Univention Corporate Server as (internal and public facing) Mail server

(0 comments)

So I set up my Univention Corporate Server as Mail server (Dovecot, postfix) .. which worked just fine, but a few things to take note of:

1) if you have the internal host name not DNS resolvable publically then you need to set the HELO name used by postfix:

The Error one would see in mail.log would contain this:  Helo command rejected: Host not found (in reply to RCPT TO command)"}]}

# ucr search helo
mail/postfix/postscreen/helo/required: <empty>
 If this option is activated, it is required that a remote SMTP client introduces itself with the HELO or EHLO command
before sending the MAIL command or other commands that require EHLO negotiation (Default: "no").

mail/smtp/helo/name: <empty>
 This variable allows the configuration of the hostname the server used for identification as part of the SMTP protocol
(EHLO/HELO). If the variable is unset, the fully qualified hostname is used.

so we need to change this either in the Web interface under System - Univention Configuration Registry or on the command line

# ucr set mail/smtp/helo/name=<your public facing FQDN here>
Setting mail/smtp/helo/name
Multifile: /etc/postfix/main.cf

and now the mails send just fine - I gave them a push with postqueue -fand they were sent immediately

2) make sure your ISP sets a PTR record for the IP(s) you are sending from otherwise you get these (not so fun) errors:

status=deferred (host ........... said: 421 Refused. You have no reverse DNS entry. See: https://www.domaintechnik.at/mailpolicy#DENIED_RDNS_MISSING (in reply to RCPT TO command))
status=deferred (host ........... refused to talk to me: 550 No reverse dns for IP 93.83.47.170. Help at/Hilfe unter www.mfaq.info)
status=deferred (host ........... refused to talk to me: 451 Reverse DNS lookup failed for host 93.83.47.170 (no-ptr))

after the reverse DNS (PTR) entries are added all my mails were sent as expected.

3) set your mynetworks so that your local machines (including servers) can send without authentification (if you want that that is) the UCR variable is called mail/postfix/mynetworks (refer to point 1 on how to set these)

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

Recent Posts

Archive

2020
2019
2018
2014
2012
2011
2010
2009
2008
2007

Categories

Authors

Feeds

RSS / Atom