Hooking Up to Mail
-
@gotwf said in Hooking Up to Mail:
@julian said in Hooking Up to Mail:
@waugh if that toggle is off, then it should automatically fall back to postfix automatically. Is postfix not receiving messages for outgoing mail?
.... When it falls back, does NodeBB submit mail via a pipe or tcp/ip?
It tries to open a TCP port. The port number it tries by default is generally associated with talking to an MSA.
-
@julian said in Hooking Up to Mail:
@waugh if that toggle is off, then it should ... fall back to postfix automatically. Is postfix not receiving messages for outgoing mail?
When I first installed NodeBB and had not even become aware of the settings, and so obviously had not changed them, and I posted a reply that should have generated e-mail, NodeBB complained that it couldn't open a certain port. I have learned that the port number in question is generally used for SMTP to an MSA, message submission agent.
After I installed Postfix, the same thing happened. But I believe I understand why. Postfix out of the box accepts mail from "mail" via a "sendmail" program that Postfix includes for backward compatibility with Sendmail. I believe that "mail" invokes this "sendmail" and pipes the message to it. This succeeds on my system -- I can send and receive e-mail across the Internet, including to gmail and including to the (paid) disposable-email-address provider that I use. But Postfix out of the box does not have its MSA turned on. This is called "submission" in the "master.cf" configuration file. I have since tried turning that on. I think I need to study and change some of the arguments I am not passing to it, but that I see mentioned in an example someone posted. So what is currently happening, with my MSA turned on but not properly configured, is that NodeBB is showing an error message evidently returned by Postfix, to the effect that "localhost." (note the period at the end) is not one of the domains mentioned in my TLS cert (which it isn't, shouldn't be, and can't be). Since NodeBB knows nothing about TLS (does not prompt for any configuration for it), I take this error message as evidence that NodeBB is now talking to Postfix and Postfix is taking the basic syntax but reporting back on a problem that is happening internally to Postfix between its modules on account of my not having configured them correctly yet.
-
@waugh Your atypical config may well be confounding the issue. Mail submission port is 587. Hence why you get "depending" in some of my replies. Or maybe you are doing wrong NodeBB config side. Hard saying since we're not psychic.
Try this NodeBB side:
Replicate the config parameters in my screenshot above excepting changing the port to 587 and see if it works. Note that Connection security should be None. Else if you invoke STARTTLS NodeBB side then of course Postfix will endeavor to oblige (depending on config). Username and Password should not be necessary for local submission. Note that Submission ports typically are configured to require authentication and authorization. But maybe not from locally submitted mail. Depending....
Be the above as it may. Presuming you do get things "working", I suggest you implement a Null Client configuration Postfix side. I've linked the docs for you somewhere up thread. Arrange to receive incoming mail for your nodebb domain elsewhere.
If you must receive email for that domain on boxes managed by you then I suggest spinning up some additional VM's dedicated to that task:
- Primary MX
- Secondary MX
Which you can config to handle initial filtering, blacklist handling and such before forwarding to:
- Local spool for local delivery - Bit of a pain MUA side unless you're accustomed to kickin' it old skool.
- Yet another VM hosting an IMAP Server such as Dovecot.
a. And maybe yet another VM, or two dedicated to SPAM and Antivirus duties. - Forward to third party mailbox provider.
There is some configuration DNS side required for the various options mentioned above. I shall not delve into those at this time, but please do be aware that there are additional moving pieces involved.
Have fun!
-
Some additional comments that may help flesh this thread out a bit more:
@waugh queried:
if I use the SMTP support that is included in NodeBB, can I configure it to send the mail directly to the destination rather than via gmail or another intermediary?
@PitaJ replied:
I don't think SMTP works that way, it requires an intermediary mail server. What you're talking about is exactly what sendmail does my default.
Howsomever: Yes you may, depending on your configuration.
sendmail, the executable, will send mail via a variety of transports in keeping with the postal service mantra of "the mail must get thru".
man sendmail(8) speaketh thusly:
Sendmail sends a message to one or more recipients, routing the message over whatever networks are necessary. Sendmail does internetwork forwarding as necessary to deliver the message to the correct place.
...
..... snip, snip.....
...
With no flags, sendmail reads its standard input up to an end-of-file or a line consisting only of a single dot and sends a copy of the message found there to all of the addresses listed. It determines the network(s) to use based on the syntax and contents of the addresses.If the recipient is not known locally, i.e. a local user/domain, then the server's resolver subsystem should, (once gain, depending on config) return the MX record for the domain at hand and attempt a delivery. Whether or not that MX accepts your mail is another matter, contingent upon their assessment of your server's legitimacy. At minimum you will need matching forward and reverse DNS enteries, and likely an SPF record, for example. Others will automatically put you on their blacklist even if your stuff is squeaky clean and require a near act of god to be removed.
Handling of refused, bounced, etc. mail is, once again, contingent upon configuration. One should ensure their mail queues do not become constipated to the extent undeliverable mail exhausts disk space, thereby effectively creating a DOS.
Hence, something seemingly as simple as mail delivery can pose more than a few sticky wickets and why I suggest following @julian et.al.'s advice up post. Unless you have a clear use case not to. Learning how to do all of this stuff is a legitmate use case. Just be forewarned that you may experience a bit of trial by fire if you are learning the zen of email administration on a production system.
Enjoy!
-
@pitaj said in Hooking Up to Mail:
NodeBB supports using sendmail on Linux to send emails. To do this you just turn off the SMTP transport and make sure no email plugins are enabled.
In my case, I'm fine now, because I found a way to configure Postfix that results in its relaying the outgoing mail. NodeBB is talking SMTP in the submissive aspect of SMTP, and Postfix can understand that aspect if configured to. And I think that's a fine and future-oriented way to work. However, if anyone searching for information comes across this thread, it will not tell them how to get NodeBB to use "sendmail", either when the "sendmail" executable is that of the Sendmail package, or when it is the backward-compatible shim included in the Postfix package. Even though @PitaJ says that an admin of a NodeBB instance can configure it to turn off SMTP transport, I never found a mix of settings of NodeBB that would do that. With every mix I tried, it continued to try to open the submission port. And again, for me, that's fine.
My thanks to everyone who responded.
-
BTW, here is my config of the MSA in Postfix (master.cf) :
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=none -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions= -o smtpd_sasl_auth_enable=no -o smtpd_client_restrictions=permit_mynetworks,reject
When I received Postfix from the package library of the distro I am using, Postfix as packaged had the
submission
logical line commented out. Maybe if I had compiled Postfix from its source as published in its repo (instead of installing the package), thesubmission
line wouldn't have been commented out. But no doubt there were benefits to using the package. I suppose it included some aspects of default configuration appropriate to the rest of the distro, e. g. the method of setting up the auto restart of Postfix when the system is rebooted. Anyway, it all seems to be working for me now. -
@waugh said in Hooking Up to Mail:
@pitaj said in Hooking Up to Mail:
NodeBB supports using sendmail on Linux to send emails. To do this you just turn off the SMTP transport and make sure no email plugins are enabled.
In my case, I'm fine now, because I found a way to configure Postfix that results in its relaying the outgoing mail. NodeBB is talking SMTP in the submissive aspect of SMTP, and Postfix can understand that aspect if configured to. And I think that's a fine and future-oriented way to work. However, if anyone searching for information comes across this thread, it will not tell them how to get NodeBB to use "sendmail", either when the "sendmail" executable is that of the Sendmail package, or when it is the backward-compatible shim included in the Postfix package. Even though @PitaJ says that an admin of a NodeBB instance can configure it to turn off SMTP transport, I never found a mix of settings of NodeBB that would do that. With every mix I tried, it continued to try to open the submission port. And again, for me, that's fine.
My thanks to everyone who responded.
Sendmail is like MySQL, it's become an API. Postfix is "a sendmail" and MariaDB is "a MySQL." People tend to call anything that looks like the app to be the app, but Postfix and MariaDB are used far more than the applications that they mimic.
-
@julian said in Hooking Up to Mail:
Okay, guys, this ? This is why we try to have an arm's length relationship with sendmail.
Seems like managing sendmail/postfix can be an entire undergraduate course SENDMAIL101
It is. Plus no one uses actual Sendmail and hasn't in forever. Postfix started wiping it out twenty years ago when every major platform moved away. Since then, Sendmail has become all but forgotten. Even mentioning it is a little weird as almost on one will ever have it, but everyone has Postfix as its the default in every non-Windows platform in production today. Sendmail was hella complex, Postfix is normally ready to go by default for most purposes. But it depends on how it gets installed, what OS you run, etc.
For most Ubuntu, CentOS or Fedora users you just install it and it works immediately. But then dealing with mail transport in general can be a mess.
-
@waugh said in Hooking Up to Mail:
@julian Do you engage in a more intimate relationship with Haraka?
Niche third party platforms would be far less likely. Postfix is built into nearly all production platforms and configured out of the box for most usages (standard SMTP relay.) His point was that they don't get their hands dirty with any specific email implementation and leave that for the admins, they just send email out on whatever protocol or API is selected and the rest is up to the email admin to configure.