On 1/17/21 12:30 AM, Viktor Dukhovni wrote:
On Sat, Jan 16, 2021 at 11:37:50PM -0700, Gary Aitken wrote:
/etc/postfix/master.cf:
#smtp inet n - y - - smtpd
submission inet n - y - - smtpd
This looks like a submission service, so you would generally require
TLS.
Yes, I assume that's a hint I need
smtp_use_tls=yes
No, that's the obsolete syntax to enable opportunistic outbound (SMTP
client) TLS, but you need mandatory inbound (SMTP server) TLS.
smtpd_tls_security_level = encrypt
The issue *is* with outbound; I need outbound to 587 and inbound on 587.
Do I need others besides smtp_tls_cert_file and smtp_tls_key_file?
Neither have anything to do with inbound TLS, and you generally don't
need client certificates. The right parameters are:
smtpd_tls_cert_file
smtpd_tls_key_file
Those are already set for inbound.
and if you have both the cert and the key in the same file then
just the "cert" one will do.
Thanks.
You have nothing in your configuration that would direct outbound
traffic to port 587, and it is likely not what you want anyway.
Does "xx.com" really receive inbound email on port 587? If so,
you'd need a transport table entry to send it there, and probably
SASL to authenticate your access to that service.
In this case the destination address does listen on 587.
Why is it not likely what I want?
Because you did not explain that this is a relayhost. Your message said
that you sent outbound mail to just that domain, not that you were using
that domain as a relayhost. Which is it?
That domain and its mx server serves as both a destination and a relay
host if necessary. In this case I would like it to be only a destination,
but at the moment the only way I have been able to get postfix to contact
it on 587 is to have postfix treat it as a relayhost.
I think the issue is I need to specify default_transport as suggested by
Matus; I will try that.
The recipient domain is not listed in mydestination; but shouldn't it be
contacting the MX host of the recipient domain rather than itself?
Now you're really confusing things. If you want delivery to port 587 of
a relayhost (submission service smarthost that figures how where to
route the mail), then the MX records of the recipient domain are
irrelevant. If you want to deliver to the MX host of domain you'd want
to use port 25, which is where domains receive inbound mail.
It seems you're rather confused abou†what you want...
I'm certainly confused about how to accomplish it...
The postfix server is inside the google cloud, and google blocks port 25.
That's why I need it to go out to 587, not 25.
Thanks,
Gary
