I thought this was a quite common situation, but I'm struggling a bit getting this to work in the easiest way possible, and also, I'm not sure if I'm doing it in a good/recommended way by now.
I have two servers that can communicate via a LAN (and also, both have public internet IP addresses). One runs Postfix, the other one serves some websites.
What I want to do is to be able to send some mail (e.g. confirmation mail and such stuff) via PHP from the webserver host. As this is all that machine does, I don't want to setup a fully-blown Postfix there, but use the other host for sending mail.
What I have done is to setup msmtp on the web server and declare it's LAN IP address as trustable (by adding it to Postfix's my_networks etc.) on the mail server. This does work, I can send mail from this host. But – as expected – Postfix acts as a relay for mail sent this way, adds a respective header, a comment that SPF checking was skipped and so on.
Now I wonder if this can be done in an easier way, as the web server has LAN access to the mail server. Is it possible to directly use sendmail on the mail server from the web server? Like through a ssh pipe, using some unprivileged user with a passwordless SSH key? Or via some small program on the mail server (I didn't find) that listens to some non-exposed port and forwards incoming data to sendmail? So that on the web server, one can use a dummy sendmail script that simply pipes data to the mail server's LAN address and said port?
Thanks for all hints :-)
You can send messages from your application directly to the email server using 587 submission port. See RFC 6409.
If you want to strip the Received header, do this on the proxy server:
In /etc/postfix/main.cf:
In /etc/postfix/header_checks:
I'm not 100% sure of what your SPF header says, but try putting this in /etc/postfix/header_checks:
Lastly, run these two commands: