Postfix: $relayhost and port 587

post Category: MailServer — chris @ 4:30 pm — post
postAugust 23, 2007

This quick article concerns using the relayhost variable to allow postfix to relay into the submission port (587), rather than the smtp port (25).

When using a separated tier network of postfix servers, ie - a cluster at the front, which receive from a cluster in a segmented network, you will need to use the relayhost variable to daisy link the two clusters together. Usually, you may be tempted to simply submit on port 25. This was previously acceptable, but now a concerted drive is being made towards the correct port - 587. When using DKIM implementations such as DKIM proxy mail will not be signed on port 25 without some hackery in master.cf [this is strongly advised against]. As Jason states:

. . .The point is we don’t want to sign mail from untrusted sources, and that’s what could happen if you direct that mail through dkimproxy.out.

So how do we ensure our chain of servers signs mail submitted? Easy!

relayhost = [smtp.domain.tld]:587

You can now sit back and watch as all your mail is digitally signed by what-ever DKIM implementation you have chosen.

« Plusnet: a lesson on how -not- to do e-mail
Trip to Paris, France. »

Sorry, no comments yet.

Write Your Comment

Comment Guidelines: Basic XHTML is allowed (a href, strong, em, code). All line breaks and paragraphs will be generated automatically.

You should have a name, right? 
Your email address, I promised I won't tell it to anyone. 
If you have a web site or blog, you can type the URL right here. 
This is where you type your comments. 
Remember my information for the next time I visit.
 

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 4 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a