On 13 Oct 2011, at 13:29, Tolga <to...@ozses.net> wrote: > > > On 10/13/2011 03:24 PM, Reindl Harald wrote: >> >> Am 13.10.2011 14:18, schrieb Tolga: >> >> On 10/13/2011 03:09 PM, Reindl Harald wrote: >>> is this your first mailserver? >> No, it's not my first mailserver, but I have lost my previous configuration >> >>> the question "if i need both" cares me a little bit because logically a >>> foreign >>> mailserver has a MX record for you and will always use 25 because he will >>> not >> How can I find out which mailserver has MX for me? >> >> >> but it sounds like this is your first mailserver because your last question >> shows you are missing basics - one of them is how can anybody lose a whole >> configuration - backups anywhere! >> >> no other mailserver has MX for you >> you have to know if your mailserver is MX >> >> the other mailserver says "hm mail for b...@domain.tld", who is MX for >> "domain.tld" >> if there is your mailserver used he will try to deliver to your server on >> port 25 >> >> so if your mailserver is MX for any domain you need port 25 >> if your mailserver is only a relay with authentication you need only >> submission, but this depends on the roles your mailserver is playing >> and has nothing to do with a lost configuration - these facts are >> the base of the needed configuration >> > Thanks Reindl for your insight. Unfortunately I had no backups, and it looks > like this thread has been going on for days for nothing. Thanks all :)
Tolga, The others are right in that losing a mailserver configuration is almost unforgivable but I'm sure you'll only do it once! However the basics that are being spoken about are critical to the understanding of how internet email works. Somebody from a foreign domain wants to send you email, their domain's Message Transfer Agent looks up your domain in DNS, checking for an A record corresponding to the domain - or preferably (?) - a Mail eXchanger (MX) record with a matching A record for one or more Mail eXchangers that agree to accept email on behalf of your domain. The above is all publicly available information published in your DNS. All of the above is also taking place on ports 53 (for the DNS stuff there) and 25 (for the SMTP - MTA's talking to one another). The parameters that govern who is accepted by Postfix to talk freely to your mailserver have already been mentioned. Particular mention was made that in your mynetworks statement you had an entire /24 block of IP's - most of which you presumably won't control. This should instead read x.x.x.x/32 - meaning only the one IP address is trusted.127.0.0.1/32 refers only to the mailserver itself not requiring additional authentication (via SASL) and being allowed to relay mail onwards to the next MX. If the server runs Apache or otherwise needs this then this is probably OK too but it's not something I personally do. I prefer to keep things separate. As others have mentioned the Submission port is specifically set aside to allow authenticated users within your control to be allowed to submit mail for processing and relaying onwards to their next hop, most often perhaps elsewhere on the internet. Using Submission requires the technical setup others have been hinting at already. SASL needs to be setup and working; it only makes sense with either TLS or SSLv3 encryption enabled too (which require entries in main.cf as Victor pointed out). As you trust these clients who are submitting mail to your server those certificates do not need necessarily to be from a third party SSL provider, but if they aren't the client Mail Submission Agent needs to trust your self-signed root certificate but I'm getting ahead of myself here. Finally be sure you understand how the configuration files work in Postfix, an option that has long parameters continues onto the next line if that line starts with a space for example. Wietse, and the other contributors, have done a sterling job of the documentation and of course the code. I learned what I have through reading that (mostly) and reading this list. I hope this has helped clarify things a little for you and it was in no way meant to sound condescending. I only write to help you and others (I hope). I also hope that as it's late here and I'm stuck with my iPhone I didn't get anything seriously wrong. I've been using Postfix only a little over a year and found it both interesting to learn and fun to use as I compiled each revision with interest at the new changes made. Wietse, hartelijk bedankt! Mark. Sent from my iPhone
