> On May 24, 2017, at 5:05 PM, alexvojproc <alexvojtkoproc...@gmail.com> wrote:
>
> smtpd_tls_cert_file=/etc/letsencrypt/live/REDACTED/fullchain.pem
> smtpd_tls_key_file=/etc/letsencrypt/live/REDACTED/privkey.pem
> smtpd_use_tls=yes
The non-obsolete setting is:
smtpd_tls_security_level = may
though if this is a submission service (not an MX host for any inbound
mail) you could use "encrypt" instead of "may". If it is also an MX
host, it is best to handle outbound submission on port 587.
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
With Postfix >= 2.11 you should leave this empty, session tickets are
a more appropriate way to handle session resumption.
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated,
> defer_unauth_destination
If you handle submission separately on 587 (aka submission/inet in
master.cf), then this just becomes "reject_unauth_destination".
> myhostname = localhost
Not a good idea, configure a sensible stable FQDN.
> smtp_tls_security_level = encrypt
Fine, provided your relayhost supports TLS.
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = noanonymous
This handles SASL from your MTA to the relayhost, BUT you've
completely neglected to configure SASL for authenticating
inbound mail submission. Those are "smtpd_sasl_..." settings.
See SASL_README for details.
> I'm intending for users to be able to connect to my server on port 25 and
> send mail, which is relayed through smtp.mailgun.org. However, I can only
> send mail to local users, and I receive "Server error: '454 4.7.1
> <myem...@gmail.com>: Relay access denied'" when I try to send mail to remote
> hosts like my Gmail account.
Of course, since the users have no opportunity to authenticate.
--
Viktor.
