Postfix

[Afasoas]

I'm biting the bullet with my mailserver... it's running on a NAS with a nice web front end to configure it but I wanted to firstly run the protocols (imap/smtp) over SSL and add SMTP authentication.
I've had some success*, but now I can't send email using SMTP unless I'm on my lan. I need to be able to send email when out and about too using a/n/other's wi fi.

I've been reading extensively about Postfix configuration but it's hurting my brain. I am using dynamic DNS (mx record for my domain points to dynamic dns domain) and a smart host.

Current settings of note are:

Code: [Select]

inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
        mail.$mydomain, www.$mydomain, ftp.$mydomain
mynetworks_style = subnet
relayhost = [smart host FQDN]
inet_protocols = ipv4, ipv6
mailbox_size_limit = 0
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticatedyrus_sasl_config_path =
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, rej
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /usr/syno/etc/ssl/ssl.crt/server.crt
smtpd_tls_key_file = /usr/syno/etc/ssl/ssl.key/server.key
smtpd_tls_session_cache_database = btree:$data_directory/tls_session_cache_db

smtpd_tls_security_level = may
smtpd_enforce_tls = no
smtpd_tls_loglevel = 1
smtpd_use_tls = yes

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/syno/mailstation/etc/sasl_passwd
myhostname = somedomain.co.uk
smtpd_sasl_auth_enable = yes
message_size_limit = 10485760

I'm sure it's a problem with my sender/recipient/relay restrictions but I'm flummoxed. Once I've got this problem resolved I'd like to look at dropping plain text authentication and implementing an alternative (although if I'm forcing ssl is the authentication encrypted or sent in clear text?) and I am wondering about then bolting on some email encryption (PGP?).

Be gentle on me, this is all rather new.

*Even generated my own certificates for SSL, not from a trusted authority but I have been able to add the issuing authority as a trusted on all my devices

[Afasoas]

Curiously this seems to be working without a hitch on a laptop... it's Apple Mail that's struggling.

I'll try removing and re-adding the account.

[Afasoas]

Okay.. 90% I've got this sorted.
iOS devices don't support TLS (Transport Layer Security) so I've enabled Secure SMTP (SSL) instead and I'm away.

This might be a useful reference for anyone else.

So out of the box the NAS supports a mail server with IMAPS, POPS and unsecured SMTP.
Now it's running IMAP/SSL, IMAP/TLS, SMTP/SSL and SMTP/TLS.

[pcolbeck]

iOS devices support TLS from iOS 5.0 onwards. A bit late really since TLS was ratified in 2002 with the last update (RFC 5246 TLS 1.2)  being in 2008.

[Afasoas]

Thanks for that.
Leaves me wondering why the iThing was the only device I had which wouldn't work with smtp with TLS.

Anywhoo... might be a different story and I'm out n the wild.

Although I had everything connected up to the WAN side of my router/mail server (the router is a client on another domestic network) I'm sure it might be a different story when I'm out and about.