I understand that I need SMTP on port 25 to receive email, but I do not want this to be a relay port.
Instead I would port 587 to be used for registered (SASL-authenticated) users to relay email from any IP address, through my server, and to any email server (e.g. GMail, Yahoo).
I have set up Postfix to receive email, and authenticate users, but I am utterly confused about the difference between port 25 and 587, and how to use one for receiving and one for relaying.
Here is the relevant part of my main.cf
currently.
myhostname = mx.example.com
mydomain = example.com
#myorigin = $mydomain
mydestination = localhost localhost.localdomain
mynetworks_style = host
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail
# relay policy is specified under smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
And master.cf
.
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=reject_sender_login_mismatch
Unfortunately I get this error when trying to send on port 587 with my mail client from a different IP address.
NOQUEUE: reject: RCPT from unknown[XXX.XXX.XXX.XXX]: 553 5.7.1 <test@example.com>: Sender address rejected: not owned by user test@example.com; from=<test@example.com> to=<test@domain.tld> proto=ESMTP helo=<[192.168.1.3]>
Best Answer
Per-port configuration is done in
master.cf
, notmain.cf
. The default Postfix configuration files already have good example settings, they just need to be uncommented. Port 587 is labelled as thesubmission
port there (port 25 is of coursesmtp
).Your settings could be somewhat simplified. In
main.cf
, specify the default policy (for port 25) only asrecipient_restrictions
, nothing more than that is necessary:In
master.cf
, override it by removing the previously set restrictions and allowing unrestricted relaying for authenticated users: