Postfix is extremely flexible (and therefore, complex) in its configuration, so there are various ways to achieve this. The simplest way would probably be to use a transport(5) table.
First, enable the use of a transport table in postfix:
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
You'll also have to make sure that Postfix accepts mails for the addresses that will be handled by Lamson. Have a look at permit_auth_destination for the rules Postfix will apply to determine valid recipient addresses. For the following example, assuming "example.com" is a domain not otherwise known to Postfix, it's probably easiest to simply add it as relay domain:
/etc/postfix/main.cf:
relay_domains = example.com
Then, create an appropriate table. E.g. to redirect all mail for the domain "example.com" as well as mail for "user@mydomain.org" to your local Lamson listening at port 10025:
/etc/postfix/transport:
example.com smtp:127.0.0.1:10025
user@mydomain.org smtp:127.0.0.1:10025
After that (and then once after every update to the transport table file) don't forget to run:
$ postmap /etc/postfix/transport
This should get you going. Be sure to read the transport(5) man page, which will give you more ideas on how to use this powerful facility.
Port 25 needs to be open in order for it to receive mail from the internet. All mail servers will establish a connection on port 25 and initiate TLS (encryption) on that port if necessary.
Secure SMTP (port 465) is used only by clients connecting to your server in order to send mail out.
Port 587 is considered a submission port. It is also what clients use to send mail out using your server. Port 587 is preferred in SMTP settings of clients over port 25 because port 25 is blocked by many ISPs. If you have port 465 open, you don't necessarily need port 587 open as well, but I believe 587 is considered a standard and 465 is considered legacy.
Port 25 should accept anonymous connections, but not for relaying
Ports 465 and 587 should reject anonymous connections and allow relaying.
Don't apologize for not knowing. We all start somewhere, and nobody on here knows everything :-)
Best Answer
First off, what situation landed you in such an awkward internet connection scenario? I've seen a lot of messed up configurations, but requiring customers to tunnel all of their traffic to a remote ssh server is absurd. I must say, it sounds like you're perhaps trying to run a server somewhere where you aren't supposed to, or are trying to fly under the radar somehow.
Anyway, why don't you just make another non-dynamic ssh tunnel for the smtp traffic? Something like:
Then you can have postfix deliver use
localhost:2525as its "smarthost".This will be much more straightforward than using a dynamic proxy like you're currently trying to do.