Answer by Wilson

Wilson — Tue, 04 May 2010 13:02:00 -0400

I configured Postfix and it seems to work great but, using it with a dynamic ip does not cut it. Most dynamic ip are blacklisted and most mail server block incoming mail from these addresses. I tried using something like no-ip.com but, my ip changed too frequently. After an ip changed I had to remove it from the blacklist, that happened every other day so by the time the changes got propagated the ip changed again. Too much work.

Answer by KenJackson

KenJackson — Tue, 04 May 2010 02:23:01 -0400

Gladiator's link captured the SMTP situation very well, "... running a "direct-to-mx" outbound mail server on a dynamic address no longer is practical - too many sites just block mail from dynamic IP addresses. Sigh."

But I use my home Linux PC as my personal secure IMAP server, even though the IP address can, and does, change occasionally. Here's a stripped down version of the script that I run to automatically update it. (I really run one cron script as a regular user to generate it, and a second cron script as root to install it.)

It also generates a cert file in the form ip-XX-XX-XX-XX.pem, where the X's are my IP address. I don't currently use it for anything, but it's been my plan to use it for a variety of things, if I ever get to it.

#!/bin/sh
PKICERT=/etc/pki/tls

# Get and verify my home IP address

IP="$(curl -s http://jackson.io/ip/)"
case "$IP" in
    ""|*[!0-9.]*)  echo "ERROR: Invalid IP address \"$IP\"";  exit 1 ;;
esac
HOMEURL="$(host "$IP" | sed 's/.*pointer //;s/\.$//')"
echo $HOMEURL | grep -q pool-  ||  { echo "ERROR getting URL"; exit 1; }

# Generate the new general-purpose PEM filename

PEM="ip-$(echo $IP | /usr/bin/tr . -).pem"
case "$PEM" in
    ip-*-*-*-*.pem) ;;
    *) echo "Incorrect name for cert file \"$PEM\""
       exit 1
       ;;
esac

# Exit if the existing cert is correct

if [ -s "$PKICERT/$PEM" ]; then
    echo "The existing PEM file is correct"
    exit 0
fi

# Make a new TLS certificate for imapd
#
# This procedure was developed by looking at the postinstall scriptlet:
#     rpm -q --scripts uw-imap
# This command will dump the resulting pem file:
#     certtool -i --infile imapd.pem
#
# Prompts: CountryName, StateName, LocalityName, OrganizationalName,
#          OrganizationalUnitName, CommonName, EmailAddress
#
cd /tmp  ||  { echo "Error: Can't cd to /tmp"; exit 1; }
rm -f *.pem
CERT=imapd.pem
MAKEFILE=/etc/pki/tls/certs/Makefile
make -f $MAKEFILE $CERT << EOF &> /dev/null
US
Maryland
Home
My Name
mydomain.com
$HOMEURL
me@mydomain.com
EOF

if [ ! $? ]; then
    echo ERROR creating key and certificate
    rm -f $CERT
    exit 1
fi
sed -n '/BEGIN CERT/,/END CERT/p' $CERT > $PEM

# Delete old certs

/usr/bin/sudo /bin/rm -fv $PKICERT/ip-*.pem $PKICERT/certs/$CERT

# Install the new general-purpose cert

/usr/bin/sudo /usr/bin/install -v -m600 /tmp/$PEM $PKICERT/

# Install imap cert

/usr/bin/sudo /usr/bin/install -v -m600 "/tmp/$CERT" "$PKICERT/certs/"

Answer by Ian 1

Ian 1 — Mon, 03 May 2010 23:13:11 -0400

I totally agree with Keith.

Use postfix instead of sendmail. You'll find it much easier to configure and manage.

I have postfix operating behind a dynamic IP address, using Zonedit to manage DNS for my domain names. I have smtps, imaps and pops configured for secure remote connections.

Happy to help you out with anything relating to postfix :)

Answer by Keith

Keith — Mon, 03 May 2010 21:20:06 -0400

Why use sendmail?

Postfix is a superior product IMHO

Answer by Gladiator

Gladiator — Mon, 03 May 2010 18:50:19 -0400

Kindly have a look. I hope it'll whelp you.

http://bcn.boulder.co.us/~neal/cablemail.html

Answers to: sendmail on a dynamic IP

Answer by Wilson

Answer by KenJackson

Answer by Ian 1

Answer by Keith

Answer by Gladiator