A lot of users of the Mailstation want to use it as a central mail-gateway for their LAN clients. Especially when using dynamic external addresses (as most of homeusers have) there is a bunch of problems. The main one is that a lot of providers use anti-spam solutions which use a dynamic sender ip as a main criteria for spammails. To achive that they use lists of networks which contain dynamic ips.
Now it depends from the provider how this solution is used: Some of the providers use dynamic ip as the only criteria for spam and some use a whole „army“ of filters. This means a mail can be blocked at different stages of the mail process
The easiest case is when a receiving server denies such a mail directly during the SMTP dialog. This would cause an error message sent to the sender and informs him/her about the problem. More problematic is the case when a spamfilter catches a mail, AFTER the sender received the OK-message from SMTP server. In that case the sender does not receive any information that his/her mail has been blocked or the reason for rejecting a mail. I use such lists as well, but I implemented those on my postfix server, so a sender will receive an immediate notification if a message has been blocked.
There are two different ways to reduce the chance of being caught as possible spam. The easiest one is to use external relay servers (with fixed ip addresses) to send mails. So the mail comes from a fixed IP and therefore lists based on dynamic IPs do not have a problem with the mail.
The second - more difficult - way is to send mails directly to the receiving server. This way the risk exists that a mail would be caught as spam. If you want to use this way, then you would have to check your IP, whether it's listed on Blacklists or not. To do so you can use a page like 1) to check your IP on several lists. Only if your IP does not appear on most lists it will be possible to send mails directly (direct-mx)
Pages for checking IPs
In the following it's about the relay way, as this mostly works without too much effort
There are several ways to use postfix to relay mail: One is to send all the mail via the same relay server regardless of sender or receiver. Further information can be found 2). The other way is to use a particular relayserver per mail address based on the sender address.
To achieve that the following value has to be set in main.cf
realy_host
Here you define your global relay server. This means if you set this variable, then all mails to external receives will be sent via that relay
relay_host = mail.isp.tld relay_host = mail.isp.tld:submission relay_host = [mail.isp.tld] relay_host = [mail.isp.tld]:submission
The examples above show four different kind of defining the relay server
The examples above show why a mailserver should NOT be a CNAME record on another host. Mailservers normally only look for MX- or A-Records.
smtp_sasl_password_maps = hash:/opt/etc/postfix/sasl_passwd
Here you define the file which contains the login credentials for your relay servers. This file needs to be created by root and must be converted with postmap into a format that postfix can read
#sasl_passwd mail.isp.tld user@isp.tld:secret
smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous
This activates SASL-Authentification and allows postfix to use non-secure login types such as login which send passwords in plaintext
smtp_use_tls = yes smtp_tls_enforce_peername = no
This option allows the postfix smtp client to connect to servers via a secure way (like TLS/SSL)
Otherwise password credentials will be sent in plaintext
This allows different users to use the same relay server but use different login credentials
sender_dependent_relayhost_maps = hash:/opt/etc/postfix/sender_relay
In this file a particular relay host will be „connected“ to a defined sender address
#sender_relay user@isp.tld mail.isp.tld foo@isp.tld mail.isp.tld #sasl_passwd user@isp.tld user@isp.tld:secret foo@isp.tld foo@isp.tld:totalSecret
smtp_sender_dependent_authentication = yes
The last config „activates“ sender-dependent relaying
The following options from above do apply to sender-based realying as well
smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous
smtp_use_tls = yes smtp_tls_enforce_peername = no