Menu
▾
▴
fetchmail-users
|
From: Hans C. <fo...@gm...> - 2025-11-09 00:50:46
|
I'm in the process of upgrading my ancient local-only little home mail server and was wondering how much it matters if I use smtp or sendmail for local delivery. My system is Fedora 43: fetchmail: 6.5.6 postfix: 3.10.3 alpine: 2.26 Keep reading for details of my setup and why I'm asking. My setup is only used for 2 users, with a few email addresses for each user. The MTA is postfix, configured to listen only on loopback port 25 with a self signed cert. There is no access to this server from the outside. The only things that access the MTA are on the same host: alpine for relaying outbound mail and fetchmail for inbound mail. fetchmail is started/stopped daily for each user via cron and each user has the same basic fetchmailrc: set daemon 900 set logfile log/fetchmail.log defaults timeout 120 fetchall nokeep fetchlimit 50 ssl poll ... poll ... poll ... I'm trying to configure smtpd_sender_restrictions in postfix, mainly so I'll get an immediate failure if I've added a new email address that hasn't been configured in postfix. The problem is, if I add smtp_sender_restrictions in the postfix config (main.cf), then those restrictions apply to all connections; both from alpine and fetchmail. I'm fairly certain there's a way to distinguish this by adding something to master.cf (still figuring that part out), but the key is, there needs to be a way to distinguish between the two. I think if fetchmail uses sendmail instead of smtp, I can use that to setup restrictions based on smtp connections (alpine/outbound) and restrictions based on sendmail connections (fetchmail/inbound). Soooo, back to the original question... on my little local-only server are there any pros/cons I should be aware of if I add a fetchmail mda config line to use sendmail (or whatever the postfix equiv is) instead of the default smtp? An alternative, might be to distinguish the two by the fact that alpine connects to smtp via ipv4 and fetchmail connects via ipv6. Maybe I could use that - although I was considering completely disabling ipv6 since I don't plan to ever use it... at least not locally. Then again, maybe this IS a use for ipv6. Thanks for any advice. |
|
From: Matthias A. <mat...@gm...> - 2025-11-11 18:41:31
|
Am 09.11.25 um 01:50 schrieb Hans Carlson via Fetchmail-users:
> I'm in the process of upgrading my ancient local-only little home mail
> server and was wondering how much it matters if I use smtp or sendmail
> for local delivery.
>
> My system is Fedora 43:
> fetchmail: 6.5.6
> postfix: 3.10.3
> alpine: 2.26
>
> Keep reading for details of my setup and why I'm asking.
>
> My setup is only used for 2 users, with a few email addresses for each
> user. The MTA is postfix, configured to listen only on loopback port
> 25 with a self signed cert. There is no access to this server from
> the outside. The only things that access the MTA are on the same
> host: alpine for relaying outbound mail and fetchmail for inbound mail.
>
> fetchmail is started/stopped daily for each user via cron and each
> user has the same basic fetchmailrc:
>
> set daemon 900
> set logfile log/fetchmail.log
> defaults
> timeout 120
> fetchall
> nokeep
> fetchlimit 50
> ssl
>
> poll ...
> poll ...
> poll ...
>
> I'm trying to configure smtpd_sender_restrictions in postfix, mainly
> so I'll get an immediate failure if I've added a new email address
> that hasn't been configured in postfix.
Those are only available through SMTP, not through most
/usr/{lib,sbin}/sendmail wrappers (certainly not Postfix's).
> The problem is, if I add smtp_sender_restrictions in the postfix
> config (main.cf), then those restrictions apply to all connections;
> both from alpine and fetchmail. I'm fairly certain there's a way to
> distinguish this by adding something to master.cf (still figuring that
> part out), but the key is, there needs to be a way to distinguish
> between the two. I think if fetchmail uses sendmail instead of smtp,
> I can use that to setup restrictions based on smtp connections
> (alpine/outbound) and restrictions based on sendmail connections
> (fetchmail/inbound).
You can add another smtpd listener (right hand side of master.cf) in
Postfix on a different port (left-hand side of master.cf, you can also
give numbers of ports instead of service names) and configure that with
its own option set. If you indent 2nd, 3rd, ... lines Postfix reads them
as continuation of the previous line in master.cf, and it should have
relevant examples.
HTH
Matthias
|
|
From: Hans C. <fo...@gm...> - 2025-11-11 20:24:24
|
On Tue, 11 Nov 2025, Matthias Andree via Fetchmail-users wrote:
> Am 09.11.25 um 01:50 schrieb Hans Carlson via Fetchmail-users:
>>
>> I'm trying to configure smtpd_sender_restrictions in postfix, mainly so
>> I'll get an immediate failure if I've added a new email address that
>> hasn't been configured in postfix.
>
> Those are only available through SMTP, not through most
> /usr/{lib,sbin}/sendmail wrappers (certainly not Postfix's).
Right, the restrictions I was planning to configure would only apply to
the smtp connections from alpine. I don't think I want any restrictions
on the connections from fetchmail. fetchmail should process all the mail
it gets and deliver it to the local user.
For the smtp connections from alpine on the other hand I want to add a
simply table with a list of the email addresses that are allowed to send
email. If in the future I add a new email address, then I want the alpine
SMTP connection to my local postfix SMTP server to give me an immediate
rejection so I know I need to go configure authentication for the new
email address. Without that, the postfix SMTP client connection to the
isp relay will eventually fail with an auth error, but I won't notice it
for some time because that's all done in the background.
Sooo... if I don't actually want any restrictions on fetchmail, then is
there any reason NOT to use sendmail for delivery instead of SMTP?
>> The problem is, if I add smtp_sender_restrictions in the postfix config
>> (main.cf), then those restrictions apply to all connections; both from
>> alpine and fetchmail. I'm fairly certain there's a way to distinguish
>> this by adding something to master.cf (still figuring that part out), but
>> the key is, there needs to be a way to distinguish between the two. I
>> think if fetchmail uses sendmail instead of smtp, I can use that to setup
>> restrictions based on smtp connections (alpine/outbound) and restrictions
>> based on sendmail connections (fetchmail/inbound).
>
> You can add another smtpd listener (right hand side of master.cf) in Postfix
> on a different port (left-hand side of master.cf, you can also give numbers
> of ports instead of service names) and configure that with its own option
> set. If you indent 2nd, 3rd, ... lines Postfix reads them as continuation of
> the previous line in master.cf, and it should have relevant examples.
Yes, that is the other option I was looking at. But using sendmail
instead of a separate smtpd listener seemed like the simpler option as
long as I don't need/want any local processing of inbound email by smtpd.
Maybe in the future I'll think of something, but for right now I don't
think smtpd would be adding anything to the process... basically, I just
want fetchmail to get the mail and get it to the users INBOX.
And if I do want to process the incoming mail in some way in the future, I
was planning to investigate some combination of postfix, dovecot and
sieve. At this point I don't really know anything about that, other than
it seems to be possible.
|
|
From: Matthias A. <mat...@gm...> - 2025-11-19 20:25:24
|
Am 11.11.25 um 21:24 schrieb Hans Carlson via Fetchmail-users:
> On Tue, 11 Nov 2025, Matthias Andree via Fetchmail-users wrote:
>
>> Am 09.11.25 um 01:50 schrieb Hans Carlson via Fetchmail-users:
>>>
>>> I'm trying to configure smtpd_sender_restrictions in postfix,
>>> mainly so
>>> I'll get an immediate failure if I've added a new email address that
>>> hasn't been configured in postfix.
>>
>> Those are only available through SMTP, not through most
>> /usr/{lib,sbin}/sendmail wrappers (certainly not Postfix's).
>
> Right, the restrictions I was planning to configure would only apply
> to the smtp connections from alpine. I don't think I want any
> restrictions on the connections from fetchmail. fetchmail should
> process all the mail it gets and deliver it to the local user.
>
> For the smtp connections from alpine on the other hand I want to add a
> simply table with a list of the email addresses that are allowed to
> send email. If in the future I add a new email address, then I want
> the alpine SMTP connection to my local postfix SMTP server to give me
> an immediate rejection so I know I need to go configure authentication
> for the new email address. Without that, the postfix SMTP client
> connection to the isp relay will eventually fail with an auth error,
> but I won't notice it for some time because that's all done in the
> background.
>
> Sooo... if I don't actually want any restrictions on fetchmail, then
> is there any reason NOT to use sendmail for delivery instead of SMTP?
The concerns are
- you're breaking up the tight coupling between the SMTP server
(Postfix) and the client (fetchmail), so...
- that you won't notice from fetchmail's end if the Postfix service goes
down (which it doesn't ever do for me, Postfix is one of the nicer
things in software) because the sendmail command should always be able
to enqueue the message, even after "postfix stop", but they won't get
delivered
[snip]
HTH
Matthias
|
|
From: Hans C. <fo...@gm...> - 2025-11-20 02:08:26
|
On Wed, 19 Nov 2025, Matthias Andree via Fetchmail-users wrote: > Am 11.11.25 um 21:24 schrieb Hans Carlson via Fetchmail-users: >> >> Sooo... if I don't actually want any restrictions on fetchmail, then is >> there any reason NOT to use sendmail for delivery instead of SMTP? > > The concerns are > > - you're breaking up the tight coupling between the SMTP server (Postfix) and > the client (fetchmail), so... > > - that you won't notice from fetchmail's end if the Postfix service goes down > (which it doesn't ever do for me, Postfix is one of the nicer things in > software) because the sendmail command should always be able to enqueue the > message, even after "postfix stop", but they won't get delivered Thanks for the clarification. In that case, I'll setup postfix to listen on port 25 for fetchmail and port 587 for alpine. That way I should be able to configure different restrictions based on the port. |
Thanks for helping keep SourceForge clean.
X