On 9/21/2019 9:23 PM, John Dale wrote:
Ugh .. still having trouble getting apple's mail client to work with
postfix SMTP settings.
I'm not seeing anything in the logs that I can make sense of:
[...]
Explain it to me like I'm five, please .. what are the SMTP settings
that I need to be most concerned with for this authentication portion.
In the mail server world I'm going on six myself but I'll give it a shot.
To begin with you need to start small - get things working with a test
server with a minimum of restrictions and then tweak one item at a time
until you have at least some comfort level of what that does.
First, some terms as I understand them. Hopefully someone will correct
me if I'm providing too much misinformation.
MUA - Mail User Agent - Client. Thunderbird, Mail.app, and others. These
programs talk to MTA's and expect the MTA to transport mail to a
destination. Local, remote, virtual, or whatever the next concept might be.
MTA - Mail Transfer Agent - Server. MTA's like Postfix *transfer*
messages between...various sources & destinations. A source can be a
MUA. It can also be another MTA - local or remote. The destination can
be another MTA - or there may be a delivery.
MDA - Mail Delivery Agent - Storage Interface. The MDA (like Postfix's
local or Dovecot's LMTP) accept messages from a MTA and store them -
which typically means saving to disk in some fashion.
Host System - the running O/S that is running the MTA (Postfix).
Local Users - known to the host system. Users configured in your
/etc/passwd as an example.
Virtual Users - valid users that are not necessarily known to the host
system. Basically any user database that is not used by the host system.
With those defined - consider the interaction of MUA-MTA-MDA. Using your
workstation mail client (for convenience let's say Thunderbird) you send
a mail...to yourself. Whether your mail account is local or virtual is
irrelevant. Thunderbird connects to the configured Outgoing Server -
let's say at mail.mydomain.com on port 587. The Postfix listener (which
is smtpd, as in SMTP Daemon) takes that message and via the black magic
- I mean exceptional coding of the various processes (and there is no
sarcasm whatsoever in that statement) - determines that it belongs to
this same server. The message is then passed to the MDA and is saved for
later retrieval.
Now consider the next level - someone from outside your system, on the
nasty InfectedNet, sends you a message. This is MTA-MTA-MDA. Just like a
MUA, the remote MTA connects to your MTA except this time using port 25
- which is handled by another instance of smtpd. A near-identical
process occurs, the message is determined to be handled locally, and is
passed to the MDA.
The above two interactions are basically the only "local" possibilities.
If the MTA passes the message to anything other than a MDA - that's a
relay operation. Which means when *your* MUA connects to *your* MTA and
asks it to send your birthday congratulations to m...@giggle.com - that's
a relay operation.
Hopefully the above makes sense and my subjective version isn't too far
off from objective reality.
If you made it to this point - go back to the top where I said start
small. Do so. Attempting to introduce encryption to a server that is not
both fully-functional with plaintext and whose configuration is not
understood is an excursion into extreme masochism.
[...]
Seems most documentation is written for folks who
already have a good understanding of the state of SMTP.
You are correct.
My goals are to stand up a reasonably secure mail server as quickly as
possible so I can get back to designing databases and writing middleware
code.
Generally such an attitude, while understandable and often shared, is
generally going to be met with a response that administering a mail
server is not a part-time job and if you're not "qualified" then you
should hire someone who is. I've been lucky enough to have received some
hand-holding myself so I'm trying to pay it forward.
I'm running 3.3.0 - I would sure appreciate your help. I've had some
success so far and I look forward to continuing to build my competency
in smtp admin with postfix.
There's no better place to do so!
--
Daniel
