You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue is to keep track of the recent tests and documentation of the minimum postfix configuration needed for the port redirection. For other mail-servers we should ask the community to help on that.
Basic interface with mailout
TBD
Minimum postfix configuration
When receiving on port 25 (or NATed over from custom port 2525), the default configuration should be sufficient. In mater.cf the main service that handles the incoming mails is submission (TBC). Commonly found reasons for not being able to receive mails on port 465 and 587 are either due to postfix blocking the connection or TLS is missconfigured. For the postfix settings the user should check that the following options allow to receive:
## These are placeholder settings for now. DO NOT use these settings as we have not tested the security yet.
## If others have experience and insight setting these options please comment.
## TODO: find the appropriate safe options to:
## 1) Deny access to non-authenticated users to send mails from the service
## 2a) Allow receiving the mails from mailout receiving MX record
## 2b) Allow receiving the mails from arbitrary source. (Useful for overriding mailout on IPv6)
## PS: it is not recommended to have ONLY these options set/unset, but
submission inet n - n - - smtpd
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
# -o smtpd_client_restrictions=permit_sasl_authenticated
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
smtps inet n - n - - smtpd
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
# -o smtpd_client_restrictions=permit_sasl_authenticated
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
Otherwise mailout is properly configured to allow setting:
submission inet n - n - - smtpd
-o smtpd_tls_auth_only=yes
smtps inet n - n - - smtpd
-o smtpd_tls_auth_only=yes
TLS certificate
Misconfiguration here has also lead to a few issues with mailout relaying mails, particularly when setting up additional MX subdomains to redirect the mails.
Coming soon: recommended and simple configuration for setting up manual and automatic certificate renewal using certbot, step and caddy.
The text was updated successfully, but these errors were encountered:
This issue is to keep track of the recent tests and documentation of the minimum postfix configuration needed for the port redirection. For other mail-servers we should ask the community to help on that.
Basic interface with mailout
TBD
Minimum postfix configuration
When receiving on port 25 (or NATed over from custom port 2525), the default configuration should be sufficient. In
mater.cf
the main service that handles the incoming mails issubmission
(TBC). Commonly found reasons for not being able to receive mails on port465
and587
are either due to postfix blocking the connection or TLS is missconfigured. For the postfix settings the user should check that the following options allow to receive:Otherwise mailout is properly configured to allow setting:
TLS certificate
Misconfiguration here has also lead to a few issues with mailout relaying mails, particularly when setting up additional MX subdomains to redirect the mails.
Coming soon: recommended and simple configuration for setting up manual and automatic certificate renewal using
certbot
,step
andcaddy
.The text was updated successfully, but these errors were encountered: