0

I thought this was a quite common situation, but I'm struggling a bit getting this to work in the easiest way possible, and also, I'm not sure if I'm doing it in a good/recommended way by now.

I have two servers that can communicate via a LAN (and also, both have public internet IP addresses). One runs Postfix, the other one serves some websites.

What I want to do is to be able to send some mail (e.g. confirmation mail and such stuff) via PHP from the webserver host. As this is all that machine does, I don't want to setup a fully-blown Postfix there, but use the other host for sending mail.

What I have done is to setup msmtp on the web server and declare it's LAN IP address as trustable (by adding it to Postfix's my_networks etc.) on the mail server. This does work, I can send mail from this host. But – as expected – Postfix acts as a relay for mail sent this way, adds a respective header, a comment that SPF checking was skipped and so on.

Now I wonder if this can be done in an easier way, as the web server has LAN access to the mail server. Is it possible to directly use sendmail on the mail server from the web server? Like through a ssh pipe, using some unprivileged user with a passwordless SSH key? Or via some small program on the mail server (I didn't find) that listens to some non-exposed port and forwards incoming data to sendmail? So that on the web server, one can use a dummy sendmail script that simply pipes data to the mail server's LAN address and said port?

Thanks for all hints :-)

Tobias Leupold
  • 131
  • 7

2 Answers2

0

You can send messages from your application directly to the email server using 587 submission port. See RFC 6409.

AlexD
  • 8,179
  • 2
  • 28
  • 38
  • Of course, this is what a desktop mail client does. But for this, I would need a "real" account with stored clear-text passwords and so on … – Tobias Leupold Feb 04 '22 at 08:02
  • You can configure the mail server to allow submission from specific IP without requiring a password. – AlexD Feb 04 '22 at 08:07
  • I think this is what I'm doing right now: The web server is in Postfix's my_networks, and using msmtp, I can send mail and the mail server relays it. But additional headers are added (Received, skipped SPF test). I want to send mail from the web server as if it was sent directly from the mail server … – Tobias Leupold Feb 04 '22 at 08:29
  • Then you need to post a separate question - how to hide a received header. – AlexD Feb 04 '22 at 08:31
0

If you want to strip the Received header, do this on the proxy server:

In /etc/postfix/main.cf:

header_checks = pcre:/etc/postfix/header_checks

In /etc/postfix/header_checks:

/^Received:/     STRIP Remove Received header.

I'm not 100% sure of what your SPF header says, but try putting this in /etc/postfix/header_checks:

/^skipped\ spf\ test:/     STRIP Remove SPF header.

Lastly, run these two commands:

postmap /etc/postfix/header_checks
systemctl restart postfix
Cameron
  • 176
  • 3