Sorry, I copy and pasted port 2525 from a post above. I don't know which port is used by smtp-rog.mail.yahoo.com (Roger's use of Yahoo's services) to relay through their servers. I also don't know if they require authentication if you are on their networks. You'll have to check their documentation on this. I recall they do block outbound port 25, so you setup your server to make port 25 outbound connections (eg. it can't deliver mail directly; it must use their mail servers).
You can check which services are available to you, and which protocols are in use with telnet:
Code:
$ telnet smtp-rog.mail.yahoo.com 25
Trying 206.190.36.18...
Connected to smtp-rog.mail.yahoo.com.
Escape character is '^]'.
220 smtp121.rog.mail.re2.yahoo.com ESMTP
ehlo example.com
250-smtp121.rog.mail.re2.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
quit
221 smtp121.rog.mail.re2.yahoo.com
Connection closed by foreign host.
$ telnet smtp-rog.mail.yahoo.com 587
Trying 206.190.36.18...
Connected to smtp-rog.mail.yahoo.com.
Escape character is '^]'.
220 smtp129.rog.mail.re2.yahoo.com ESMTP
ehlo example.com
250-smtp129.rog.mail.re2.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
quit
221 smtp129.rog.mail.re2.yahoo.com
Connection closed by foreign host.
You can see they provide AUTHentication via LOGIN, PLAIN, and XYMCOOKIE.
And if TLS is in use, use openssl to establish the encrypted connection:
Code:
openssl s_client -connect smtp-rog.mail.yahoo.com:587 -starttls smtp
...
It appears they are not offering TLS on standard ports 25 (smtp) and 587 (submission), as there is no STARTTLS protocol announcement when you connect (see output from telnet commands above). Without TLS, or an encryption protocol, your password will be sent via cleartext (eg. if you must use PLAIN).
Code:
$ openssl s_client -connect smtp-rog.mail.yahoo.com:25 -starttls smtp
CONNECTED(00000004)
didn't found starttls in server response, try anyway...
18552:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/home/builds/ab/netbsd-4-0-1-RELEASE/src/crypto/dist/openssl/ssl/s23_clnt.c:567:
$ openssl s_client -connect smtp-rog.mail.yahoo.com:587 -starttls smtp
CONNECTED(00000004)
didn't found starttls in server response, try anyway...
18512:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/home/builds/ab/netbsd-4-0-1-RELEASE/src/crypto/dist/openssl/ssl/s23_clnt.c:567:
I know nothing about Trixbox, so can't help w/why its main.cf doesn't stick.
The documentation for postfix's smtp_sasl_password_maps says nothing about MX lookups and brackets:
Code:
smtp_sasl_password_maps (default: empty)
Optional SMTP client lookup tables with one username:password entry per
remote hostname or domain, or sender address when sender-dependent
authentication is enabled. If no username:password entry is found,
then the Postfix SMTP client will not attempt to authenticate to the
remote host.
The Postfix SMTP client opens the lookup table before going to chroot
jail, so you can leave the password file in /etc/postfix.
so you can trust that. Postfix cares about matching a hostname to a login/password, and you've provided the specfic hostname. Consider: how could you use an MX inside the maps, as *you* won't know ahead of time, nor control, the list of MXs the service provider configures. MX helps route mail; but you aren't using an MX. Instead, you are using a particular, specific host in which to relay mail... and you need its username/password to authenticate.