Discussion:
ping - SEC3
(too old to reply)
Stefan Claas
2024-10-28 17:47:25 UTC
Permalink
Hi sec3,

since you have a mail relay running, I was wondering
how to do that under Debian 12 bookworm with postfix.

I already tried different things, by creating a whitelist
and adding lines to main.cf, but always get Relay access denied.

Any tips and tricks to set this up would be very much appreciated!

P.S. I also was looking for disabling mail/sys logs, but many things
changed in Debian 12.
--
Best regards
Stefan
kosmikdog
2024-10-28 18:32:44 UTC
Permalink
Post by Stefan Claas
Hi sec3,
since you have a mail relay running, I was wondering
how to do that under Debian 12 bookworm with postfix.
I already tried different things, by creating a whitelist
and adding lines to main.cf, but always get Relay access denied.
Any tips and tricks to set this up would be very much appreciated!
P.S. I also was looking for disabling mail/sys logs, but many things
changed in Debian 12.
relayhost = [relay.domain.tld]:587
[relay.domain.tld]:587 defaultuser:defaultpassword
#you'd enable sasl_auth
#and also sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
***@localdomain1 remoteuser:remotepassword
Stefan Claas
2024-10-28 19:15:27 UTC
Permalink
Post by kosmikdog
Post by Stefan Claas
Hi sec3,
since you have a mail relay running, I was wondering
how to do that under Debian 12 bookworm with postfix.
I already tried different things, by creating a whitelist
and adding lines to main.cf, but always get Relay access denied.
Any tips and tricks to set this up would be very much appreciated!
P.S. I also was looking for disabling mail/sys logs, but many things
changed in Debian 12.
relayhost = [relay.domain.tld]:587
[relay.domain.tld]:587 defaultuser:defaultpassword
#you'd enable sasl_auth
#and also sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
Thanks, but i do not use port 587 and also no sasl.
--
Regards
Stefan
SEC3
2024-10-28 18:32:49 UTC
Permalink
Post by Stefan Claas
Hi sec3,
since you have a mail relay running, I was wondering
how to do that under Debian 12 bookworm with postfix.
I already tried different things, by creating a whitelist
and adding lines to main.cf, but always get Relay access denied.
Any tips and tricks to set this up would be very much appreciated!
P.S. I also was looking for disabling mail/sys logs, but many things
changed in Debian 12.
My mailrelay.archiade.net runs under Debian 11. But these Postfix
settings probably will work under Debian 12.

<https://paste.debian.net/plain/1333722>

These settings will definitely give you a functioning mail relay on
ports 587 and 2525. I'm unsure about port 25. Not sure how to get that
working consistently.

As for Debian 12 logging it has gotten rid of rsyslog and instead uses
Systemd logging as the default method. This Web page explains how to
revert back to rsylog which is what you probably are familiar with and
used in the past.

<https://www.going-flying.com/blog/debian-bookworm-journald.html>
--
SEC3

YAMN Help Tutorial - https://www.sec3.net/yamnhelp/
Stefan Claas
2024-10-28 19:17:48 UTC
Permalink
Post by SEC3
Post by Stefan Claas
Hi sec3,
since you have a mail relay running, I was wondering
how to do that under Debian 12 bookworm with postfix.
I already tried different things, by creating a whitelist
and adding lines to main.cf, but always get Relay access denied.
Any tips and tricks to set this up would be very much appreciated!
P.S. I also was looking for disabling mail/sys logs, but many things
changed in Debian 12.
My mailrelay.archiade.net runs under Debian 11. But these Postfix
settings probably will work under Debian 12.
<https://paste.debian.net/plain/1333722>
It does not work for me under Debian 12. I get an unknown error, connction refused.
--
Regards
Stefan
SEC3
2024-10-28 19:32:46 UTC
Permalink
Post by Stefan Claas
Post by SEC3
Post by Stefan Claas
Hi sec3,
since you have a mail relay running, I was wondering
how to do that under Debian 12 bookworm with postfix.
I already tried different things, by creating a whitelist
and adding lines to main.cf, but always get Relay access denied.
Any tips and tricks to set this up would be very much appreciated!
P.S. I also was looking for disabling mail/sys logs, but many things
changed in Debian 12.
My mailrelay.archiade.net runs under Debian 11. But these Postfix
settings probably will work under Debian 12.
<https://paste.debian.net/plain/1333722>
It does not work for me under Debian 12. I get an unknown error, connction refused.
Your firewall is allowing ports 25, 587 and 2525?
I ask because the firewall system is very different in Debian 12 also.
NFTables it's called. I hate it. I use ufw instead.
--
SEC3

YAMN Help Tutorial - https://www.sec3.net/yamnhelp/
Stefan Claas
2024-10-28 19:44:29 UTC
Permalink
Post by SEC3
Post by Stefan Claas
It does not work for me under Debian 12. I get an unknown error, connction refused.
Your firewall is allowing ports 25, 587 and 2525?
I ask because the firewall system is very different in Debian 12 also.
NFTables it's called. I hate it. I use ufw instead.
I opened in the Web Interface port 25 and 2525 and the ports a working.

I guess I have to ask for this issue on the postfix ML tomorrow and
once I get a working solution, under Debian 12, I will report back.
--
Regards
Stefan
Stefan Claas
2024-10-29 14:00:21 UTC
Permalink
Post by Stefan Claas
Post by SEC3
Post by Stefan Claas
It does not work for me under Debian 12. I get an unknown error, connction refused.
Your firewall is allowing ports 25, 587 and 2525?
I ask because the firewall system is very different in Debian 12 also.
NFTables it's called. I hate it. I use ufw instead.
I opened in the Web Interface port 25 and 2525 and the ports a working.
I guess I have to ask for this issue on the postfix ML tomorrow and
once I get a working solution, under Debian 12, I will report back.
In Debian 12 and postfix it is no longer 'check_recipient_access', it
is now 'check_relay_access. This was the reason why it did not work
for me.
--
Regards
Stefan
SEC3
2024-10-29 16:43:05 UTC
Permalink
Post by Stefan Claas
Post by Stefan Claas
Post by SEC3
Post by Stefan Claas
It does not work for me under Debian 12. I get an unknown error, connction refused.
Your firewall is allowing ports 25, 587 and 2525?
I ask because the firewall system is very different in Debian 12 also.
NFTables it's called. I hate it. I use ufw instead.
I opened in the Web Interface port 25 and 2525 and the ports a working.
I guess I have to ask for this issue on the postfix ML tomorrow and
once I get a working solution, under Debian 12, I will report back.
In Debian 12 and postfix it is no longer 'check_recipient_access', it
is now 'check_relay_access. This was the reason why it did not work
for me.
Happy you got it working.
--
SEC3

YAMN Help Tutorial - https://www.sec3.net/yamnhelp/
Stefan Claas
2024-10-29 16:54:51 UTC
Permalink
Post by SEC3
Post by Stefan Claas
Post by Stefan Claas
Post by SEC3
Post by Stefan Claas
It does not work for me under Debian 12. I get an unknown error, connction refused.
Your firewall is allowing ports 25, 587 and 2525?
I ask because the firewall system is very different in Debian 12 also.
NFTables it's called. I hate it. I use ufw instead.
I opened in the Web Interface port 25 and 2525 and the ports a working.
I guess I have to ask for this issue on the postfix ML tomorrow and
once I get a working solution, under Debian 12, I will report back.
In Debian 12 and postfix it is no longer 'check_recipient_access', it
is now 'check_relay_access. This was the reason why it did not work
for me.
Happy you got it working.
Thank you!
--
Regards
Stefan
Onion Courier
2024-10-29 16:53:40 UTC
Permalink
Post by Stefan Claas
Post by Stefan Claas
Post by SEC3
Post by Stefan Claas
It does not work for me under Debian 12. I get an unknown error, connction refused.
Your firewall is allowing ports 25, 587 and 2525?
I ask because the firewall system is very different in Debian 12 also.
NFTables it's called. I hate it. I use ufw instead.
I opened in the Web Interface port 25 and 2525 and the ports a working.
I guess I have to ask for this issue on the postfix ML tomorrow and
once I get a working solution, under Debian 12, I will report back.
In Debian 12 and postfix it is no longer 'check_recipient_access', it
is now 'check_relay_access. This was the reason why it did not work
for me.
Ok. mail relay, for the Onion Courier Network, is up and running.

I had to remove DKIM and now only have SPF, because the last Received:
Header from the Tor Exit nodes made the signature invalid. I hope that
emails will arrive at the whitelisted email domains, which I added,
besides the Remailers, Nyms and m2n Gateways.

Later, maybe tomorrow, I will anounce the Tor Hidden Service URLs for
my mail relay, middleman and guard node, from my Onion Courier Network.
--
Regards
Stefan
Stefan Claas
2024-10-30 20:01:44 UTC
Permalink
Post by Onion Courier
Later, maybe tomorrow, I will anounce the Tor Hidden Service URLs for
my mail relay, middleman and guard node, from my Onion Courier Network.
mailer:

bx6iyuayetnsf4wfn24uuvedghdfb5o44v2lmrrfkbne6fdcolxhfyid.onion:8082 onioncouriermailer

middleman:

yeffqiea4xtcu6woyab6z6bz4oehisfuzgtmk4e277bydq25p7nha7ad.onion:8082 onioncouriermiddleman

guard:

7zo6bqgbbiszemsdevwwlgbw4y3b2wxje3idj3jnsfojfux4xczjnkad.onion:8082 onioncourierguard

pubkey for guard:

-----BEGIN PUBLIC KEY-----
xLE5D8ic+7MyzcApInuLoFhy9eF5umieH1Hufmolzpc=
-----END PUBLIC KEY-----

A short README for known_nodes.txt, example_messages.txt and binaries
for the client will be hopefully uploaded tomorrow.
--
Regards
Stefan
Loading...