Re: restricted inbound on 587

Sat, 16 Jan 2021 23:30:51 -0800 

On Sat, Jan 16, 2021 at 11:37:50PM -0700, Gary Aitken wrote:

> >>     /etc/postfix/master.cf:
> >>       #smtp      inet  n       -       y       -       -       smtpd
> >>       submission inet n       -       y       -       -       smtpd
> > 
> > This looks like a submission service, so you would generally require
> > TLS.
> 
> Yes, I assume that's a hint I need
>    smtp_use_tls=yes

No, that's the obsolete syntax to enable opportunistic outbound (SMTP
client) TLS, but you need mandatory inbound (SMTP server) TLS.

    smtpd_tls_security_level = encrypt

> Do I need others besides smtp_tls_cert_file and smtp_tls_key_file?

Neither have anything to do with inbound TLS, and you generally don't
need client certificates.  The right parameters are:

    smtpd_tls_cert_file
    smtpd_tls_key_file

and if you have both the cert and the key in the same file then
just the "cert" one will do.

> > You have nothing in your configuration that would direct outbound
> > traffic to port 587, and it is likely not what you want anyway.
> > Does "xx.com" really receive inbound email on port 587?  If so,
> > you'd need a transport table entry to send it there, and probably
> > SASL to authenticate your access to that service.
> 
> In this case the destination address does listen on 587.  
> Why is it not likely what I want?

Because you did not explain that this is a relayhost.  Your message said
that you sent outbound mail to just that domain, not that you were using
that domain as a relayhost.  Which is it?

> The recipient domain is not listed in mydestination; but shouldn't it be
> contacting the MX host of the recipient domain rather than itself?

Now you're really confusing things.  If you want delivery to port 587 of
a relayhost (submission service smarthost that figures how where to
route the mail), then the MX records of the recipient domain are
irrelevant.  If you want to deliver to the MX host of domain you'd want
to use port 25, which is where domains receive inbound mail.

It seems you're rather confused abou† what you want...

> The book seems likely to be horribly out of date, unfortunately.

The books is more than sufficiently current on the fundamentals.
Postfix configurations that worked in 2001 still work largely
unchanged today, and your difficulties are with the concepts,
not configuration specifics.

-- 
    Viktor.

Reply via email to