I'm biting the bullet with my mailserver... it's running on a NAS with a nice web front end to configure it but I wanted to firstly run the protocols (imap/smtp) over SSL and add SMTP authentication.
I've had some success*, but now I can't send email using SMTP unless I'm on my lan. I need to be able to send email when out and about too using a/n/other's wi fi.
I've been reading extensively about Postfix configuration but it's hurting my brain. I am using dynamic DNS (mx record for my domain points to dynamic dns domain) and a smart host.
Current settings of note are:
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
mynetworks_style = subnet
relayhost = [smart host FQDN]
inet_protocols = ipv4, ipv6
mailbox_size_limit = 0
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticatedyrus_sasl_config_path =
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, rej
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /usr/syno/etc/ssl/ssl.crt/server.crt
smtpd_tls_key_file = /usr/syno/etc/ssl/ssl.key/server.key
smtpd_tls_session_cache_database = btree:$data_directory/tls_session_cache_db
smtpd_tls_security_level = may
smtpd_enforce_tls = no
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/syno/mailstation/etc/sasl_passwd
myhostname = somedomain.co.uk
smtpd_sasl_auth_enable = yes
message_size_limit = 10485760
I'm sure it's a problem with my sender/recipient/relay restrictions but I'm flummoxed. Once I've got this problem resolved I'd like to look at dropping plain text authentication and implementing an alternative (although if I'm forcing ssl is the authentication encrypted or sent in clear text?) and I am wondering about then bolting on some email encryption (PGP?).
Be gentle on me, this is all rather new.
*Even generated my own certificates for SSL, not from a trusted authority but I have been able to add the issuing authority as a trusted on all my devices