Configuring Linux system mail submission

Peter Lebbing peter at digitalbrains.com
Sun Feb 10 18:07:26 CET 2019 

Hi André,

On 10/02/2019 15:36, André Ockers wrote:
> Following documentation [1], I checked that I have Postfix installed and
> now I'm here [2]

I had feared it would break down at the mail configuration stage :-). I
have mail servers running with a hand-managed config file with Exim 4,
but I know nothing about Postfix. However, for mail submission, I use
nullmailer myself. It can only do mail submission, but is much easier to
manage than a full mail system (in my opinion).

So I don't know if you installed Postfix for this purpose or actually
use it for a real mail server, but if you can switch to nullmailer that
would allow me to easily help you, probably.

Personally, I run nullmailer on all systems that are not running a
full-fledged mail server, and they connect to my edge mail server for
mail submission. You can just use any SMTP-supporting provider for the
latter.

When installing nullmailer on Debian, it will ask you interactively for
entries for files in /etc and /etc/nullmailer. Mine look like this:

/etc/mailname: hostname.digitalbrains.com (the actual fully qualified
domain name of the local host)

/etc/nullmailer/adminaddr: empty file

/etc/nullmailer/defaultdomain: digitalbrains.com

/etc/nullmailer/remotes: mail.digitalbrains.com smtp --port=587 --starttls --user=peter-nullmailer --pass=[...]

That last one is the really important one. It uses the SMTP submission
port, STARTTLS, and in my case a password that has been chosen to not
require quotes. But you can use quotes to just use your provider account
password.

I believe /etc/mailname is primarily used to build the sender address
and build recipient addresses that specify no host, i.e., something like
<peter>. /etc/nullmailer/defaultdomain is used for not fully qualified
hosts, i.e., if I write <peter at butters> it will qualify the hostname
butters with that domain name. It's not that important for this purpose.

There is one more detail to get right. Because this will actually make
the mail originate from the user <peter at hostname.digitalbrains.com> in
this example and a username of peter. This is probably not what you
want, you want <p.lebbing at provider.nl> if you're me. If this is always
what you want when sending mail through the system mailer, you could
make sure the following environment variables are set for this user:

MAILUSER=p.lebbing
MAILHOST=provider.nl

If you're anxious about changing environment variables that have
influence over programs other than nullmailer, you can use
NULLMAILER_USER and NULLMAILER_HOST instead.

But for me, the <peter at hostname.digitalbrains.com> is actually an e-mail
address that will be accepted on the right side of my firewall, and is
used for system messages from, e.g., cron. It is not the address I want
for caff, though. But caff does the right thing already by specifying
the e-mail address you want in ~/.caffrc:

$CONFIG{'email'} = 'p.lebbing at provider.nl';

This will automatically set both the envelope sender and From: to that
address.

One remark: the hostname from /etc/mailname is used to build 
the Message-Id: header. If you'd like to hide that, you could set:

/etc/nullmailer/idhost: provider.nl

I think that mirrors Thunderbird's behaviour, taking a peek in my "Sent"
folder.

You could also arguably just set /etc/mailname to provider.nl and drop
the MAILHOST env variable in the process, but I'd feel slightly anxious
over accidentally building mail addresses of other customers of my
provider as if they were the sender, so I wouldn't do that. Imagine your
webserver started sending mails from <www-data at provider.nl> accidentally
that way, or <cron at provider.nl>... these might annoy your provider. And
it gets worse with a regular user account, let's call her Anna. She
might not control <anna at provider.nl>.

I think that covers it. You can try stuff from the command line to see
what it becomes without actually sending with:

$ nullmailer-inject -nv <test.eml

The first two lines output are the SMTP envelope sender and recipient,
and the rest is the full mail. But while informative it doesn't tell you
how exactly Perl programs like caff are going to behave. I just
disconnected from the network, did tests with caff (I have generated
test keys) and checked the nullmailer queue for the results. Then I
emptied the queue manually (simply delete files in
/var/spool/nullmailer/queue, nullmailer is very
manual-poking-at-stuff-friendly) and reconnected to the network.

Note that there are multiple different roles concerning a mail sender.
If you want to keep things simple, set both the "SMTP envelope sender"
and the From:-header to your real e-mail address and don't include
a Sender:-header. Any other combinations require you to really
understand the e-mail ecosystem, IMHO.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190210/7dee085d/attachment.sig>

More information about the Gnupg-users mailing list