hostname is not an FQDN 
 and that it cannot be overridden with bsmtp. So I am still 100% away from 
 a working solution :(
>>> It's common enough, half of them get "localhost" from the resolver anyway 
>>> and happily stick it in the mail header. I tend to specify From: addresses 
>>> like "win-acme-on-server-X@mydomain" to know where it came from -- and if 
>>> anyone decides to reply, they can keep the bounce.
>>> 
>>> As far as mail delivery goes, FQDN is not needed for anything. It's only 
>>> there for that UCE check which should be disabled for "LAN connections".
>>> 
>>> PS. if bsmtp gets its hostname from the resolver, you might be able to fool 
>>> it by setting up a nameserver for docker ips. Or maybe get names from 
>>> docker network -- but I never looked into that.
>>> 
>>> Dima
>>> 
>>> 
>>> ___
>>> Bacula-users mailing list
>>> Bacula-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>> 
>> 
>> ___
>> Bacula-users mailing list
>> Bacula-users@lists.sourceforge.net 
>> 
>> https://lists.sourceforge.net/lists/listinfo/bacula-users 
>> 
> 
> 
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/bacula-users 
> 
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-04 Thread Josh Fisher 


On 8/2/22 16:46, Justin Case wrote:

The container uses the container ID as hostname. nothing I can do about it with 
DNS.
I will retire the Synology mail server at somepoint but that is months in the 
future.

I disabled authentication for local networks, but still:
504 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified hostname



Fix the Synology mail server instead of the container. Look at advanced 
security rules (Mail Delivery > Security > Advanced) for the 'Reject 
HELO hostnames without fully qualified domain name (FQDN)' and 'Reject 
unknown HELO hostnames' rule settings.






On 2. Aug 2022, at 22:29, dmitri maziuk  wrote:

On 2022-08-02 2:16 PM, Justin Case wrote:

I run the mailserver put its basically a tightly baked postfix dovecot under 
Synology DSM UI. So I won’t manually change config files. But “Ignore 
authorization for LAN connections” sounds reasonable, I have activated that 
now. Lets see if that helps.

It has to know 172.x is a "LAN" connection... if they don't have a way to set 
$mynetworks, I think you might want to add a raspi to your home lab to run a proper 
postfix instance. ;)


This does, however, not solve the problem that the hostname is not an FQDN and 
that it cannot be overridden with bsmtp. So I am still 100% away from a working 
solution :(

It's common enough, half of them get "localhost" from the resolver anyway and happily 
stick it in the mail header. I tend to specify From: addresses like 
"win-acme-on-server-X@mydomain" to know where it came from -- and if anyone decides to 
reply, they can keep the bounce.

As far as mail delivery goes, FQDN is not needed for anything. It's only there for that 
UCE check which should be disabled for "LAN connections".

PS. if bsmtp gets its hostname from the resolver, you might be able to fool it 
by setting up a nameserver for docker ips. Or maybe get names from docker 
network -- but I never looked into that.

Dima


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread dmitri maziuk 

On 2022-08-02 3:46 PM, Justin Case wrote:

The container uses the container ID as hostname. nothing I can do about it with 
DNS.
I will retire the Synology mail server at somepoint but that is months in the 
future.

I disabled authentication for local networks, but still:
504 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified hostname


Yeah, well, as Phil said elsethread, your Synology has a 
"point-and-drool web management interface ... full of You Can't Do 
That." You probably could configure docker to use your home lab IP range 
-- or even run the container with "host networking" and then its IP 
should be in Synology's "LAN", but... evidently Synology does *not* make 
a usable mailserver and that's your problem.


Dima


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Justin Case 
The container uses the container ID as hostname. nothing I can do about it with 
DNS.
I will retire the Synology mail server at somepoint but that is months in the 
future.

I disabled authentication for local networks, but still:
504 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified hostname

> On 2. Aug 2022, at 22:29, dmitri maziuk  wrote:
> 
> On 2022-08-02 2:16 PM, Justin Case wrote:
>> I run the mailserver put its basically a tightly baked postfix dovecot under 
>> Synology DSM UI. So I won’t manually change config files. But “Ignore 
>> authorization for LAN connections” sounds reasonable, I have activated that 
>> now. Lets see if that helps.
> 
> It has to know 172.x is a "LAN" connection... if they don't have a way to set 
> $mynetworks, I think you might want to add a raspi to your home lab to run a 
> proper postfix instance. ;)
> 
>> This does, however, not solve the problem that the hostname is not an FQDN 
>> and that it cannot be overridden with bsmtp. So I am still 100% away from a 
>> working solution :(
> 
> It's common enough, half of them get "localhost" from the resolver anyway and 
> happily stick it in the mail header. I tend to specify From: addresses like 
> "win-acme-on-server-X@mydomain" to know where it came from -- and if anyone 
> decides to reply, they can keep the bounce.
> 
> As far as mail delivery goes, FQDN is not needed for anything. It's only 
> there for that UCE check which should be disabled for "LAN connections".
> 
> PS. if bsmtp gets its hostname from the resolver, you might be able to fool 
> it by setting up a nameserver for docker ips. Or maybe get names from docker 
> network -- but I never looked into that.
> 
> Dima
> 
> 
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread dmitri maziuk 

On 2022-08-02 2:16 PM, Justin Case wrote:

I run the mailserver put its basically a tightly baked postfix dovecot under 
Synology DSM UI. So I won’t manually change config files. But “Ignore 
authorization for LAN connections” sounds reasonable, I have activated that 
now. Lets see if that helps.


It has to know 172.x is a "LAN" connection... if they don't have a way 
to set $mynetworks, I think you might want to add a raspi to your home 
lab to run a proper postfix instance. ;)



This does, however, not solve the problem that the hostname is not an FQDN and 
that it cannot be overridden with bsmtp. So I am still 100% away from a working 
solution :(


It's common enough, half of them get "localhost" from the resolver 
anyway and happily stick it in the mail header. I tend to specify From: 
addresses like "win-acme-on-server-X@mydomain" to know where it came 
from -- and if anyone decides to reply, they can keep the bounce.


As far as mail delivery goes, FQDN is not needed for anything. It's only 
there for that UCE check which should be disabled for "LAN connections".


PS. if bsmtp gets its hostname from the resolver, you might be able to 
fool it by setting up a nameserver for docker ips. Or maybe get names 
from docker network -- but I never looked into that.


Dima


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Justin Case 
Hi Bill,

the container I use is maintained by another person. I will suggest it.
If I would be using Bacula in a platform maintained by me I already had postfix 
installed...

That container not even has apt…. what can I say.

> On 2. Aug 2022, at 22:05, Bill Arlofski via Bacula-users 
>  wrote:
> 
> On 8/2/22 13:16, Justin Case wrote:
>> I run the mailserver put its basically a tightly baked postfix dovecot under 
>> Synology DSM UI. So I won’t manually change config files. But “Ignore 
>> authorization for LAN connections” sounds reasonable, I have activated that 
>> now. Lets see if that helps.
>> (BTW, bacula-dir and mail server are on different machines. its a home lab, 
>> yes, but its vast ;)
>> This does, however, not solve the problem that the hostname is not an FQDN 
>> and that it cannot be overridden with bsmtp. So I am still 100% away from a 
>> working solution :(
> 
> I always install a postfix MTA on my local Bacula Director, listening on 
> 127.0.0.1, and then from there, I can set all the outbound SMTP relay(s) and 
> any auth that is required.
> 
> Typically, the local postfix is just there on the local Director because 
> bsmtp is a simple, one-shot deal. If it cannot connect to the host to deliver 
> the message for any reason, that email is gone.
> 
> With a local postfix MTA, bsmtp sends the messages to thge local postfix, the 
> messages are locally queued and always delivered. Your case takes this a 
> couple steps further (configuring auth etc) than I usually ever need to go 
> with postfix and Bacula, but it is still what I would recommend trying. :)
> 
> 
> Best regards,
> Bill
> 
> -- 
> Bill Arlofski
> w...@protonmail.com
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Bill Arlofski via Bacula-users 

On 8/2/22 13:16, Justin Case wrote:

I run the mailserver put its basically a tightly baked postfix dovecot under 
Synology DSM UI. So I won’t manually change config files. But “Ignore 
authorization for LAN connections” sounds reasonable, I have activated that 
now. Lets see if that helps.

(BTW, bacula-dir and mail server are on different machines. its a home lab, 
yes, but its vast ;)

This does, however, not solve the problem that the hostname is not an FQDN and 
that it cannot be overridden with bsmtp. So I am still 100% away from a working 
solution :(


I always install a postfix MTA on my local Bacula Director, listening on 127.0.0.1, and then from there, I can set all the 
outbound SMTP relay(s) and any auth that is required.


Typically, the local postfix is just there on the local Director because bsmtp is a simple, one-shot deal. If it cannot 
connect to the host to deliver the message for any reason, that email is gone.


With a local postfix MTA, bsmtp sends the messages to thge local postfix, the messages are locally queued and always 
delivered. Your case takes this a couple steps further (configuring auth etc) than I usually ever need to go with postfix and 
Bacula, but it is still what I would recommend trying. :)



Best regards,
Bill

--
Bill Arlofski
w...@protonmail.com


signature.asc
Description: OpenPGP digital signature
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Justin Case 
I run the mailserver put its basically a tightly baked postfix dovecot under 
Synology DSM UI. So I won’t manually change config files. But “Ignore 
authorization for LAN connections” sounds reasonable, I have activated that 
now. Lets see if that helps.

(BTW, bacula-dir and mail server are on different machines. its a home lab, 
yes, but its vast ;)

This does, however, not solve the problem that the hostname is not an FQDN and 
that it cannot be overridden with bsmtp. So I am still 100% away from a working 
solution :(

> On 1. Aug 2022, at 23:12, dmitri maziuk  wrote:
> 
> On 2022-08-01 3:57 PM, Justin Case wrote:
> 
>> bsmtp: bsmtp.c:124-0 Fatal malformed reply from mailserver.dummy.net: 504 
>> 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified hostname
> 
> Who runs the mailserver? Typically you's set "permit-mynetworks" before 
> "reject-XX-helo-hostname" and add the docker ip ranges to "mynetworks" -- 
> assuming it's postfix.
> 
> Since docker uses private ip ranges, these ips should never appear on "the 
> Internet" side of the mailserver, i.e. it's not opening the relay for 
> everyone: only to docker containers (which could be a problem too dep. on how 
> far they trust their customers).
> 
> $.02
> Dima
> 
> 
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-01 Thread dmitri maziuk 

On 2022-08-01 3:57 PM, Justin Case wrote:


bsmtp: bsmtp.c:124-0 Fatal malformed reply from mailserver.dummy.net: 504 5.5.2 
<3422f1072002>: Helo command rejected: need fully-qualified hostname


Who runs the mailserver? Typically you's set "permit-mynetworks" before 
"reject-XX-helo-hostname" and add the docker ip ranges to "mynetworks" 
-- assuming it's postfix.


Since docker uses private ip ranges, these ips should never appear on 
"the Internet" side of the mailserver, i.e. it's not opening the relay 
for everyone: only to docker containers (which could be a problem too 
dep. on how far they trust their customers).


$.02
Dima


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users