Backup Notifications - Email SMTP / STARTTLS

[alasdairc]

Hi all,

I have having a few issues with sending emails to a syslog email address I have created. I am getting an Undeliverable email bounceback due to auth being needed.


Recipient address rejected: SMTP AUTH is required for users under this sender domain


Is there any official/recommended way to configure STARTTLS authentication for Proxmox?


Thank you in advance

 

[Dunuin]

Google for postfix as a SMTP relay. What to do heavily depends on the email provider.


For my provider (netcup) it for example looks like this:

nano /etc/postfix/main.cf
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
relayhost = [YOURNETCUPSERVER.netcup.net]:465
smtpd_tls_security_level = may
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes
smtp_tls_wrappermode = yes

nano /etc/postfix/sasl_passwd
[YOURNETCUPSERVER.netcup.net]:465 YOURRELAY@YOURDOMAIN.TLD:PASSWORT

postmap /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

nano /etc/postfix/sender_canonical
/.+@YOURFQDN/ YOURRELAY@OYURDOMAIN.TLD
/.+@YOURDOMAIN.TLD/ YOURRELAY@YOURDOMAIN.TLD

postmap /etc/postfix/sender_canonical
nano /etc/aliases
postmaster: root
webmaster: root
root: WHERE@ITSHOULD.GO

newaliases
service postfix restart

Here sasl is used for authentification. One big problem I had was that the mail provider rejected emails that weren't send from my own valid mail address. My SMTP account was "MyAdresss@email.tld" so the senders email address has to be "MyAdresss@email.tld" too or it will be blocked.
So I needed to tell Proxmox in the options which email address to use as sender address (Datacenter -> Options -> Email from address) so that it matches "MyAdresss@email.tld".

 

[alasdairc]

Google for postfix as a SMTP relay. What to do heavily depends on the email provider.


For my provider (netcup) it for example looks like this:

nano /etc/postfix/main.cf
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
relayhost = [YOURNETCUPSERVER.netcup.net]:465
smtpd_tls_security_level = may
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes
smtp_tls_wrappermode = yes

nano /etc/postfix/sasl_passwd
[YOURNETCUPSERVER.netcup.net]:465 YOURRELAY@YOURDOMAIN.TLD:PASSWORT

postmap /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

nano /etc/postfix/sender_canonical
/.+@YOURFQDN/ YOURRELAY@OYURDOMAIN.TLD
/.+@YOURDOMAIN.TLD/ OYURRELAY@YOURDOMAIN.TLD

postmap /etc/postfix/sender_canonical
nano /etc/aliases
postmaster: root
webmaster: root
root: WHERE@ITSHOULD.GO

newaliases
service postfix restart

Here sasl is used for authentification. One big problem I had was that the mail provider rejected emails that weren't send from my own valid mail address. My SMTP account was "MyAdresss@email.tld" so the senders email address has to be "MyAdresss@email.tld" too or it will be blocked.
So I needed to tell Proxmox in the options which email address to use as sender address (Datacenter -> Options -> Email from address) so that it matches "MyAdresss@email.tld".

I run my own mail server Postfix/Dovecot

Is it just a case of editing the Postfix configs on the Host itself then to get the mail notifications to work? I didn't think about this as an option. I will have a tinker and see what I can do

Is it just an SMTP Relay that I am looking to create on the Host?

 

[Dunuin]

Jup, just a relay.

 

[alasdairc]

Jup, just a relay.

Awesome! Thank you kindly for your advice and information

 

[SInisterPisces]

Just found this while I'm trying to set up notifications via Sendmail in Proxmox Backup Server 3.2-4.

I had a question about this part of your example:

nano /etc/postfix/sender_canonical
/.+@YOURFQDN/ YOURRELAY@OYURDOMAIN.TLD
/.+@YOURDOMAIN.TLD/ YOURRELAY@YOURDOMAIN.TLD

I'm a bit confused by the difference between YOUR FQDN and YOURDOMAIN.TLD.
Aren't they the same for a mail server?

EDIT: I needed to sleep on this, apparently.
my FQDN for the PBS server on my local network is pbs.domain.local. So, adjusting the below...

So, the combined lines in the file tell Postfix:
Convert mail from root@fqdn on the PBS server to mail from yourrelay@yourdomain.com; and then
Convert any mail from any user@yourdomain.com to specific allowed mail@foo.com address.

Is that right?

So, for mail@foo.com, whose SMTP server is smtp.mailprovider.com, it would be:

nano /etc/postfix/sender_canonical
/.+@PBS.DOMAIN.LOCAL/ MAIL@FOO.COM
/.+@FOO.COM/ MAIL@FOO.COM

I think I'm missing something.
I think I've got it. Maybe.

EDIT 2:
I have postfix working. The above configuration did the trick.
However, I did have to install an extra package to enable SASL authentication:

apt-get install libsasl2-modules

Now it's telling me my credentials are incorrect, but at least I can see it hitting the right server.

EDIT 3: Putting the right credentials in and rerunning these commands got it working. The previous test emails sent immediately--which, I suppose, if a neat demonstration of Postfix's queuing ability.

postmap /etc/postfix/sasl_passwd
systemctl restart postfix.service

Thanks again, @Dunuin!