Postfix Force sender=SMTP authenticate username?


(Roomwillow) #1

Hello,

I am going through the motions of setting up FreePBX to send emails properly within our corporate email server, in /etc/postfix/main.cf I’ve defined relayhost = [mail.domain.tld]:587 and at the bottom of the file appended:

smtp_sasl_auth_enable = yes
smtp_sasl_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = 
smtp_tls_security_level = encrypt

note that the final line about tls security level was added by me after I encountered errors relating to the postfix client not sending starttls commands properly, and getting its authentication rejected by the mail server.

After allowing the server to settle for a little while, and deal with its backlog of mail sitting in the queue, I checked in my /var/log/maillog file, and noticed many of the following:

Recipient address rejected: Policy rejection due to null sender (in reply to RCPT TO command))

which seemed to co-inside with not having a sender line in the error file at all, all the emails seem to be associated with being sent to “noreply@domain.tld”, oddly enough, considering I don’t recall defining anywhere that any type of mail should be being sent to noreply@domain.tld, however, that is the address used for SMTP authentication, and is the address all emails from FreePBX should be originating from.

Doing some further testing, I tried using the email a copy of voicemail function on my extension, I setup my email for the extension, and left myself a voicemail, in my maillog file, I saw the following:

from=<Asterisk-3-#######@hostname>
to=<user.email@domain> ... Recipient address rejected: Sender is not same as SMTP authenticate username (in reply to RCPT TO command))

Note that I’ve omitted some lines from the above pieces for sake of convenient copy, but the concept is all there, its attempting to send from asterisk(numberSequence)@systemHostname, when it should be sending from noreply@domain.tld, I have additionally confirmed in the file /etc/asterisk/voicemail.conf that the changes made in the webGUI to the email config are being reflected properly in this file.

Looking over my configuration, under System Admin > Notifications Settings the following is true:

From Address = noreply@domain.tld
Storage Notifications = it@domain.tld
Intrusion Detection Notifications = it@domain.tld

and under Settings > Voicemail Admin > Setttings > Email Config the option Server Email is set to noreply@domain.tld

At this point, my goal is to have all mail from FreePBX come FROM noreply@domain.tld, I will note that the intrusion detection emails from fail2ban are being sent properly from noreply@domain.tld and being received by it@domain.tld as expected, and as configured, it seems to be that something else in my system is trying to send emails with no sender, to the address listed as should be sender, while voicemail tries to send from its own email address entirely outside of my postfix scope.

Suggestions on how I can rectify this?


(Andrew) #2

You probably need to add entries into your generic file to automatically replace your outbound email address. Edit /etc/postfix/generic and add at the end:

Asterisk-3-######@hostname.tld email@domain.tld

Where the first part is the email address that the mail is coming from as seen in /var/log/maillog and the second part is the email address that you wish the email to come from, and authorized on your SMTP server.

Then you need to add the generic map to your main.cf - so at the end of the file:
smtp_generic_maps = hash:/etc/postfix/generic
Then run
postmap /etc/postfix/generic
systemctl restart postfix


Postfix Relay - Configuration without Auth
(Jared Busch) #3

This is likely what you need. I use a generic one to catch almost everything. just in case.
See this post.
https://community.freepbx.org/t/problems-configuring-freepbx-for-using-external-smtp-server/72069/3


(Andrew) #4

Didn’t realize there was already a post for it. Nice work, @sorvani :grinning: