[TriLUG] Postfix, Thunderbird and Submission
aaron at schrab.com
Mon Nov 28 10:39:50 EST 2011
At 07:04 -0800 28 Nov 2011, Brian McCullough <bdmc at bdmcc-us.com> wrote:
>Last night I fired up Thunderbird in my Ubuntu box ( 3.1.15 in a 10.10
>environment, if I remember correctly ), and discovered that it ( the
>combination of Thunderbird and Postfix with Dovecot ) was not happy at
>all about delivering mail that I composed in Thunderbird.
>Thunderbird is configured to send to port 587 with TLS on my mail
>I went through the SASL documentation in /usr/doc/postfix and followed
>the suggestions there, the parts that were not already in my main.cf,
>and was able to start sending mail.
>However, I discovered a while later that I was not receiving anything
>at all through port 25.
>I removed the additions and mail started flowing again, but I expect
>that I will not be able to send mail using Thunderbird any more.
>Would moving those changes from main to master ( on port 587 ) be a
>reasonable solution, or am I out of luck?
It's impossible to say without knowing what changes you actually made to
main.cf, but at least some of the probably belong in master.cf.
For proper setup of the submission port (587) at least some settings
need to be specified in master.cf, since the entire point of it is to
have a different policy than is used for port 25. Port 25 needs to
allow mail from anybody (possibly excepting filtered sites) if it's
addressed to a recipient handled by the receiving server, but port 587
should only allow messages from authorized users. If you made all of
the changes to main.cf, the problem is likely that postfix was requiring
authentication from mail servers that are trying to send messages to
Generally, you'd want to do general setup of SASL in main.cf, then just
override the smtpd_*_restrictions for the submission port in master.cf.
Here's what I have in master.cf for the submission port:
submission inet n - - - - smtpd
I require that all connections use encryption (using STARTTLS, listed as
TLS in Thunderbird), undo restrictions on the HELO command that I have
in place for port 25, and allow messages iff they're from an
When I set that up I also added permit_sasl_authenticated to the
smtpd_recipient_restrictions in main.cf so that authenticated clients
can also send through port 25, but I don't think that I ever actually
make use of that.
I also have permit_sasl_authenticated in smtpd_client_restrictions
before my reject_rbl_client, so that authenticated clients can send
messages even if their IP address is in one of the black lists that I
More information about the TriLUG