i cant seem to get my email client working from outside to send emails, ive heard it a security risk and best to use ssl.

not sure how to do either of these things, it would be nice to test if i could send emails externaly as a test.

postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, address.com, address.com
mydomain = address.com
myhostname = mail.address.com
mynetworks = 192.168.26.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
soft_bounce = yes
unknown_local_recipient_reject_code = 550

also i can recive emails outside so i no that works

What is the exact error you recieve? And no, don't open access to anyone, that would allow every spammer to use your server to send spam, viruses, etc. So don't, you share the internet, you don't own it and I don't want any spam or viruses sent to me.

Error from thunderbird email client:

An error occurred while sending mail. the mail server responded: 4.7.1
<email@address.com>: Relay access denied. please check the message recipients and try again.

i mean is there a way to set single allowed address by any chance, so you could allow incoming connection to send mail out from the server from ip address ???.???.???.???.

You need to read this: http://www.postfix.org/SMTPD_ACCESS_README.html

It talks about setting up relays, who's allowed, restricting others.

You could add the IP of your remote client to mynetworks, or add a check_client_access to your smtpd_recipient_restrictions,
you can add a client_access check:

This is generally not a good idea, as IPs are spoof-able, making your server subject to becoming an open relay. Get authentication working as soon as possible, or use an SSH tunnel, port fowarding port 25 or 587 (submission).

Don't forget to postmap the file, and reload postfix:

I run a second instance of smtpd on port 465 (smtps) as defined in master.cf: (implicit TLS, this is for old Outlook Express compatibility, but works for some other clients like Apple's Mail.app, i.e. you cannot connect without TLS, hence the password is always protected)

and the relevant bits of main.cf:

ive been trying to set up secure authentication as you have stated "chort"
but running into a few problems, i now get a password box to put in my password yet it does not seem to work should i set it somewere.

maillog:




Aug 26 13:24:13 central postfix/smtpd[26168]: initializing the server-side TLS engine
Aug 26 13:24:13 central postfix/smtpd[26168]: warning: cannot get certificate from file /etc/ssl/abydos-new.pem
Aug 26 13:24:13 central postfix/smtpd[26168]: warning: TLS library problem: 26168:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/ssl/abydos-new.pem','r'):
Aug 26 13:24:13 central postfix/smtpd[26168]: warning: TLS library problem: 26168:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
Aug 26 13:24:13 central postfix/smtpd[26168]: warning: TLS library problem: 26168:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:
Aug 26 13:24:13 central postfix/smtpd[26168]: cannot load RSA certificate and key data
Aug 26 13:24:13 central postfix/smtpd[26168]: connect from isp.com[???.???.???.???]
Aug 26 13:24:17 central postfix/smtpd[26168]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Aug 26 13:24:17 central postfix/smtpd[26168]: warning: SASL authentication failure: Password verification failed
Aug 26 13:24:17 central postfix/smtpd[26168]: warning: isp.com[???.???.???.???]: SASL PLAIN authentication failed: generic failure
Aug 26 13:24:18 central postfix/smtpd[26168]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Aug 26 13:24:18 central postfix/smtpd[26168]: warning: isp.com[???.???.???.???]: SASL LOGIN authentication failed: generic failure

Well, you need certificates to use TLS... you seem to have skipped that part. You also need to configure SASL.

ive pasted the code from both your master and main configs, but im a bit lost on creating the certificates.

got it to work via SSH tunneling now, that seems the most easy way to do it. so thanks Mr. C. and others for the help.

when i can ill try figure my head around securing it using smtps.

thanks.

Use SMTP AUTH if possible over the submission port 587 rather than SMTPS (which is required for some older Outlook clients).