Computer Tips - How do I give valid offsite users a way to use my SMTP service?

Date: 2007nov30, 2011feb9, 2019sep20
Keywords: RFC2476, RFC4409, Postfix, submission, MSA

Q.  How do I give valid offsite users a way to use my SMTP service?

A.  You want an MSA (Mail Submission Agent).

A Mail Submission Agent uses good old SMTP but runs on a different port
and is very strict who it accepts mail from.  You'll still need your
existing SMTP service to receive mail.

Here's how I set up an MSA with Postfix on Fedora.

Add this to /etc/postfix/main.cf:

smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth mua_client_restrictions = permit_sasl_authenticated, permit mua_helo_restrictions = permit mua_sender_restrictions = permit
Uncomment and modify these lines in /etc/postfix/master.cf:
submission inet n - n - - submission -o syslog_name=postfix/submission -o smtpd_reject_unlisted_recipient=no -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=encrypt -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
On the first line I changed "smtpd" to "submission" this is because I wanted a different program noted in the log. So in the shell make a link to create that program:
cd /usr/libexec/postfix ln -s smtpd submission
You'll need to open port 587 in your firewall. In /etc/dovecot/conf.d/10-master.conf uncomment/add this
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }
Restart Postfix and Dovecot
systemctl restart postfix dovecot
Set your mail client (eg Thunderbird) to use:
Port: 587 TLS: yes A userid and password
When sending. How it works http://en.wikipedia.org/wiki/SMTP_Authentication