2Q Automated recipient verification and public certificate

Questions and answers about how to do stuff
Post Reply
GiTM
Posts: 3
Joined: 22 Feb 2020 15:43

2Q Automated recipient verification and public certificate

Post by GiTM »

Downloaded .iso for eFa 4 and ran through initial configuration as a vm as per information in the wiki and FAQs available. Fantastic.

I have setup domains in Mail Settings > Transport Settings pointing to a "SmarterMail" server on the same subnet. Moving forward!

I can telnet on port 25 directly to the SmarterMail server and submit a message as desired. When I telnet on port 25 to the eFa server and attempt to submit a message (to a valid address on the SmarterMail server) I receive the following:
Recipient address rejected: undeliverable address: No user at this address

I have found the "automated receipient verification" area and disabled it (as a test - I would like to utilize this functionality.) After rebooting the eFa, I tested submitting a message again and the message is delivered.

Q1.> What settings are required by the eFa to utilize this feature? Is this an LDAP lookup? (thus there would be something to configure within SmarterMail?)

Q2.> How can I install a public certificate on the eFa so that I can utilize StartTLS. I am not interested in using Let's Encrypt for a few reasons that I'm struggling with ...

1. 90 day renewal ... I'll forget!
2. I'll have to burn a public IP address, one for eFa and one for SmarterMail's web mail/activesync.

I plan to open port 25 (et.al.) to the eFa and ports 80/443 to SmarterMail (via reverse proxy actually) all on one public IP address. If I were to open 80/443 for Let's Encrypt on the eFa, I'd have to use an obscure port for webmail/activesync ... and activesync then becomes a configuration issue. I believe that if I install a public certificate on eFa (not via Let's Encrypt) I can set and forget as it were.

Any advice to a new eFa user is appreciated!
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: 2Q Automated recipient verification and public certificate

Post by shawniverson »

A1: Automatic recipient verification sends a probe to your mail server (the beginning of an smtp session) and then either gets rejected (no user) or terminates the session early (the user exists and the mail server and is waiting for the message). Other spam fighting software, etc. can interfere with this probe attempt and cause a reject and may need adjusted.

A2: Yes you can, the same way you do with apache on a linux server at /etc/httpd/conf.d/ssl.conf with the SSLCertificateFile,SSLCertificateKeyFile, and SSLCertificateChainFile. Optionally, you can also use with postfix in /etc/postfix/ssl by placing your certificate and key in smtpd.pem
GiTM
Posts: 3
Joined: 22 Feb 2020 15:43

Re: 2Q Automated recipient verification and public certificate

Post by GiTM »

Outstanding - thank you! I'll have a look and post results as I find them. Much appreciated.
Post Reply