Support for printers

Discussion in 'Tips/Tricks/Mods' started by Olgierd, Sep 3, 2021.

Tags:
  1. Olgierd

    Olgierd Member

    Hi All,
    I wonder if there is some way to do configuration on postfix or thru ISPConfig to allow printers send email thru server and try to deliver message to domain what is on other server. The problem is if my email domain is not set I will have "Client host rejected: Access denied", but when is set postfix will try to deliver message on local system. Looks like filters recognize field From from header and reject connection.
    Thanks
    Olgierd
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Is this not a problem of e-mail configuration on the printer? If your e-mail server works, the printer should be able to send like other clients are sending. Same kind of setup should work.
    You do not bother to mention what kind of printer, so maybe it does not have configuration options for sending e-mails.
     
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    If your printer logs in with a valid mail account, it can use the SMTP server just fine.
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Some printers will configure just fine, and some have limitations in what can be configured; if yours can't be set up to send like any other email client, what specific limitations do you encounter? You may be able to whitelist it's ip or make other accommodations. Postfix does not reject based on the from header though, so that's not it.
     
  5. Olgierd

    Olgierd Member

    The problem what I have is that if client has domain sometest.tld and emails are hosted on different server, my server will want deliver emails to local mailbox first and throw an error because mailbox does not exist on local system. All other email will go out, no problem.
    Looks like all messages to mailboxes under domain sometest.tld fail. Looks like I cannot add domain sometest.tld into postfix configuration, but then I need to use some other username to authenticate and this makes filtering problem - "Client host rejected: Access denied"
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You need to use authentication, just like you do when sending from any other mail client; if the printer can't authenticate, add it to the whitelist or to the myneyworks setting in main.cf.
     
  7. Olgierd

    Olgierd Member

    When I add authentication with login related with client domain it works, but only for recipients with mailboxes on the same server. Printer will not able to send messages to mailboxes located on other servers under the same domain. Postfix just want to deliver messages locally.
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Can you send messages to those mailboxes located on other servers?
    I can not understand what kind of e-mail setup you have that has an e-mail domain so strangely split up.
     
  9. Olgierd

    Olgierd Member

    I can send messages only to mailboxes with different domain and those emails can be distributed locally or outside if my server does not have configuration for other domain.
    If I want to send message to to mailbox what is located on another server I need authenticated with username with different domain and recipient domain cannot exist in any configuration on local server.

    I setup scenario when I authenticated on the server with login what have domain not related with recipient. In this case I have no configuration on local server related with recipient domain. This would work but filters throw "Client host rejected: Access denied".

    I need to process scan to email from printers or some email distributions applications with payroll.
    The problem is that Office 365 allow only 30 message per min and with bulk emails I have a problems and I need to use some other server when I do not have limitations like this. Printers have similar problems and some older devices with older firmware do not support TLS 1.2.

    Ideal solution would be if I can setup service for those scenarios when recipient receive emails with sender domain and can respond to it.
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I think I understand your setup now, except:
    If you know that, why do you make the recipient domain on the local server? As far as I know, all e-mail systems check if the recipient address is a local mailbox first, and deliver to that. If same e-mail domain also exists somewhere else on the Interwebs, it does not receive mails from this server.
    I have used a script that sends e-mails at say 10 second intervals. It is 360 messages per hour and does not exceed the rate limits. If you have 1000 messages to send, it is a bad idea anyway to send them all at once.
     
    Jesse Norell likes this.
  11. Olgierd

    Olgierd Member

    Client has emails by Microsoft 365 services, all mailboxes are hosted there.
    Older devices and applications has problems to send emails thru M365, so they want to use other server as a relay.
     
  12. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    As @Taleman said:
    If the real mailboxes live elsewhere, you can use a different domain for authenticating (eg. 'printers.actual.tld'); it wouldn't even have to exist in dns as far as ISPConfig is concerned, though you'd have to test if O365 accepts it (or setup a connector so that it does).
     
  13. Olgierd

    Olgierd Member

    Jesse I was trying to do this, but I was stuck on "Client host rejected: Access denied". This is some settings on postfix what we have by default with ISPConfig configuration.
     
  14. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    This means your client was rejected due to smtpd_client_restrictions, what do you have set for that?

    A 3.2.5 host here has this:
    Code:
    smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_unknown_client_hostname, permit
    From that you can see that if your client were authenticated, it would not be rejected. You can also see that if you add the printer's ip to the postfix whitelist it would not be rejected. Also if you add it to mynetworks it would not be rejected. That's why all those solutions were listed above.
     

Share This Page