Loading ...
Sorry, an error occurred while loading the content.
 

Unclear of smtp protocol in a restricted domain

Expand Messages
  • cybermass
    Hi. I am a bit unclear about how email works in a closed domain from roaming clients (SASL auth clients). If there is a postfix server that is configured to
    Message 1 of 19 , Mar 30, 2014
      Hi. I am a bit unclear about how email works in a closed domain from roaming
      clients (SASL auth clients).

      If there is a postfix server that is configured to only accept and send
      email to users in the same domain, say for example
      john@... can only send to another_user@..., does this
      mean that the client's email never hops through other servers or "hops"?

      I would assume it does not hop since the user authenticated, then crafted an
      email to another user in same domain, using only the mail server IP that is
      allowed to relay. I would think it would be all encapsulated inside the mail
      server, never leaving out to the internet, but I do know that the clients
      have to send via the SMTP protocol, either port 25 or 465 or any other
      custom port chosen. Can someone please verify if the email travels through
      hops in this environment or does it remain inside the postfix server?
      Thanks.



      --
      View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494.html
      Sent from the Postfix Users mailing list archive at Nabble.com.
    • lists@rhsoft.net
      ... who knows without the config ... if i understand the question cooecrtly you see the anser below in that case the question could have been one or two lines
      Message 2 of 19 , Mar 30, 2014
        Am 31.03.2014 00:35, schrieb cybermass:
        > Hi. I am a bit unclear about how email works in a closed domain from roaming
        > clients (SASL auth clients).
        >
        > If there is a postfix server that is configured to only accept and send
        > email to users in the same domain, say for example
        > john@... can only send to another_user@..., does this
        > mean that the client's email never hops through other servers or "hops"?

        who knows without the config

        > I would assume it does not hop since the user authenticated, then crafted an
        > email to another user in same domain, using only the mail server IP that is
        > allowed to relay. I would think it would be all encapsulated inside the mail
        > server, never leaving out to the internet, but I do know that the clients
        > have to send via the SMTP protocol, either port 25 or 465 or any other
        > custom port chosen. Can someone please verify if the email travels through
        > hops in this environment or does it remain inside the postfix server?

        if i understand the question cooecrtly you see the anser below
        in that case the question could have been one or two lines
        in any case output of "postconf -n" instead descriptions would help

        first lines of "main.cf" on any of my testing machines:
        default_transport = error:5.1.2 mail to remote domains not permitted
        local_transport = error:5.1.2 local transport not permitted
        relay_transport = error:5.1.2 relay transport not permitted
        virtual_transport = error:5.1.2 virtual transport not permitted

        domains are listed in "mydestination" via mysql
        "local_recipient_maps" configured via mysql
        "transport_maps" is configured via mysql and points to LMTP on 127.0.0.1:24
      • Viktor Dukhovni
        ... No it does not. The submission server accepting email from and to users in the single domain in question need not be the final store for the mailboxes of
        Message 3 of 19 , Mar 30, 2014
          On Sun, Mar 30, 2014 at 03:35:13PM -0700, cybermass wrote:

          > If there is a postfix server that is configured to only accept and send
          > email to users in the same domain, say for example
          > john@... can only send to another_user@..., does this
          > mean that the client's email never hops through other servers or "hops"?

          No it does not. The submission server accepting email from and to
          users in the single domain in question need not be the final store
          for the mailboxes of that domain, and may deliver the mail to the
          final mail-store via LMTP (remote non-SMTP hop) or via SMTP.

          --
          Viktor.
        • cybermass
          How can I configure it so that the user s email never bounce through any other hop but go directly through the server? Also how do I configure it to ONLY
          Message 4 of 19 , Mar 30, 2014
            How can I configure it so that the user's email never bounce through any
            other hop but go directly through the server? Also how do I configure it to
            ONLY deliver via LMTP and not even SMTP? This confuses me because the user
            is a roaming client, how would that user make a connection to the postfix
            server without using port 25 or 465? In my case, we use a custom port since
            ISP's block outgoing ports 25 and sometimes 465


            On Sun, Mar 30, 2014 at 4:09 PM, Viktor Dukhovni [via Postfix] <
            ml-node+s1071664n66496h76@...> wrote:

            > On Sun, Mar 30, 2014 at 03:35:13PM -0700, cybermass wrote:
            >
            > > If there is a postfix server that is configured to only accept and send
            > > email to users in the same domain, say for example
            > > [hidden email] <http://user/SendEmail.jtp?type=node&node=66496&i=0> can
            > only send to [hidden email]<http://user/SendEmail.jtp?type=node&node=66496&i=1>,
            > does this
            > > mean that the client's email never hops through other servers or "hops"?
            >
            > No it does not. The submission server accepting email from and to
            > users in the single domain in question need not be the final store
            > for the mailboxes of that domain, and may deliver the mail to the
            > final mail-store via LMTP (remote non-SMTP hop) or via SMTP.
            >
            > --
            > Viktor.
            >
            >
            > ------------------------------
            > If you reply to this email, your message will be added to the discussion
            > below:
            >
            > http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66496.html
            > To unsubscribe from Unclear of smtp protocol in a restricted domain, click
            > here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=66494&code=Y3liZXJtYXNzcHJvZHVjdGlvbmNlbnRlckBnbWFpbC5jb218NjY0OTR8NTE3NzI5OTA0>
            > .
            > NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
            >




            --
            View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66497.html
            Sent from the Postfix Users mailing list archive at Nabble.com.
          • Viktor Dukhovni
            ... By arranging for mail to the domain in question to be delivered locally: http://www.postfix.org/BASIC_CONFIGURATION_README.html#mydestination
            Message 5 of 19 , Mar 30, 2014
              On Sun, Mar 30, 2014 at 04:13:00PM -0700, cybermass wrote:

              > How can I configure it so that the user's email never bounce through any
              > other hop but go directly through the server?

              By arranging for mail to the domain in question to be delivered locally:

              http://www.postfix.org/BASIC_CONFIGURATION_README.html#mydestination
              http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
              http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to
              http://www.postfix.org/VIRTUAL_README.html#canonical

              http://www.postfix.org/postconf.5.html#mydestination
              http://www.postfix.org/postconf.5.html#virtual_mailbox_domains
              http://www.postfix.org/postconf.5.html#virtual_alias_domains

              Note that with virtual alias domains, whether delivery is local or
              not depends on what other domain any particular address is rewritten
              to. Addresses that fail to be rewritten to some other domain are
              either rejected or bounced.

              > Also how do I configure it to ONLY deliver via LMTP and not even SMTP?

              Delivery is via whatever transport you configure:

              http://www.postfix.org/transport.5.html
              http://www.postfix.org/postconf.5.html#transport_maps
              http://www.postfix.org/postconf.5.html#local_transport
              http://www.postfix.org/postconf.5.html#virtual_transport

              > This confuses me because the user
              > is a roaming client, how would that user make a connection to the postfix
              > server without using port 25 or 465? In my case, we use a custom port since
              > ISP's block outgoing ports 25 and sometimes 465

              How the client submits the mail for delivery is irrelevant. Perhaps
              you are not even able to express your question clearly enough. What
              real problem are you trying to solve? (Don't talk about SMTP or Postfix,
              talk about what practical properties you want for the email in question

              --
              Viktor.
            • cybermass
              Ok the user s emails should not go through any other servers out on the internet to reach mine. Meaning their emails are sent directly within the server. so if
              Message 6 of 19 , Mar 30, 2014
                Ok the user's emails should not go through any other servers out on the
                internet to reach mine. Meaning their emails are sent directly within the
                server. so if john@... sends to joe@..., nobody else
                should be able to read that email, no ISP, or any system. I understand how
                normal emails work. from yahoo to gmail. the yahoo servers hop through to
                get to gmail. since my server is only 1 box and the users are local users,
                (only one domain in the virtual domains table), then is this email sent
                within the server or does it hop from the client's internet connection to
                get to my server?


                On Sun, Mar 30, 2014 at 4:25 PM, Viktor Dukhovni [via Postfix] <
                ml-node+s1071664n66498h38@...> wrote:

                > On Sun, Mar 30, 2014 at 04:13:00PM -0700, cybermass wrote:
                >
                > > How can I configure it so that the user's email never bounce through any
                > > other hop but go directly through the server?
                >
                > By arranging for mail to the domain in question to be delivered locally:
                >
                > http://www.postfix.org/BASIC_CONFIGURATION_README.html#mydestination
                > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
                > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to
                > http://www.postfix.org/VIRTUAL_README.html#canonical
                >
                > http://www.postfix.org/postconf.5.html#mydestination
                > http://www.postfix.org/postconf.5.html#virtual_mailbox_domains
                > http://www.postfix.org/postconf.5.html#virtual_alias_domains
                >
                > Note that with virtual alias domains, whether delivery is local or
                > not depends on what other domain any particular address is rewritten
                > to. Addresses that fail to be rewritten to some other domain are
                > either rejected or bounced.
                >
                > > Also how do I configure it to ONLY deliver via LMTP and not even SMTP?
                >
                > Delivery is via whatever transport you configure:
                >
                > http://www.postfix.org/transport.5.html
                > http://www.postfix.org/postconf.5.html#transport_maps
                > http://www.postfix.org/postconf.5.html#local_transport
                > http://www.postfix.org/postconf.5.html#virtual_transport
                >
                >
                > > This confuses me because the user
                > > is a roaming client, how would that user make a connection to the
                > postfix
                > > server without using port 25 or 465? In my case, we use a custom port
                > since
                > > ISP's block outgoing ports 25 and sometimes 465
                >
                > How the client submits the mail for delivery is irrelevant. Perhaps
                > you are not even able to express your question clearly enough. What
                > real problem are you trying to solve? (Don't talk about SMTP or Postfix,
                > talk about what practical properties you want for the email in question
                >
                > --
                > Viktor.
                >
                >
                > ------------------------------
                > If you reply to this email, your message will be added to the discussion
                > below:
                >
                > http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66498.html
                > To unsubscribe from Unclear of smtp protocol in a restricted domain, click
                > here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=66494&code=Y3liZXJtYXNzcHJvZHVjdGlvbmNlbnRlckBnbWFpbC5jb218NjY0OTR8NTE3NzI5OTA0>
                > .
                > NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
                >




                --
                View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66499.html
                Sent from the Postfix Users mailing list archive at Nabble.com.
              • Wietse Venema
                ... If the sending user has an account on your mail server, then that user would have to configure their email client to deliver their email submission directy
                Message 7 of 19 , Mar 30, 2014
                  cybermass:
                  > Ok the user's emails should not go through any other servers out on the
                  > internet to reach mine. Meaning their emails are sent directly within the
                  > server. so if john@... sends to joe@..., nobody else
                  > should be able to read that email, no ISP, or any system. I understand how
                  > normal emails work. from yahoo to gmail. the yahoo servers hop through to
                  > get to gmail. since my server is only 1 box and the users are local users,
                  > (only one domain in the virtual domains table), then is this email sent
                  > within the server or does it hop from the client's internet connection to
                  > get to my server?

                  If the sending user has an account on your mail server, then that
                  user would have to configure their email client to deliver their
                  email submission directy to your mail server.

                  If the sending user has email accounts on more than one server
                  (e.g., gmail and hotmail and your server) then they may very well
                  try to submit mail via their hotmail account, even if they intend
                  to send mail to someone on your mail server.

                  Wietse
                • cybermass
                  Interesting, that is something I never even thought of. Yes the clients are configured to only go through our custom smtps port since some ISP s block outgoing
                  Message 8 of 19 , Mar 30, 2014
                    Interesting, that is something I never even thought of. Yes the clients are
                    configured to only go through our custom smtps port since some ISP's block
                    outgoing 25 and even 465. These clients just need to have only one account
                    in their mail client I understand. Is there any other configuration I would
                    need to do on the server side?


                    On Sun, Mar 30, 2014 at 4:51 PM, Wietse Venema [via Postfix] <
                    ml-node+s1071664n66500h0@...> wrote:

                    > cybermass:
                    > > Ok the user's emails should not go through any other servers out on the
                    > > internet to reach mine. Meaning their emails are sent directly within
                    > the
                    > > server. so if [hidden email]<http://user/SendEmail.jtp?type=node&node=66500&i=0>sends to [hidden
                    > email] <http://user/SendEmail.jtp?type=node&node=66500&i=1>, nobody else
                    > > should be able to read that email, no ISP, or any system. I understand
                    > how
                    > > normal emails work. from yahoo to gmail. the yahoo servers hop through
                    > to
                    > > get to gmail. since my server is only 1 box and the users are local
                    > users,
                    > > (only one domain in the virtual domains table), then is this email sent
                    > > within the server or does it hop from the client's internet connection
                    > to
                    > > get to my server?
                    >
                    > If the sending user has an account on your mail server, then that
                    > user would have to configure their email client to deliver their
                    > email submission directy to your mail server.
                    >
                    > If the sending user has email accounts on more than one server
                    > (e.g., gmail and hotmail and your server) then they may very well
                    > try to submit mail via their hotmail account, even if they intend
                    > to send mail to someone on your mail server.
                    >
                    > Wietse
                    >
                    >
                    > ------------------------------
                    > If you reply to this email, your message will be added to the discussion
                    > below:
                    >
                    > http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66500.html
                    > To unsubscribe from Unclear of smtp protocol in a restricted domain, click
                    > here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=66494&code=Y3liZXJtYXNzcHJvZHVjdGlvbmNlbnRlckBnbWFpbC5jb218NjY0OTR8NTE3NzI5OTA0>
                    > .
                    > NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
                    >




                    --
                    View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66501.html
                    Sent from the Postfix Users mailing list archive at Nabble.com.
                  • lists@rhsoft.net
                    ... why should a server hosting example.com relay a to him submitted message from a@example.com to b@example.com trough a foreign server? what should that
                    Message 9 of 19 , Mar 30, 2014
                      Am 31.03.2014 01:54, schrieb cybermass:
                      > Interesting, that is something I never even thought of

                      why should a server hosting example.com relay a to him
                      submitted message from a@... to b@...
                      trough a foreign server?

                      what should that foreign server do with that message
                      other than bounce it back again to the origin which
                      is the MX or throw it way if there is no MX reachable
                      from outside?

                      > Yes the clients are configured to only go through our custom
                      > smtps port since some ISP's block outgoing 25 and even 465.

                      587 is dedicated for mail-submission

                      > These clients just need to have only one account in their
                      > mail client I understand. Is there any other configuration
                      > I would need to do on the server side?

                      for the case above - no, mail from one gmail user to another
                      gamil user is not routed trough hotmail and that behavior is
                      logical and as expected
                    • cybermass
                      I did think about this for a second, Wiestse Venema. Wouldn t my server just reject those emails if they did try to send via other smtp servers outbound? Those
                      Message 10 of 19 , Mar 30, 2014
                        I did think about this for a second, Wiestse Venema. Wouldn't my server
                        just reject those emails if they did try to send via other smtp servers
                        outbound? Those hosts/senders are auto rejected since my restrictions
                        reject everyone but my domain


                        On Sun, Mar 30, 2014 at 4:51 PM, Wietse Venema [via Postfix] <
                        ml-node+s1071664n66500h0@...> wrote:

                        > cybermass:
                        > > Ok the user's emails should not go through any other servers out on the
                        > > internet to reach mine. Meaning their emails are sent directly within
                        > the
                        > > server. so if [hidden email]<http://user/SendEmail.jtp?type=node&node=66500&i=0>sends to [hidden
                        > email] <http://user/SendEmail.jtp?type=node&node=66500&i=1>, nobody else
                        > > should be able to read that email, no ISP, or any system. I understand
                        > how
                        > > normal emails work. from yahoo to gmail. the yahoo servers hop through
                        > to
                        > > get to gmail. since my server is only 1 box and the users are local
                        > users,
                        > > (only one domain in the virtual domains table), then is this email sent
                        > > within the server or does it hop from the client's internet connection
                        > to
                        > > get to my server?
                        >
                        > If the sending user has an account on your mail server, then that
                        > user would have to configure their email client to deliver their
                        > email submission directy to your mail server.
                        >
                        > If the sending user has email accounts on more than one server
                        > (e.g., gmail and hotmail and your server) then they may very well
                        > try to submit mail via their hotmail account, even if they intend
                        > to send mail to someone on your mail server.
                        >
                        > Wietse
                        >
                        >
                        > ------------------------------
                        > If you reply to this email, your message will be added to the discussion
                        > below:
                        >
                        > http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66500.html
                        > To unsubscribe from Unclear of smtp protocol in a restricted domain, click
                        > here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=66494&code=Y3liZXJtYXNzcHJvZHVjdGlvbmNlbnRlckBnbWFpbC5jb218NjY0OTR8NTE3NzI5OTA0>
                        > .
                        > NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
                        >




                        --
                        View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66503.html
                        Sent from the Postfix Users mailing list archive at Nabble.com.
                      • cybermass
                        587 is dedicated for submission but is it any different if I have configured smtps to be port 8809 and just have the clients use that port with STARTTLS
                        Message 11 of 19 , Mar 30, 2014
                          587 is dedicated for submission but is it any different if I have
                          configured smtps to be port 8809 and just have the clients use that port
                          with STARTTLS instead of 587?


                          On Sun, Mar 30, 2014 at 5:02 PM, lists@... [via Postfix] <
                          ml-node+s1071664n66502h62@...> wrote:

                          >
                          > Am 31.03.2014 01:54, schrieb cybermass:
                          > > Interesting, that is something I never even thought of
                          >
                          > why should a server hosting example.com relay a to him
                          > submitted message from [hidden email]<http://user/SendEmail.jtp?type=node&node=66502&i=0>to [hidden
                          > email] <http://user/SendEmail.jtp?type=node&node=66502&i=1>
                          > trough a foreign server?
                          >
                          > what should that foreign server do with that message
                          > other than bounce it back again to the origin which
                          > is the MX or throw it way if there is no MX reachable
                          > from outside?
                          >
                          > > Yes the clients are configured to only go through our custom
                          > > smtps port since some ISP's block outgoing 25 and even 465.
                          >
                          > 587 is dedicated for mail-submission
                          >
                          > > These clients just need to have only one account in their
                          > > mail client I understand. Is there any other configuration
                          > > I would need to do on the server side?
                          >
                          > for the case above - no, mail from one gmail user to another
                          > gamil user is not routed trough hotmail and that behavior is
                          > logical and as expected
                          >
                          >
                          > ------------------------------
                          > If you reply to this email, your message will be added to the discussion
                          > below:
                          >
                          > http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66502.html
                          > To unsubscribe from Unclear of smtp protocol in a restricted domain, click
                          > here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=66494&code=Y3liZXJtYXNzcHJvZHVjdGlvbmNlbnRlckBnbWFpbC5jb218NjY0OTR8NTE3NzI5OTA0>
                          > .
                          > NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
                          >




                          --
                          View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66504.html
                          Sent from the Postfix Users mailing list archive at Nabble.com.
                        • lists@rhsoft.net
                          ... technically you can use whatever port but why not use standars and make users life difficult? BTW: don t talk about SMTPS and STARTTLS in conext of the
                          Message 12 of 19 , Mar 30, 2014
                            Am 31.03.2014 02:07, schrieb cybermass:
                            > 587 is dedicated for submission but is it any different if I have
                            > configured smtps to be port 8809 and just have the clients use that port
                            > with STARTTLS instead of 587?

                            technically you can use whatever port but why not
                            use standars and make users life difficult?

                            BTW: don't talk about SMTPS and STARTTLS in conext
                            of the same port especially if you instrcut your
                            users because that leads to non-working configs

                            http://en.wikipedia.org/wiki/STARTTLS

                            >> Am 31.03.2014 01:54, schrieb cybermass:
                            >>> Interesting, that is something I never even thought of
                            >>
                            >> why should a server hosting example.com relay a to him
                            >> submitted message from [hidden email]<http://user/SendEmail.jtp?type=node&node=66502&i=0>to [hidden
                            >> email] <http://user/SendEmail.jtp?type=node&node=66502&i=1>
                            >> trough a foreign server?

                            your node.js application breaks quotes!

                            >> what should that foreign server do with that message
                            >> other than bounce it back again to the origin which
                            >> is the MX or throw it way if there is no MX reachable
                            >> from outside?
                            >>
                            >>> Yes the clients are configured to only go through our custom
                            >>> smtps port since some ISP's block outgoing 25 and even 465.
                            >>
                            >> 587 is dedicated for mail-submission
                            >>
                            >>> These clients just need to have only one account in their
                            >>> mail client I understand. Is there any other configuration
                            >>> I would need to do on the server side?
                            >>
                            >> for the case above - no, mail from one gmail user to another
                            >> gamil user is not routed trough hotmail and that behavior is
                            >> logical and as expected
                          • cybermass
                            Ok I just noticed I can even comment out the regular smtp protocol from master.cf to remove listening from port 25. I get alot of hits to our server, we are an
                            Message 13 of 19 , Mar 30, 2014
                              Ok I just noticed I can even comment out the regular smtp protocol from
                              master.cf to remove listening from port 25. I get alot of hits to our
                              server, we are an open domain but looking to close soon. We dont intendto
                              make anyone's life difficult but we have complaints from clients that
                              cannot send outbound. It is because their ISP blocks outgoing 25 and 465.
                              So we use a custom port. They may know about 587 as well.


                              On Sun, Mar 30, 2014 at 5:17 PM, lists@... [via Postfix] <
                              ml-node+s1071664n66505h55@...> wrote:

                              >
                              > Am 31.03.2014 02:07, schrieb cybermass:
                              > > 587 is dedicated for submission but is it any different if I have
                              > > configured smtps to be port 8809 and just have the clients use that port
                              > > with STARTTLS instead of 587?
                              >
                              > technically you can use whatever port but why not
                              > use standars and make users life difficult?
                              >
                              > BTW: don't talk about SMTPS and STARTTLS in conext
                              > of the same port especially if you instrcut your
                              > users because that leads to non-working configs
                              >
                              > http://en.wikipedia.org/wiki/STARTTLS
                              >
                              >
                              > >> Am 31.03.2014 01:54, schrieb cybermass:
                              > >>> Interesting, that is something I never even thought of
                              > >>
                              > >> why should a server hosting example.com relay a to him
                              > >> submitted message from [hidden email]<
                              > http://user/SendEmail.jtp?type=node&node=66502&i=0>to [hidden
                              > >> email] <http://user/SendEmail.jtp?type=node&node=66502&i=1>
                              > >> trough a foreign server?
                              >
                              > your node.js application breaks quotes!
                              >
                              > >> what should that foreign server do with that message
                              > >> other than bounce it back again to the origin which
                              > >> is the MX or throw it way if there is no MX reachable
                              > >> from outside?
                              > >>
                              > >>> Yes the clients are configured to only go through our custom
                              > >>> smtps port since some ISP's block outgoing 25 and even 465.
                              > >>
                              > >> 587 is dedicated for mail-submission
                              > >>
                              > >>> These clients just need to have only one account in their
                              > >>> mail client I understand. Is there any other configuration
                              > >>> I would need to do on the server side?
                              > >>
                              > >> for the case above - no, mail from one gmail user to another
                              > >> gamil user is not routed trough hotmail and that behavior is
                              > >> logical and as expected
                              >
                              >
                              > ------------------------------
                              > If you reply to this email, your message will be added to the discussion
                              > below:
                              >
                              > http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66505.html
                              > To unsubscribe from Unclear of smtp protocol in a restricted domain, click
                              > here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=66494&code=Y3liZXJtYXNzcHJvZHVjdGlvbmNlbnRlckBnbWFpbC5jb218NjY0OTR8NTE3NzI5OTA0>
                              > .
                              > NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
                              >




                              --
                              View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66506.html
                              Sent from the Postfix Users mailing list archive at Nabble.com.
                            • Shawn Zaidermann
                              The way I had assumed it earlier was the client authenticates via 993 (dovecot IMAP in our case), crafts an email to another user and this email is delivered
                              Message 14 of 19 , Mar 30, 2014
                                The way I had assumed it earlier was the client authenticates via 993 (dovecot IMAP in our case), crafts an email to another user and this email is delivered instantly via lmtp (in our case, dovecot LDA), but now I see that in reality, the client sends the email via the smtp port instead making a direct connection with the mail server. Its still secure but the other way sounds more secure.


                                On Sun, Mar 30, 2014 at 5:22 PM, cybermass <cybermassproductioncenter@...> wrote:
                                Ok I just noticed I can even comment out the regular smtp protocol from
                                master.cf to remove listening from port 25. I get alot of hits to our
                                server, we are an open domain but looking to close soon. We dont intendto
                                make anyone's life difficult but we have complaints from clients that
                                cannot send outbound. It is because their ISP blocks outgoing 25 and 465.
                                So we use a custom port. They may know about 587 as well.


                                On Sun, Mar 30, 2014 at 5:17 PM, lists@... [via Postfix] <
                                ml-node+s1071664n66505h55@...> wrote:

                                >
                                > Am 31.03.2014 02:07, schrieb cybermass:
                                > > 587 is dedicated for submission but is it any different if I have
                                > > configured smtps to be port 8809 and just have the clients use that port
                                > > with STARTTLS instead of 587?
                                >
                                > technically you can use whatever port but why not
                                > use standars and make users life difficult?
                                >
                                > BTW: don't talk about SMTPS and STARTTLS in conext
                                > of the same port especially if you instrcut your
                                > users because that leads to non-working configs
                                >
                                > http://en.wikipedia.org/wiki/STARTTLS
                                >
                                >
                                > >> Am 31.03.2014 01:54, schrieb cybermass:
                                > >>> Interesting, that is something I never even thought of
                                > >>
                                > >> why should a server hosting example.com relay a to him
                                > >> submitted message from [hidden email]<
                                > http://user/SendEmail.jtp?type=node&node=66502&i=0>to [hidden
                                > >> email] <http://user/SendEmail.jtp?type=node&node=66502&i=1>
                                > >> trough a foreign server?
                                >
                                > your node.js application breaks quotes!
                                >
                                > >> what should that foreign server do with that message
                                > >> other than bounce it back again to the origin which
                                > >> is the MX or throw it way if there is no MX reachable
                                > >> from outside?
                                > >>
                                > >>> Yes the clients are configured to only go through our custom
                                > >>> smtps port since some ISP's block outgoing 25 and even 465.
                                > >>
                                > >> 587 is dedicated for mail-submission
                                > >>
                                > >>> These clients just need to have only one account in their
                                > >>> mail client I understand. Is there any other configuration
                                > >>> I would need to do on the server side?
                                > >>
                                > >> for the case above - no, mail from one gmail user to another
                                > >> gamil user is not routed trough hotmail and that behavior is
                                > >> logical and as expected
                                >
                                >
                                > ------------------------------
                                >  If you reply to this email, your message will be added to the discussion
                                > below:
                                >
                                > http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66505.html
                                >  To unsubscribe from Unclear of smtp protocol in a restricted domain, click
                                --
                                View this message in context: http://postfix.1071664.n5.nabble.com/Unclear-of-smtp-protocol-in-a-restricted-domain-tp66494p66506.html
                                Sent from the Postfix Users mailing list archive at Nabble.com.

                              • lists@rhsoft.net
                                ... that explains why your posts sounded that weird please do yourself a favour and read some basics about how e-mail works * IMAP/POP3 - receive messages *
                                Message 15 of 19 , Mar 30, 2014
                                  Am 31.03.2014 02:35, schrieb Shawn Zaidermann:
                                  > The way I had assumed it earlier was the client authenticates via 993 (dovecot IMAP in our case), crafts an email
                                  > to another user and this email is delivered instantly via lmtp (in our case, dovecot LDA), but now I see that in
                                  > reality, the client sends the email via the smtp port instead making a direct connection with the mail server. Its
                                  > still secure but the other way sounds more secure.

                                  that explains why your posts sounded that weird
                                  please do yourself a favour and read some basics about how e-mail works

                                  * IMAP/POP3 -> receive messages
                                  * SMTP -> send messages
                                  * LMTP -> LDA

                                  IMAP is *your account* and the only messages which are going through IMAP to the server
                                  are sent messages or via IMAP append but they will *never* face LMTP or go to a
                                  different user (IMAP append: http://tools.ietf.org/html/rfc3501)

                                  http://en.wikipedia.org/wiki/Message_transfer_agent
                                  http://en.wikipedia.org/wiki/Mail_delivery_agent
                                  http://en.wikipedia.org/wiki/Email_client
                                • Viktor Dukhovni
                                  ... Oddly enough there is a hybrid protocol, in which the SMTP client talking to a suitable SMTP server asks the SMTP server to retrieve the message content
                                  Message 16 of 19 , Mar 30, 2014
                                    On Mon, Mar 31, 2014 at 02:44:10AM +0200, lists@... wrote:

                                    > > The way I had assumed it earlier was the client authenticates via
                                    > > 993 (dovecot IMAP in our case), crafts an email to another user
                                    > > and this email is delivered instantly via lmtp (in our case, dovecot
                                    > > LDA), but now I see that in reality, the client sends the email
                                    > > via the smtp port instead making a direct connection with the mail
                                    > > server. Its still secure but the other way sounds more secure.
                                    >
                                    > That explains why your posts sounded that weird...
                                    >
                                    > * IMAP/POP3 -> receive messages
                                    > * SMTP -> send messages
                                    > * LMTP -> LDA

                                    Oddly enough there is a hybrid protocol, in which the SMTP client
                                    talking to a suitable SMTP server asks the SMTP server to retrieve
                                    the message content from the user's IMAP "Outbox", and send that.

                                    Here, the control channel for sending the message is still SMTP,
                                    but the message body is not sent by the client separately to the
                                    SMTP server after uploading it to the IMAP server. This saves
                                    bandwidth on mobile clients, and is used primarily in Apple iOS.

                                    Postfix does not yet support Apple's BURL SMTP extension. With
                                    Apple as the only MUA that supports BURL, it probably does not make
                                    sense for Postfix to support BURL.

                                    Perhaps this is a catch-22, and other MUAs would support BURL if
                                    non-Apple MTAs implemented it. The real problem is that with Web
                                    mail, IM, social media, ... there is very little new development,
                                    in IMAP MUAs. For graphical MUAs we have Outlook, Thunderbird and
                                    Evolution. For curses we have pine, elm, and mutt. None have seen
                                    substantial new protocol features for some time.

                                    It would be great if someone volunteered to add client-side BURL
                                    support to Thunderbird, or DANE TLSA support, especially in
                                    combination with RFC 6186 support.

                                    Similar improvements to pine, mutt, elm, ... would also be great.

                                    --
                                    Viktor.
                                  • Wietse Venema
                                    ... Last time I asked (late 2013) Apple currently does not support BURL. Wietse
                                    Message 17 of 19 , Mar 30, 2014
                                      Viktor Dukhovni:
                                      > Postfix does not yet support Apple's BURL SMTP extension. With
                                      > Apple as the only MUA that supports BURL, it probably does not make
                                      > sense for Postfix to support BURL.

                                      Last time I asked (late 2013) Apple currently does not support BURL.

                                      Wietse
                                    • Viktor Dukhovni
                                      ... Sorry, my recollection may be flawed. I see that Oracle s (formerly Sun) Messaging Server supports BURL. As far as client support, don t know which ones
                                      Message 18 of 19 , Mar 30, 2014
                                        On Sun, Mar 30, 2014 at 09:13:19PM -0400, Wietse Venema wrote:

                                        > Viktor Dukhovni:
                                        > > Postfix does not yet support Apple's BURL SMTP extension. With
                                        > > Apple as the only MUA that supports BURL, it probably does not make
                                        > > sense for Postfix to support BURL.
                                        >
                                        > Last time I asked (late 2013) Apple currently does not support BURL.

                                        Sorry, my recollection may be flawed. I see that Oracle's (formerly
                                        Sun) Messaging Server supports BURL.

                                        As far as client support, don't know which ones if any do. For example, the
                                        last comments on:

                                        https://bugzilla.mozilla.org/show_bug.cgi?id=421779

                                        ends with:

                                        I would wait for Postfix to implement this first, though.

                                        Thunderbird BURL support appears to be in a deadlock with Postfix.
                                        It is not an absolutely compelling feature, just a side-note to
                                        this thread.

                                        --
                                        Viktor.
                                      • Wietse Venema
                                        ... I was looking for client software so that I could test Postfix BURL support without having to implement my own mail client first. I saw no BURL activity
                                        Message 19 of 19 , Mar 31, 2014
                                          Viktor Dukhovni:
                                          > On Sun, Mar 30, 2014 at 09:13:19PM -0400, Wietse Venema wrote:
                                          >
                                          > > Viktor Dukhovni:
                                          > > > Postfix does not yet support Apple's BURL SMTP extension. With
                                          > > > Apple as the only MUA that supports BURL, it probably does not make
                                          > > > sense for Postfix to support BURL.
                                          > >
                                          > > Last time I asked (late 2013) Apple currently does not support BURL.

                                          I was looking for client software so that I could test Postfix
                                          BURL support without having to implement my own mail client first.
                                          I saw no BURL activity from iPhone or iPad with Apple's patch for
                                          Postfix, and the author of the patch confirmed that IOS had no BURL
                                          support. If anyone knows of a real client that implements BURL (not
                                          some unmaintained beta) then I am interested.

                                          Wietse
                                        Your message has been successfully submitted and would be delivered to recipients shortly.