Enable SMTP Auth on port 25

jokey2k

Hello, I recently installed mailcow to migrate from an old setup. Now I notice that when I do connect to port 25 from some other machine than local host, I cannot do SMTP Auth on that port. Is there an option to change that? The search function did not return any result matching this.

mlcwuser

I don’t think there is an option in the UI, but you can probably change the postfix configuration manually in order to allow authentication on port 25. I found this with a quick google search: https://serverfault.com/questions/976917/mailcow-postfix-allow-sending-unencrypted-mails-smtp-port-25

However, I wouldn’t recommend doing so, unless you absolutely have to. E.g because some ancient device has to send messages to an external address via your server.

jokey2k

Maybe there was a misunderstanding. I do not want to open up the relay to the world 😉 I want to be able to do SMTP Auth via TLS on Port 25. On 587 this works fine, so I just want the same behaviour on port 25. There are some family members who would be unable to change that on their own and it takes some time to see them all and fix their devices, hence this idea.

jokey2k

Ok I found the solution:

postscreen was finding my client ip in postscreen_dnsbl_sites zen.spamhaus.org=127.0.0.[10;11]*8
given that I am using dialup at home.

This in turn lead to log message (ip changed for privacy)
mailcowdockerized-postfix-mailcow-1 | Feb 19 14:16:58 67578d8c0856 postfix/postscreen[349]: DNSBL rank 8 for [::dead:beef::]:61071

It gave me no hint that the configured value for rejecting a mail is set in postscreen_dnsbl_threshold to 6.

Removing that host from the dnsbl list fixed this for me. So yes, I will have SMTP connections from dialup until I have all clients use Port 587 for SMTP AUTH connections.