From: W. Trevor King Date: Sun, 12 Feb 2012 13:18:19 +0000 (-0500) Subject: Add workaround for blocked incoming port 25 to Postfix post. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7847ba4c8384a60e56ddf65138d13b1cf22775f2;p=blog.git Add workaround for blocked incoming port 25 to Postfix post. Also convert tabs to spaces. --- diff --git a/posts/Postfix.mdwn b/posts/Postfix.mdwn index 8407ce2..e1fafaf 100644 --- a/posts/Postfix.mdwn +++ b/posts/Postfix.mdwn @@ -1,9 +1,14 @@ I spent some time today configuring [Postfix][] so I could send mail -from home via [[SMTPS|STMP]]. Verizon, our ISP, blocks port 25 to -external domains, forcing all outgoing mail through their -`outgoing.verizon.net` exchange server. In order to accept mail, they -also require you authenticate with your Verizon username and password, -so I wanted to use an encrypted connection. +from home via [[SMTPS|STMP]]. + +Outgoing mail +============= + +Verizon, our ISP, blocks port 25 to external domains, forcing all +outgoing mail through their `outgoing.verizon.net` exchange server. +In order to accept mail, they also require you authenticate with your +Verizon username and password, so I wanted to use an encrypted +connection. For the purpose of this example, our Verizon username is `jdoe`, our Verizon password is `YOURPASS`, you're running a local Postfix server @@ -18,14 +23,14 @@ free local port. sender_canonical_maps = hash:/etc/postfix/sender_canonical # cat /etc/postfix/saslpass [127.0.0.1]:12345 jdoe@verizon.net:YOURPASS - # postmap /etc/postfix/saslpass - # cat /etc/postfix/sender_canonical - root@mail.example.com jdoe@example.com + # postmap /etc/postfix/saslpass + # cat /etc/postfix/sender_canonical + root@mail.example.com jdoe@example.com root@example.com jdoe@example.com root@localhost jdoe@example.com jdoe@mail.example.com jdoe@example.com jdoe@localhost jdoe@example.com - # postmap /etc/postfix/sender_canonical + # postmap /etc/postfix/sender_canonical # cat /etc/stunnel/stunnel.conf [smtp-tls-wrapper] accept = 12345 @@ -59,11 +64,45 @@ There's also a [blog post by Tim White][TW] which I found useful. Because Verizon lacks [STARTTLS][] support, his approach didn't work for me out of the box. +Incoming mail +============= + +In case you have trouble with someone blocking your incoming mail, things are a bit trickier. You can always accept mail on different ports (e.g. the submission port 587), with an entry like + + submission inet n - n - - smtpd + +in `/etc/postfix/master.cf`. However, others will not know which port +you selected, because [MX records][MX] do not allow you to specify +alternate ports. The more modern [SRV record][SRV] allows this, but +mail systems are old-school and don't support SRV. If you have access +to another external server (whose port 25 isn't blocked), you can +point your MX record at that server, and have it forward mail to you +on your strange port. + +For the purpose of this example, the remote host has a public IP of +`1.2.3.4`, and your local site is `example.com`, recieving mail on +port 587. All of the following config files are on the remote host. + + # cat /etc/postfix/main.cf + … + proxy_interfaces = 1.2.3.4 + relay_domains = example.com + relay_transport = relay:[example.com]:587 + … + +For futher details (e.g. if you are relaying to more than one target), +see the [Postfix suggestions for being an MX host for a remote +site][host]. + [Postfix]: http://www.postfix.org/ [postconf]: http://www.postfix.org/postconf.5.html [SASL_README]: http://www.postfix.org/SASL_README.html [TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/ [STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS +[MX]: http://en.wikipedia.org/wiki/MX_record +[SRV]: http://en.wikipedia.org/wiki/SRV_record +[relay_domains]: http://www.postfix.org/postconf.5.html#relay_domains +[host]: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup [[!tag tags/linux]] [[!tag tags/tools]]