Browse - Computer Tips - How do I give valid offsite users a way to use my SMTP service?

Date: 2007nov30, 2011feb9
Keywords: RFC2476, RFC4409, Postfix, submission, MSA

Q.  How do I give valid offsite users a way to use my SMTP service?

A.  You want an MSA (Mail Submission Agent).

A Mail Submission Agent uses good old SMTP but runs on a different port
and is very strict who it accepts mail from.  You'll still need your
existing SMTP service to receive mail.

Here's how I set up an MSA with Postfix on Fedora.

Add this to /etc/postfix/

submission_recipient_restrictions=check_sender_access hash:/etc/postfix/sender_access,reject (Only people on that list can use the service ... if they login)
submission_recipient_restrictions = permit_sasl_authenticated, reject (Anybody who logs in can use the service)
Uncomment and modify these lines in /etc/postfix/
submission inet n - n - - submission -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=$submission_recipient_restrictions
On the first line I changed "smtpd" to "submission" this is because I wanted a different program noted in the log. So in the shell make a link to create that program:
cd /usr/libexec/postfix ln -s smtpd submission
You'll need to open port 587 in your firewall. Run system-config-security-level and add submission:tcp or directly edit /etc/sysconfig/iptables Update! If you are already using Dovecot (like me) you can use it for SASL which is nicer. Since its using SASL we need to install it:
dnf install cyrus-sasl-plain
This will pull in some prerequisites. Unfortunately there is another daemon that must be running. Configure it by making setting /etc/sysconfig/saslauthd to read:
Enable it:
chkconfig --level 2345 saslauthd on
Start it:
systemctl start saslauthd
Restart Postfix:
systemctl restart postfix
Set your mail client (eg Thunderbird) to use:
Port: 587 TLS: yes A userid and password
when sending. If you have a "domain name mismatch" and use Thunderbird try this extension: How it works