On Tue, Jan 11, 2022 at 01:20:49PM -0500, Ruben Safir <ru...@mrbrklyn.com> wrote:
> On Thu, Jan 06, 2022 at 02:09:45PM +1100, raf wrote: > > On Wed, Jan 05, 2022 at 04:10:26AM -0500, Ruben Safir <ru...@mrbrklyn.com> > > wrote: > > > > > > > > /etc/postfix/main.cf: > > > > > > smtpd_sasl_type = dovecot > > > > > > smtpd_sasl_path = private/auth > > > > > > > > > > Can't this be done with tls withouth dovecot or sasl? > > > > > > > > Authentication is needed by Dovecot for IMAP access > > > > to read email. So it should be available for use by > > > > Postfix as well. > > > > > > It is not working anyway. The reason is that > > A) It won't relay > B) The IP addresses are mmarked in spamhoause as not valid for email > service > > Outbound Email policy of Cablevision/OptimumOnline for this IP range > > (Jan 2007) Email sent from this IP block via port 25 (SMTP) should only > be sent via the designated outbound mail server for Optimum Online > customers: mail.optimum.net The use of port 25 is obsolete, you should > use port 465/TLS (SMTPS) or port 587 (SMTP-Submit /w STARTTLS) to send > mail, whether you are using Optimum's server or a third-party ISP's > server. > > See OOL's support site at > http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=39 > > Standard-tier OOL customers are blocked from sending/receiving mail via > port 25 (SMTP) to any other servers since 2004. See OOL support site: > http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=876 > > You may send mail via another ISP by using SMTP-Submit (port 587) or > SMTPS (port 465/TLS) service, if your third-party ISP's mail server > supports this service. > > It is hiting on port 587 so I don't know a way around this that is > satisfactory. it is BS and annoying > http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=876http://optimum.custhelp.com/cgi-bin/optimum.cfg/php/enduser/std_adp.php?p_faqid=876 The above sounds very different to what I thought you were talking about. I thought you were saying that *your* Postfix server wasn't relaying email for your users, and that some form of user authentication (Dovecot SASL or TLS client certificates) was needed locally to be able to allow relaying *by* your Postfix server. The above sounds like your problem is that your Postfix server needs to send all outgoing mail via a specific *remote* mail server (Cablevision/OptimumOnline), and that *it* won't relay your email unless your Postfix server authenticates itself to that remote server, so that that remote server will be willing to relay mail that comes out of your Postfix server. That's a very different problem. If that's the case, your Postfix doesn't need access to Dovecot's SASL abilities, or to TLS client certificates. It just needs to connect to the remote mail server in the way that that server requires, by sypplying a username and password to it. I think it could look something like this: /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd /etc/postfix/transport: * relay:[mail.optimum.net]:587 /etc/postfix/sasl_password: u...@mail.optimum.net:PASSWORD But a transport map is probably overkill if it applies to all outgoing mail. I think that the transport_maps parameter and the transport file can be replaced by the relayhost parameter: relayhost = [mail.optimum.net]:587 But you'd still need the smtp_sasl_auth_enable and smtp_sasl_password_maps parameters, and the sasl_password file. I hope that makes some sense. But I still don't understand your statement that "It is hitting on port 587" I'm not sure what you mean by "It". Is "It" your Postfix server connecting to the remote ISP mail server on port 587, and failing to authenticate there? If so, the above should help. But if you are referring to something connecting to your Postfix server on port 587, then I'm probably still misundertanding the nature of your problem. cheers, raf P.S. The URLs above are inaccessible. Perhaps they only exist for their customers. The optimum.custhelp.com domain doesn't even resolve to an address for me.
