On 6/9/2019 6:18 PM, Ronald F. Guilmette wrote: > Thank you, but I need to be frank.
I thought you were Ronald? :-) > I believe that I understand fully how to handle my outbound email traffic, > i.e. treating my (soon to be) cloud VM running Postfix as a "smarthost" > for outbound. That part is the easy part, and also the simple part. > > The harder part is handing the inbound email traffic for my several domains. > > I *think* that I *may* perhaps understand your suggestion with regards to > that, but I'll have to think about it awhile longer before I can be sure. > > I wish that I had an example to look at, or some slightly-more-detailed > write-up to refer to that would show me how to configure this exact approach > with Postfix. > > But if worse comes to worse, I can probably puzzle it all out, starting from > just what you said, above. > > One part that I'm sure that I -do not- understand is why you suggeted an > alternative port number. Can you explain? Almost every residential ISP will block ports like 25 and 80 so you can't run servers on the connections. You have a static IP and usually that means they don't block ports. When you switch away from that solution, I expect you will see that change. So you have a domain, tristatelogic.com. - You get a VM on AWS w/CentOS. - You put an Elastic IP on it so it is static. - You create a security group that allows 25 and 22 from /0 inbound to the box - You create an A record called mail.tristatelogic.com pointed to the IP - You open a ticket with AWS for the reverse pointer for the box and to remove smtp throttling - You mail.tristatelogic.com to accept relay mail for the domain tristatelogic.com. - Setup SMTP Auth so that someone has to authenticate to send email outbound - Setup a transport to deliver mail for tristatelogic.com to local.tristatelogic.com on port 2525 At your home: - Setup your postfix server so it works like you want called something like local.tristatelogic.com - Configure/Purchase a Dynamic DNS service so that something like ronald.dyndns.something is a CNAME for local.tristatelogic.com so that your mail works when your ISP changes your IP - On the firewall at your house, port forward an alternate port such as 2525 to 25 on the postfix server on a static internal IP behind your firewall - Setup postfix on local.tristatelogic.com to smarthost with SMTP auth through mail.tristatelogic.com Also recommend on both local and mail boxes, you install Let's Encrypt certs so you can require TLS for all the mail going between mail.tristatelogic.com and local.tristatelogic.com. You'll also get opportunistic TLS for places that support it. This will let you have inbound and outbound mail working from a server on a residential grade connection. As a homework exercise for the reader will be picking better names for the boxes. I suggest disney characters, firefly | star (trek|wars) canon or dilbert characters. ratbert and dilbert would get at least a B+ from me. Regards, KAM
