Hey all,
I am trying to set up postfix to use an external smtp relay as per this guide: 14.7. Configuration of the mail server — Univention Corporate Server - Manual for users and administrators
I have done everything in there but I keep getting this error:
Mar 15 14:52:35 ucs-6907 postfix/error[23455]: 38EC22A840FC: to=<it@kfkasimir.dk>, relay=none, delay=0.21, delays=0.15/0/0/0.07, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
When I do:
echo "This is the body of the email" | mail -s "This is the subject line" it@kfkasimir.dk
So it looks like it is trying to send trough localhost instead of the provider I have specified…
Please advice?
This is my main.cl
# Warning: This file is auto-generated and might be overwritten by
# univention-config-registry.
# Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
# univention-config-registry ueberschrieben werden.
# Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
#
# /etc/univention/templates/files/etc/postfix/main.cf.d/10_general
# /etc/univention/templates/files/etc/postfix/main.cf.d/30_maps
# /etc/univention/templates/files/etc/postfix/main.cf.d/40_postscreen
# /etc/univention/templates/files/etc/postfix/main.cf.d/50_restrictions
# /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls
# /etc/univention/templates/files/etc/postfix/main.cf.d/80_delivery
# /etc/univention/templates/files/etc/postfix/main.cf.d/99_local
#
# The message_size_limit parameter limits the total size in bytes of
# a message, including envelope information. Default is 10240000
message_size_limit = 10240000
# mailbox_size_limit limits the max. size of local mailboxes. Default is 51200000
mailbox_size_limit = 51200000
# some basic path definitions
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
# some basic mail system settings
myhostname = ucs-6907.kulturforeningenkasimir.dk
# mydomain is unset - The default is to use $myhostname minus the first component.
myorigin = ucs-6907.kulturforeningenkasimir.dk
smtp_helo_name = ucs-6907.kulturforeningenkasimir.dk
append_dot_mydomain = no
compatibility_level = 3
inet_interfaces = 127.0.0.1
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
masquerade_domains = $mydomain
masquerade_exceptions = root
transport_maps = hash:/etc/postfix/transport
relay_domains = $mydestination
# we need to name a smtp relay host to which we forward non-local
# mails. smtp authentication is also possible.
relayhost = mail.kfkasimir.dk
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
disable_vrfy_command = no
# banner
smtputf8_enable = no
# prevent STMP Smuggling CVE-2023-51764 / Bug 56957
local_header_rewrite_clients =
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# postscreen settings
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
postscreen_helo_required = no
postscreen_greet_action = drop
postscreen_greet_ttl = 1d
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_action = ignore
postscreen_blacklist_action = ignore
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
# smtpd_sender_restrictions is not defined since all relevant checks have been moved to
# smtpd_recipient_restrictions (see below) and every mail has to pass smtpd_recipient_restrictions too.
#smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient
# special recipient_restrictions which may be used by smtps/submission services
# (can be configured via UCR: mail/postfix/submission/restrictions/recipient/...)
# submission_recipient_restrictions =
#TLS settings
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols =
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_cert_file = /etc/univention/ssl/ucs-6907.kulturforeningenkasimir.dk/cert.pem
smtpd_tls_key_file = /etc/univention/ssl/ucs-6907.kulturforeningenkasimir.dk/private.key
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
# smtp client
smtp_tls_security_level = may
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
broken_sasl_auth_clients = yes
# tls logging
smtp_tls_loglevel = 0
smtpd_tls_loglevel = 0
# EDH config
smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
# use the Postfix SMTP server's cipher preference order instead of the remote client's cipher preference order.
tls_preempt_cipherlist = yes
# The Postfix SMTP server security grade for ephemeral elliptic-curve Diffie-Hellman (EECDH) key exchange
smtpd_tls_eecdh_grade = strong
# if virus scanning is desired, all mails can be redirected through amavis.
content_filter = smtp-amavis:[127.0.0.1]:10024
# The following section is included from the file /etc/postfix/main.cf.local.
# Please note, that custom options in this file may interfere with the
# standard Postfix configuration of Univention Corporate Server!
relayhost = mail.kfkasimir.dk
default_transport = smtp
# --- end of /etc/postfix/main.cf.local ---
