I have setup a SMTP server in my internal network, but I want to remove the port 25 completely since my service provider limits access to port 25.
However, even using port 587 in my server to authenticate, the server always goes to relay host on port 25, if I send an e-mail to a gmail account for example, this is what I get.
Oct 14 07:18:03 smtp postfix/smtp[12902]: connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out
Oct 14 07:18:03 smtp postfix/smtp[12905]: connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out
Oct 14 07:18:03 smtp postfix/smtp[12903]: 6DA571015A3: to=<ericopfusco@gmail.com>, relay=none, delay=2825, delays=2188/488/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out)
Oct 14 07:18:03 smtp postfix/smtp[12904]: 501161015A9: to=<ericopfusco@gmail.com>, relay=none, delay=1601, delays=964/488/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out)
Oct 14 07:18:03 smtp postfix/smtp[12905]: AE1711015A7: to=<ericopfusco@gmail.com>, relay=none, delay=2516, delays=1878/488/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out)
Oct 14 07:18:03 smtp postfix/smtp[12902]: EADD310159F: to=<ericopfusco@gmail.com>, relay=none, delay=4595, delays=3957/488/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[74.125.136.27]:25: Connection timed out)
I'm sure I'm missing some basic SMTP concepts here, but I don't know what they are. But I basically need to stop using port 25 for outgoing e-mails from my internal network to the relays.
# TLS parameters
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/ssl/certs/ca.crt
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_sasl_auth_enable = yes
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
mydomain = iriscrm.com
myhostname = smtp.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = smtp.example.com, smtp, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/16 10.10.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
mailbox_command =
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
tls_random_source = dev:/dev/urandom
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Best Answer
To do what you said, you had to set the default transport to the port 587. It can be done with a
default_transport = smtp:587But it won't work, because most SMTP servers of the world simply don't have an open port 587.
What you could do: you had to get an SMTP relay who were accepted your mails (on a port differing from 25), and allowed them to go out of the world. Luckily, gmail also can do that, but it will only work if you don't have too big traffic (otherways he will consider you a spammer), and its configuration can be a little bit tricky.
The best were if you had some server by a server hosting provider, which doesn't do such port limiting, and used him as a mail relay.