Hi, I have been reading the online docs for TLS_README.html and SASL_README.html but still having trouble deducing if I can get Postfix 2.6 to accept email over port 587 without giving Postfix a username and password ?
My current understanding of how my server deals with mail is traffic on port 25 with no username and password needed is only allowed from on-campus, and traffic on ports 465 and 587 is allowed when you provide a username and password, and postfix encrypts the email. I would like to change it so postfix will accept email without a username and password, specifically from Office 365, and with encryption [TLS]. I would add that I am not looking to change the current config, but just add this new ability. Is it as simple as adding smtpd_tls_security_level = may into main.cf ? I also heard Postfix can use maybe Kerberos tickets or certs and keys to allow Office 365 emails to be accepted by my postfix server, anyone know where in the docs that is ? [BTW our MX goes to O365 and forwards mail it can not deliver to our Postfix server] Example : email to ang...@uconn.edu<mailto:ang...@uconn.edu> goes to O365 and then O365 will forward to smtp.uconn.edu [which relays back to O365] due to my mailbox being angelo.fazz...@uconn.edu<mailto:angelo.fazz...@uconn.edu> . If you send directly to angelo.fazz...@uconn.edu<mailto:angelo.fazz...@uconn.edu> O365 delivers to mailbox without having to forward the email. Thank you for any guidance you guys have. My postconf -n is below [root@uconnMTA5 postfix]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s anvil_status_update_time = 600s append_dot_mydomain = no biff = no canonical_maps = regexp:/etc/postfix/maps/voip command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_list = 137.99.26.249 fast_flush_domains = $relay_domains, uits.uconn.edu, gapps.uconn.edu header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 31457280 mydestination = uconnsmtp.cloudapp.net uconnmta5.cloudapp.net, localhost.uits.uconn.edu, localhost, invalid.uconn.edu myhostname = uconnmta5.cloudapp.net mynetworks = /etc/postfix/files/mynetwork newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES recipient_delimiter = + sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_connection_count_limit = 500 smtpd_client_connection_rate_limit = 500 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_client_message_rate_limit = 500 smtpd_client_new_tls_session_rate_limit = 500 smtpd_client_recipient_rate_limit = 500 smtpd_client_restrictions = check_client_access hash:/etc/postfix/maps/block_ip, permit smtpd_hard_error_limit = 100 smtpd_junk_command_limit = 3000 smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/maps/block_to, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_tls_CAfile = /etc/pki/tls/certs/smtp_uconn_edu_2017_interm_root.cer smtpd_tls_cert_file = /etc/pki/tls/certs/smtp_uconn_edu_x509_cert.cer smtpd_tls_exclude_ciphers = IDEA-CBC-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL smtpd_tls_key_file = /etc/pki/tls/private/smtp_uconn_key.key smtpd_tls_mandatory_protocols = !SSLv3, !SSLv2 smtpd_use_tls = yes transport_maps = hash:/etc/postfix/maps/transport virtual_alias_domains = access.ced.uconn.edu appmail.uconn.edu eri.uconn.edu finearts.sfa.uconn.edu law.uconn.edu math.uconn.edu ropercenter.uconn.edu studentorgs.uconn.edu students.law.uconn.edu testexchange.uconn.edu uconn.edu huskymail.uconn.edu spamtest.uconn.edu lib.uconn.edu virtual_alias_maps = hash:/etc/postfix/virtual mysql:/etc/postfix/files/mysql_pn.cf regexp:/etc/postfix/maps/huskygroups regexp:/etc/postfix/maps/subaddressing -ANGELO FAZZINA ITS Service Manager: Spam and Virus Prevention Mass Mailing G Suite/Gmail ang...@uconn.edu University of Connecticut, ITS, SSG, Server Systems 860-486-9075
