plugins icon indicating copy to clipboard operation
plugins copied to clipboard

Published 20 hours ago verified publisher icon opnsense

Postfix as a ms365 smtp-relay

Open XtraLarge opened this issue 3 years ago • 1 comments
trafficstars

Hello,

i'm using office 365 with an own domain. some accounts use exchange and other one's are routed to an internal smtp server (the opnsense postfix)

... but if i check the connector I got from ms365 to the opnsense Postfix the error: Suppress NDR of a rejected or expired DSN

Will the postfix plugin not support DSN check?

My config is:

##########################
# START SYSTEM DEFAULTS
##########################
alias_database = hash:/usr/local/etc/postfix/aliases
alias_maps = hash:/usr/local/etc/postfix/aliases
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
mynetworks_style = host
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
inet_protocols = all
meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix
relay_domains = hash:/usr/local/etc/postfix/transport
transport_maps = hash:/usr/local/etc/postfix/transport
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
sender_bcc_maps = hash:/usr/local/etc/postfix/senderbcc
recipient_bcc_maps = hash:/usr/local/etc/postfix/recipientbcc
sender_canonical_maps = regexp:/usr/local/etc/postfix/sendercanonical
header_checks = pcre:/usr/local/etc/postfix/header_checks_receiving
smtp_header_checks = pcre:/usr/local/etc/postfix/header_checks_delivering
smtp_tls_CAfile = /etc/ssl/cert.pem
##########################
# END SYSTEM DEFAULTS
##########################

myhostname = Gateway.HomeDom.de
mydomain = HomeDom.de
myorigin = HomeDom.de
inet_interfaces = 10.10.0.1, 10.6.0.2
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
smtpd_banner = Hello to my Mail-Gateway
message_size_limit = 512000000

smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_ciphers = medium
smtp_tls_protocols = $smtp_tls_mandatory_protocols
smtp_tls_ciphers = $smtp_tls_mandatory_ciphers
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/cert_opn.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ca_opn.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_dh1024_param_file = /usr/local/opnsense/data/OPNsense/Postfix/dh-parameters.2048.rfc7919
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
smtpd_tls_ciphers = $smtpd_tls_mandatory_ciphers
tls_low_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no

relayhost = mail,providerdom.de

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/smtp_auth
smtp_sasl_security_options =
smtp_sasl_mechanism_filter = !gssapi, !external, static:all


smtpd_milters = unix:/var/run/rspamd/milter.sock
non_smtpd_milters = $smtpd_milters
milter_protocol = 6
milter_default_action = accept

relay_recipient_maps = hash:/usr/local/etc/postfix/recipient_access


smtpd_recipient_restrictions = check_recipient_access hash:/usr/local/etc/postfix/recipient_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unverified_recipient


smtpd_helo_required = yes

syslog_facility = mail
syslog_name = postfix

XtraLarge avatar Oct 03 '22 07:10 XtraLarge

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

OPNsense-bot avatar Oct 03 '22 08:10 OPNsense-bot

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Apr 01 '23 06:04 OPNsense-bot