fetchmail-users

[Fetchmail-users] Relay to Postfix on port 587

[Jerry <je...@se...>]

I need to have fetchmail relay mail to my MTA, Postfix, on port 587. It will
also need to authenticate itself like all of my internal users do, How can I
accomplish this?

This is an example of a typical line in the "fetchmailrc" file.

poll pop.gmail.com with proto POP3 service 995 timeout 30 envelope 'Delivered-To' localdomains MyDomain.net bad-header accept
user 'us...@gm...' there with password 'SECRET' options forcecr dropdelivered smtpname 'us...@My...' ssl sslfingerprint 'BA:21:62:BD:13:ED:4C:5C:BA:3E:82:D5:19:C0:D1:A5'

There are over twenty mailboxes checked. Final delivery is via Postfix to
Dovcote. Dovecote sorts them out using a "sieve" filter.

Thanks!

-- 
Jerry

Re: [Fetchmail-users] Relay to Postfix on port 587

[Matthias A. <mat...@gm...>]

Am 13. Oktober 2014 13:00:27 MESZ, schrieb Jerry <je...@se...>:
>I need to have fetchmail relay mail to my MTA, Postfix, on port 587. It
>will
>also need to authenticate itself like all of my internal users do, How
>can I
>accomplish this?
>
>This is an example of a typical line in the "fetchmailrc" file.
>
>poll pop.gmail.com with proto POP3 service 995 timeout 30 envelope
>'Delivered-To' localdomains MyDomain.net bad-header accept
>user 'us...@gm...' there with password 'SECRET' options forcecr
>dropdelivered smtpname 'us...@My...' ssl sslfingerprint
>'BA:21:62:BD:13:ED:4C:5C:BA:3E:82:D5:19:C0:D1:A5'
>
>There are over twenty mailboxes checked. Final delivery is via Postfix
>to
>Dovcote. Dovecote sorts them out using a "sieve" filter.
>
>Thanks!
>
>-- 
>Jerry
>
>------------------------------------------------------------------------------
>Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
>Reports
>Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>http://p.sf.net/sfu/Zoho
>_______________________________________________
>Fetchmail-users mailing list
>Fet...@li...
>https://lists.sourceforge.net/lists/listinfo/fetchmail-users

Jerry,

I am sorry to say that the code for what you need (TLS on the SMTP side) has not been written yet. 

Best regards, 
Matthias Andree 

Re: [Fetchmail-users] Relay to Postfix on port 587

[Jerry <je...@se...>]

On Mon, 13 Oct 2014 18:55:49 +0200, Matthias Andree stated:

> Am 13. Oktober 2014 13:00:27 MESZ, schrieb Jerry <je...@se...>:
> >I need to have fetchmail relay mail to my MTA, Postfix, on port 587. It
> >will
> >also need to authenticate itself like all of my internal users do, How
> >can I
> >accomplish this?
> >
> >This is an example of a typical line in the "fetchmailrc" file.
> >
> >poll pop.gmail.com with proto POP3 service 995 timeout 30 envelope
> >'Delivered-To' localdomains MyDomain.net bad-header accept
> >user 'us...@gm...' there with password 'SECRET' options forcecr
> >dropdelivered smtpname 'us...@My...' ssl sslfingerprint
> >'BA:21:62:BD:13:ED:4C:5C:BA:3E:82:D5:19:C0:D1:A5'
> >
> >There are over twenty mailboxes checked. Final delivery is via Postfix
> >to
> >Dovcote. Dovecote sorts them out using a "sieve" filter.
> 
> I am sorry to say that the code for what you need (TLS on the SMTP side)
> has not been written yet. 

That is what I thought. I don't suppose that you are planning on writing
that code anytime soon either.

I am using Postfix with Postscreen. Postfix recommends that when using
Postscreen, all local injection of mail be via port 587 to bypass the
screening process.

-- 
Jerry

Re: [Fetchmail-users] Relay to Postfix on port 587

[Matthias A. <mat...@gm...>]

Am 14.10.2014 um 11:02 schrieb Jerry:
> On Mon, 13 Oct 2014 18:55:49 +0200, Matthias Andree stated:
> 
>> Am 13. Oktober 2014 13:00:27 MESZ, schrieb Jerry <je...@se...>:
>>> I need to have fetchmail relay mail to my MTA, Postfix, on port 587. It
>>> will
>>> also need to authenticate itself like all of my internal users do, How
>>> can I
>>> accomplish this?
>>>
>>> This is an example of a typical line in the "fetchmailrc" file.
>>>
>>> poll pop.gmail.com with proto POP3 service 995 timeout 30 envelope
>>> 'Delivered-To' localdomains MyDomain.net bad-header accept
>>> user 'us...@gm...' there with password 'SECRET' options forcecr
>>> dropdelivered smtpname 'us...@My...' ssl sslfingerprint
>>> 'BA:21:62:BD:13:ED:4C:5C:BA:3E:82:D5:19:C0:D1:A5'
>>>
>>> There are over twenty mailboxes checked. Final delivery is via Postfix
>>> to
>>> Dovcote. Dovecote sorts them out using a "sieve" filter.
>>
>> I am sorry to say that the code for what you need (TLS on the SMTP side)
>> has not been written yet. 
> 
> That is what I thought. I don't suppose that you are planning on writing
> that code anytime soon either.

Plans and real life are quite distinct notions.

Fetchmail is a spare-time after-work project that isn't supported by an
organization, if you leave out sf.net hosting services, with practically
no contribution other than my financing the domain and doing the little
work I currently have time for.  (It's not the only FrOSS project I am on.)

I've also gotten used to your expectations more in line with what you
could expect from paid services, so I'll turn a blind eye on that
distraction and move on, to remain on the constructive side of things.

> I am using Postfix with Postscreen. Postfix recommends that when using
> Postscreen, all local injection of mail be via port 587 to bypass the
> screening process.

Then it is in your power to do something about your implementation.  You
can, for instance, use a separate port on Postfix that is configured
similarly to port 587, but that does not require TLS nor authentication,
and that only listens on the loopback interface.

It's more or less a copy of the port 587 service in Postfix's master.cf
with a few lines stripped out or tweaked.

Re: [Fetchmail-users] Relay to Postfix on port 587

[jdebert <jd...@ga...>]

On Mon, 13 Oct 2014 07:00:27 -0400
Jerry <je...@se...> wrote:

> I need to have fetchmail relay mail to my MTA, Postfix, on port 587.
> It will also need to authenticate itself like all of my internal
> users do, How can I accomplish this?
> 

This seems to be doing things the hard way. Is there something that
makes this better than simply submitting the usual way using port 25?

jd