I spent some time today configuring [Postfix][] so I could send mail
-from home via [[SMTPS|STMP]]. Verizon, our ISP, blocks port 25 to
-external domains, forcing all outgoing mail through their
-`outgoing.verizon.net` exchange server. In order to accept mail, they
-also require you authenticate with your Verizon username and password,
-so I wanted to use an encrypted connection.
+from home via [[SMTPS|STMP]].
+
+Outgoing mail
+=============
+
+Verizon, our ISP, blocks port 25 to external domains, forcing all
+outgoing mail through their `outgoing.verizon.net` exchange server.
+In order to accept mail, they also require you authenticate with your
+Verizon username and password, so I wanted to use an encrypted
+connection.
For the purpose of this example, our Verizon username is `jdoe`, our
Verizon password is `YOURPASS`, you're running a local Postfix server
sender_canonical_maps = hash:/etc/postfix/sender_canonical
# cat /etc/postfix/saslpass
[127.0.0.1]:12345 jdoe@verizon.net:YOURPASS
- # postmap /etc/postfix/saslpass
- # cat /etc/postfix/sender_canonical
- root@mail.example.com jdoe@example.com
+ # postmap /etc/postfix/saslpass
+ # cat /etc/postfix/sender_canonical
+ root@mail.example.com jdoe@example.com
root@example.com jdoe@example.com
root@localhost jdoe@example.com
jdoe@mail.example.com jdoe@example.com
jdoe@localhost jdoe@example.com
- # postmap /etc/postfix/sender_canonical
+ # postmap /etc/postfix/sender_canonical
# cat /etc/stunnel/stunnel.conf
[smtp-tls-wrapper]
accept = 12345
Because Verizon lacks [STARTTLS][] support, his approach didn't work
for me out of the box.
+Incoming mail
+=============
+
+In case you have trouble with someone blocking your incoming mail, things are a bit trickier. You can always accept mail on different ports (e.g. the submission port 587), with an entry like
+
+ submission inet n - n - - smtpd
+
+in `/etc/postfix/master.cf`. However, others will not know which port
+you selected, because [MX records][MX] do not allow you to specify
+alternate ports. The more modern [SRV record][SRV] allows this, but
+mail systems are old-school and don't support SRV. If you have access
+to another external server (whose port 25 isn't blocked), you can
+point your MX record at that server, and have it forward mail to you
+on your strange port.
+
+For the purpose of this example, the remote host has a public IP of
+`1.2.3.4`, and your local site is `example.com`, recieving mail on
+port 587. All of the following config files are on the remote host.
+
+ # cat /etc/postfix/main.cf
+ …
+ proxy_interfaces = 1.2.3.4
+ relay_domains = example.com
+ relay_transport = relay:[example.com]:587
+ …
+
+For futher details (e.g. if you are relaying to more than one target),
+see the [Postfix suggestions for being an MX host for a remote
+site][host].
+
[Postfix]: http://www.postfix.org/
[postconf]: http://www.postfix.org/postconf.5.html
[SASL_README]: http://www.postfix.org/SASL_README.html
[TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/
[STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS
+[MX]: http://en.wikipedia.org/wiki/MX_record
+[SRV]: http://en.wikipedia.org/wiki/SRV_record
+[relay_domains]: http://www.postfix.org/postconf.5.html#relay_domains
+[host]: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup
[[!tag tags/linux]]
[[!tag tags/tools]]
projects / mw2txt.git / commitdiff