Lime: Difference between revisions

From Sea of Fate
Jump to navigationJump to search
← Older edit
 
(2 intermediate revisions by the same user not shown)
Line 19: Line 19:
Although the Brevo gateway was setup and port 587 was allowing traffic out of my network Joomla stubbornly refused to connect to the Brevo relay, there must be something about the security settings because with the feedback from Joomla on debug was that it was failing to authenticate. I did get Google's AI, Gemmini to write a PHP script to send an email using Brevo's connection details from outside of Joomla and that worked no problem so there must be some include line somewhere that i am missing and it joomla is including some SSL/TLS setting that are not working. Oddly Wikimedia also would not email out either although it should have been able to as well and that further reinforces the point that there is some SASL security setting that is blocking web apps but not PHP directly. Joomla forum tried to help but could not understand why it would not work either so a new direction was needed. Since PHP can connect to Brevo there is no firewall rule missing or anything like that so I tried installing Postfix.
Although the Brevo gateway was setup and port 587 was allowing traffic out of my network Joomla stubbornly refused to connect to the Brevo relay, there must be something about the security settings because with the feedback from Joomla on debug was that it was failing to authenticate. I did get Google's AI, Gemmini to write a PHP script to send an email using Brevo's connection details from outside of Joomla and that worked no problem so there must be some include line somewhere that i am missing and it joomla is including some SSL/TLS setting that are not working. Oddly Wikimedia also would not email out either although it should have been able to as well and that further reinforces the point that there is some SASL security setting that is blocking web apps but not PHP directly. Joomla forum tried to help but could not understand why it would not work either so a new direction was needed. Since PHP can connect to Brevo there is no firewall rule missing or anything like that so I tried installing Postfix.


===Postfix Installation===
===[[Postfix Installation]]===


Postfix was can be installed with apt the line is no more complicated than
It is fairly straight forward to install and configure postfix and once it is done email will work. more details can be found [[Postfix Installation | here]].
sudo apt install postfix
once the install gets going it asks a few questions either answer them now or add them to a config file later. The first question is something like General type of mail configuration. The two possible options are either internet with smarthost which would deliver local mail locally but use the smarthost for outgoing mail but as there is no real need for local mail the better option for me is.
Satellite System
If  this was a company email system and email directly from postfix the best option would be internet site but that would need a fixed internet facing IP address. The next question is about system name so in my case
seaoffate.net
Any name could be used but as that is the domain name that made more sense. The last question was about SMTP relay host, it should be noted that it should have the square brackets around the relay host so that Postfix does not do some sort of MX lookup. I guess that if internet site only had been chosen earlier there would be different questions. For me to use Brevo as a relay SMTP relay host should be
  [smtp-relay.brevo.com]:587
The setup should finish at this point and extra config will have to be in the file /etc/postfix/main.cf so type
sudo nano /etc/postfix/main.cf
In the config there may be some settings already configured but make sure that these at least are present
* Outgoing relay configuration
relayhost = [smtp-relay.brevo.com]:587
* Enable SASL authentication for outgoing mail
smtp_sasl_auth_enable = yes
* Specify the password file and format and Make sure this points to the file that will be created
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
* Security options: disable anonymous logins
smtp_sasl_security_options = noanonymous
* Enable STARTTLS encryption. Use 'yes' for STARTTLS on port 587. 'encrypt' is for implicit SSL/TLS usually on port 465
smtp_use_tls = yes
* specify the local domains only (remove seaoffate.net from this option
mydestination = localhost.localdomain, localhost # should not have seaoffate.net in this line
* Make sure smtpd_relay_restrictions has permit_mynetworks at or close to the beginning of the list
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
* mynetworks should include any other hosts that need to use this MTA eg include the production network adjust if yours lists specific IPs
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.100.0/24
* make sure that postfix is listening on all of the host's interfaces that it should.
inet_interfaces = all
* Optional, but recommended: Path to CA certificates for verifying the relay server's cert.
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Once that is done we need to create the password file. We have specified that it will be /etc/postfix/sasl_passwd so the command will be
sudo nano /etc/postfix/sasl_passwd
In the file there needs to be a line
[smtp-relay.brevo.com]:587 TheBrevoUsername:TheBrevoPassword
Obviously, chmod the file to 600
sudo chmod 600 /etc/postfix/sasl_passwd
Then create the HashDB with the file /etc/postfix/sasl_passwd.db using the command
sudo postmap /etc/postfix/sasl_passwd
That should be all that is needed to get postfix working so a restart would activate the config changes
sudo systemctl restart postfix
Once Postfix has restarted it should be ready to roll. As there is no mail app to write an email with we need to use the Mail app. if it isn't installed it should be
sudo apt install mailutils
then send a test email with something like
echo "This is the test body of the email." | mail -s "Postfix Relay Test via Brevo" [email protected]
it is probably better to open another ssh terminal and run 
tail -f /var/log/mail.log
One obvious error set of messages is
postfix/smtp[167780]: error: open database /etc/postfix/sasl_passwd.db: No such file or directory
postfix/smtp[167780]: warning: hash:/etc/postfix/sasl_passwd is unavailable. open database /etc/postfix/sasl_passwd.db: No such file or directory
postfix/smtp[167780]: warning: hash:/etc/postfix/sasl_passwd lookup error for "smtp-relay.brevo.com"
postfix/smtp[167780]: warning: 1B73C29D44: smtp_sasl_password_maps lookup error
These mean that there is no password file or it is in the wrong place. Check inside the config for the line that gives the path to the password maps "smtp_sasl_password_maps" ls the dir specified and look for a file "sasl_passwd.db" if it is not present it needs to be created with a line like
sudo postmap /etc/postfix/sasl_passwd
or whatever path is in the config. if postmap fails check the sasl_passwd file
sudo nano /etc/postfix/sasl_passwd
it should have the line
[smtp-relay.brevo.com]:587 TheBrevoUsername:TheBrevoPassword
The format is important when the sasl_passwd is done re run the postmap command so that it creates sasl_passwd.db. then do
sudo systemctl restart postfix
the tails file should clear and send the email.

Latest revision as of 23:38, 10 April 2025

Introduction

Lime is the Default of the Webservers, if someone types seaoffate.net or www.seaofate.net this is the webserver that will be listening. It will also be listening to lime.seaoffate.local and seaoffate.local. It may also be able to have lime.seaoffate.net but that is not certain as it may not be on the cloudflare DNS yet. The Content Management System is Joomla for this server.

Joomla

Joomla has been setup and has the backup extension Akeeba Backup, the convert form and gantry with helium. JCE Editor is also available. Helium appears to work well but it will take some time to learn to get the best out of it.

Email

Email obviously was not going to work on a ISP DHCP internet connection so I did not even try to set one up. I looked around for a free email relay service and the first one found that looked Ok and was likely to be free was Brevo. There are undoubtedly others that would offer the same but lots looked like they were going to charge money for something that I was not too concerned about, a sort of nice to have but not at any cost.

Brevo

Brevo offer a free tier of their webservices that allows 300 outgoing emails per day more than anything that I am likely to need unless the website become wildly popular but I can't see that happening any time soon. What Breva offer amongst there marketing services is a mail relay. From what I can gather they like to offer a free tier for either developers or new users to try out their marketing services. I think their is a phone type service from them as well also free but the SMS has a charge, not much of a charge though, something under £3.00 per 100 SMS to UK, maybe worth a look at some point in the future. there is a possibility of sending whatsapp from them as well but also as a chargeable thing. If I ever need to get to do some sort of marketing campaign Brevo has a lot of tools to get my words out. For now they offer what I need and that is an email relay.

Configuring Joomla to Send Email

Although the Brevo gateway was setup and port 587 was allowing traffic out of my network Joomla stubbornly refused to connect to the Brevo relay, there must be something about the security settings because with the feedback from Joomla on debug was that it was failing to authenticate. I did get Google's AI, Gemmini to write a PHP script to send an email using Brevo's connection details from outside of Joomla and that worked no problem so there must be some include line somewhere that i am missing and it joomla is including some SSL/TLS setting that are not working. Oddly Wikimedia also would not email out either although it should have been able to as well and that further reinforces the point that there is some SASL security setting that is blocking web apps but not PHP directly. Joomla forum tried to help but could not understand why it would not work either so a new direction was needed. Since PHP can connect to Brevo there is no firewall rule missing or anything like that so I tried installing Postfix.

Postfix Installation

It is fairly straight forward to install and configure postfix and once it is done email will work. more details can be found here.

Retrieved from "https://wiki.seaoffate.net/index.php?title=Lime&oldid=276"