How to configure postfix to use domain.tld instead of host.tld

8 posts / 0 new
Last post
#1 Mon, 11/05/2018 - 06:24
expertpk

How to configure postfix to use domain.tld instead of host.tld

In my setup, I am using postfix for emails, I had configured my Virtualmin to use sender IP for outgoing emails (I follow this tutorial: https://www.virtualmin.com/documentation/email/dependent) Now see the following result. hostname = example.com (IP: 1.1.1.1) (rdns 1.1.1.1 > example.com (this hostname hosting multiple virtual domains on dedicated IP addresses.) virtual domain = domain1.com (IP: 2.2.2.2) (rdns 2.2.2.2 > mail.domain1.com) (set up for dependent address) When I send an email from this virtual domain, email header contains: sent from: example.com. It should contain: sent from: domain1.com

Here is a piece of Header copied from Gmail: Gmail give two different lines. Received: from example.com (mail.domain1.com. [2.2.2.2]) Received: from example.com (unknown [1.1.1.1]) by example.com (Postfix) with ESMTPSA id 98XXXX46BD1 for example@gmail.com; Sat, 3 Nov 2018 18:23:36 +0100 (CET)

In www.mail-tester.com I got this error: Your IP address 2.2.2.2 is associated with the domain mail.domain1.com. Nevertheless, your message appears to be sent from example.com

How should I correct this? Any help will be greatly appreciated.

Mon, 11/05/2018 - 06:31
marcelorp

Can you post your main.cf file here?

Tue, 11/06/2018 - 07:08 (Reply to #2)
expertpk

I had posted my main.cf file. Can you please review it to solve the issue?

Faheem Khan www.expertpk.com

Mon, 11/05/2018 - 07:54
expertpk

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no

appending .domain is the MUA's job.

append_dot_mydomain = no

Uncomment the next line to generate "delayed mail" warnings delay_warning_time = 4h

readme_directory = no

TLS parameters

smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem smtpd_tls_key_file = /etc/postfix/postfix.key.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for information on enabling SSL in the smtp client.

sender_dependent_default_transport_maps = hash:/etc/postfix/dependent smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = expertpk.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, expertpk.com, localhost.com, , localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all virtual_alias_maps = hash:/etc/postfix/virtual sender_bcc_maps = hash:/etc/postfix/bcc mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME home_mailbox = Maildir/ smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031 permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service inet:127.0.0.1:10023 smtp_tls_security_level = dane allow_percent_hack = no smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem smtpd_tls_security_level = may smtpd_tls_mandatory_ciphers = high milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 message_size_limit = 102400000

smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031

Faheem Khan www.expertpk.com

Mon, 11/05/2018 - 14:37
noisemarine

In main.cf, change anything that says expertpk.com to mail.domain1.com and restart postfix.

When postfix is greeting other mail servers it is saying it is expertpk.com, however your dns says it is mail.domain1.com. This raises all kinds of "spammy" flags at the other mailservers. Just set postfix to tell them it is actually mail1.domain1.com. Postfix and the other servers can deal with the fact that you are sending email addressed as from expertpk.com without postfix needing to pretend it is in that domain.

Tue, 11/06/2018 - 07:07 (Reply to #5)
expertpk

@noisemarine I have multiple domains eg mail.domain1.com, mail.domain2.com, mail.domain3.com how can I achieve this for all virtual domains.

Faheem Khan www.expertpk.com

Wed, 11/07/2018 - 04:13 (Reply to #6)
noisemarine

My apologies. I misread your issue.

Does the file /etc/postfix/dependent contain any entries? If so, they should line up with entries in /etc/postfix/master.cf. Is that the case?

ie. "@domain1.com smtp_domain1:" should have an entry in master.cf like "smtp_domain1 unix - - n - - smtp -o smtp_bind_address=2.2.2.2"

Stupid question, but did you restart postfix after making your changes?

Tue, 11/06/2018 - 07:18
marcelorp

I will post my main.cf file to see if that helps you in something...

# /etc/postfix/main.cf
# Author: Marcelo Pavan
# Website: https://icentos.com.br
# Dovecot version: 2.2.35
# Postfix version: 3.2.5

# Default
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.codebr.io
mydomain = codebr.io
inet_interfaces = all
inet_protocols = ipv4
mydestination = mail.codebr.io, web.codebr.io, ftp.codebr.io
unknown_local_recipient_reject_code = 550
mynetworks_style = host
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix32u-3.2.5/samples
readme_directory = /usr/share/doc/postfix32u-3.2.5/README_FILES
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix

# Virtualmin
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
mailbox_size_limit = 0
allow_percent_hack = no
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

# SASL
# https://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
# http://www.postfix.org/SASL_README.html#server_sasl
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination

smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
check_policy_service unix:/var/spool/postfix/postgrey/socket
reject_unauth_destination
reject_invalid_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unauth_pipelining
reject_unauth_destination
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client zen.spamhaus.org
reject_rbl_client b.barracudacentral.org
permit

# SSL
# https://cipherli.st/
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/marcelorp/mail/mail.crt
smtpd_tls_key_file = /etc/marcelorp/mail/mail.key
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

# master.conf
smtpd_reject_unlisted_recipient = no
milter_macro_daemon_name = ORIGINATING

# End


Please, note that I'm using a updated version of postfix and dovecot. If you want to get an newer version I can explain how, but some other users did not recommend to install newer from non-oficial centos repository...and here I'm forcing an SSL connection to my SMTP service.

Another thing...if you can post you main.cf with a code formating to other users can help you and understand more your configuration settings...