On Fri, Mar 25, 2011 at 11:47:03AM -0400, Walt Shekrota wrote:
> On Friday 25 March 2011 11:32:01 Brian Evans - Postfix List wrote:
> > > smtp.frontier.com wshekro...@frontier.com:xxxxxxxxx
> > > relayhost = 199.224.64.207
> >
> > smtp.frontier.com != 199.224.64.207
> >
> > As documented, they MUST be equal
>
> yes I read that last night and fixed it. Something I alternatively
> read suggested an IP address be used. That is the problem with the
> internet you have to avoid reading too many other folks posts they
> are not always useful.
Indeed. And in your particular case, the problem is made worse by the
fact that you don't seem to grasp the basics of how MTAs work. Most
MTAs are both server (in Postfix, smtpd(8)) and client (in Postfix,
smtp(8)). So when you read "information" from others who are in a
similar predicament, your confusion increases.
Maybe we can help ... here's a try, anyway.
> They are now exactly the same 'smtp.frontier.com'
>
> Should there be a port on that? I think this may be the beef of the
> problem. Some ISPs are forcing certain security policy. Before
> postfix I was using (per client) ssmtp and had specified
> 'smtp.frontier.com 465' in its simple config file, then authed the
> same user/password. So should I use the same here and enable
> SSL/TLS being I know this was working for me?
1. Why did you switch from ssmtp? It's possible, even likely, that
your needs would be better served by a null SMTP client, rather
than a MTA such as Postfix.
2. smtp.frontier.com has submission servers on ports 25, 465 (smtps),
and 587. Ports 25 and 587 do not appear to support STARTTLS, so if
you desire encryption, your only choice is the deprecated smtps
subprotocol. Postfix does not implement smtps as a client, only as
a server. There is a workaround using stunnel:
http://www.postfix.org/TLS_README.html#client_smtps
BTW, I did not try to decode your AUTH string shown upthread, but if
that was the actual string you used at smtp.frontier.com, you must
change your password now. AUTH PLAIN has no security; it merely
obscures the username and password.
Regarding the need for TLS encryption, I tested from both inside and
outside Frontier. From outside Frontier, you definitely would want
encryption. From inside, such as if you're setting up a SOHO server
which is on Frontier's network, it probably does not matter, since
most likely only Frontier could sniff your traffic, and they are not
going to do anything "bad" with your mail user credentials.
If you really have a need or desire to run your own MTA, I suggest
these fine links as a starting point:
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/SOHO_README.html
If you just want email to work with your Frontier address, I would
suggest staying with a MUA (kmail is very good), or a null SMTP
client like ssmtp.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
