Postfix MTA conceptual doubt
 

I'm studing and practicing on setting up a mail server.
I'd like to set up a postfix with mysql (for virtual mailboxes / domains) + courier (for pop3/imap) + sasl + TLS and may be a webmail and may be some other usefull tools lika spamassassin.

But I've got a basic "conceptual" doubt before putting my hand on this task:

In postfix configuration (main.cf) you define a network or hosts for which the MTA will relay mail, using MYNETWORK parameter.
sasl can add authentication and TLS privacy for the connection. So, eventually a MUA outside MYNETWORK -let's say somewhere in internet- could authenticate in a sure way and then use the MTA to send mail through it. Is this right?

Even MYNETWORK restricts the relay in order for MTA not to be an "open relay", let's suppose MYNETWORK=192.168.1.0/24, can others MTAs outside MYNETWORK deliver mail to my MTA? (Assuming that domains for final deliveries and their MX dns flags are well configured).

If this postfix is behind a firewall which ports should be opened? 25, 110, 143...?

Thanks!!

yes. you just need to configure smtpd_*_restrictions correctly. mynetworks will not get in the way of that or in the way of final mail delivery to your system.

postfix itself only requires 25. other servers, e.g. imap, require other ports.

Berhanie,

Thanks clarifying my doubt!
I found that at my home internet connection my ISP has blocked incoming connections to port 25, so I'll have to do the installation in another environment. Or not to receive mail, just sending or relaying to another MTA.

Regards,
Matías