Browse - Computer Tips - How do I give valid offsite users a way to use my SMTP service?
Date: 2007nov30, 2011feb9
Keywords: RFC2476, RFC4409, Postfix, submission, MSA
Q. How do I give valid offsite users a way to use my SMTP service?
A. You want an MSA (Mail Submission Agent).
A Mail Submission Agent uses good old SMTP but runs on a different port
and is very strict who it accepts mail from. You'll still need your
existing SMTP service to receive mail.
Here's how I set up an MSA with Postfix on Fedora.
Add this to /etc/postfix/main.cf:
(Only people on that list can use the service ... if they login)
submission_recipient_restrictions = permit_sasl_authenticated, reject
(Anybody who logs in can use the service)
Uncomment and modify these lines in /etc/postfix/master.cf:
submission inet n - n - - submission
On the first line I changed "smtpd" to "submission" this is because
I wanted a different program noted in the log. So in the shell
make a link to create that program:
ln -s smtpd submission
You'll need to open port 587 in your firewall.
Run system-config-security-level and add submission:tcp
or directly edit /etc/sysconfig/iptables
Update! If you are already using Dovecot (like me) you can use
it for SASL which is nicer.
Since its using SASL we need to install it:
dnf install cyrus-sasl-plain
This will pull in some prerequisites.
Unfortunately there is another daemon that must be running.
Configure it by making setting /etc/sysconfig/saslauthd to read:
chkconfig --level 2345 saslauthd on
systemctl start saslauthd
systemctl restart postfix
Set your mail client (eg Thunderbird) to use:
A userid and password
If you have a "domain name mismatch" and use Thunderbird try this extension:
How it works