Computer Tips - Postfix: give valid offsite users a way to use my SMTP service (submission)

Date: 2007nov30, 2011feb9, 2019sep20 Keywords: RFC2476, RFC4409, Postfix, submission, MSA Q. Postfix: give valid offsite users a way to use my SMTP service (submission) A. You want an MSA (Mail Submission Agent). A Mail Submission Agent uses good old SMTP but runs on a different port and is very strict who it accepts mail from. You'll still need your existing SMTP service to receive mail. Here's how I set up an MSA with Postfix on Fedora. Add this to /etc/postfix/main.cf:
smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth mua_client_restrictions = permit_sasl_authenticated, permit mua_helo_restrictions = permit mua_sender_restrictions = permit
Uncomment and modify these lines in /etc/postfix/master.cf:
submission inet n - n - - submission -o syslog_name=postfix/submission -o smtpd_reject_unlisted_recipient=no -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=encrypt -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
On the first line I changed "smtpd" to "submission" this is because I wanted a different program noted in the log. So in the shell make a link to create that program:
cd /usr/libexec/postfix ln -s smtpd submission
You'll need to open port 587 in your firewall. (You can `grep submission /etc/services` to confirm the port number) In /etc/dovecot/conf.d/10-master.conf uncomment/add this
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }
Restart Postfix and Dovecot
systemctl restart postfix dovecot
Set your mail client (eg Thunderbird) to use:
Port: 587 TLS: yes A userid and password
When sending. How it works http://en.wikipedia.org/wiki/SMTP_Authentication