Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

OS X Server 3.0.2 - Relay outgoing Mail through ISP no longer accepts a port

OS X Server 3.0.2 - Relay outgoing Mail through ISP no longer accepts a port.


Just a note, as i was hoping for this to get fixed in the new release.


I was using mailout.isp.com:587 to relay my mail. My ISP does not support normal port 25 and i have to use 587.


The new server app does not accept a port in the address field as the older versions. Is this by design? Am i missing something?

Posted on Jan 8, 2014 10:15 AM

Reply
Question marked as Best reply

Posted on Jan 8, 2014 2:58 PM

Take the following steps to configure Postfix to relay mail to a remote SMTP server with password authentication over SSL. Substitute as required for strings in italics below. Address is the fully-qualified domain name of the relay host. The value of port is usually either 25, 465, or 587. Username and password refer to your credentials on the relay host.

Be very careful with these steps. If you make a mistake, your outgoing mail could be relayed to the wrong server.


Update the existing relayhost directive in

/Library/Server/Mail/Config/postfix/main.cf

if necessary:

relayhost = [address]:port


Add the lines:

smtp_sasl_security_options =

smtp_tls_CAfile = /etc/certificates/relayhost.pem

smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

smtp_use_tls = yes


Create the file

/Library/Server/Mail/Config/postfix/sasl/passwd

with this content:

[address]:port username:password


Here address must match $relayhost.

Then create the password database:

sudo postmap /Library/Server/Mail/Config/postfix/sasl/passwd


This action creates the file

/Library/Server/Mail/Config/postfix/sasl/passwd.db

The password database files should be readable by root only.

Create the file

/etc/certificates/relayhost.pem

with the CA certificate(s) to be trusted for authentication of the remote host. You get those certificates from the service provider. If you can't find a link to download them, try this:

openssl s_client -connect address:port -showcerts < /dev/null | sed -n '/-BEGIN /,/-END /p' | sudo sh -c 'cat > /etc/certificates/relayhost.pem'


The command may produce an error message that isn't necessarily significant.

Finally, restart the Mail service.

7 replies
Question marked as Best reply

Jan 8, 2014 2:58 PM in response to basilmir

Take the following steps to configure Postfix to relay mail to a remote SMTP server with password authentication over SSL. Substitute as required for strings in italics below. Address is the fully-qualified domain name of the relay host. The value of port is usually either 25, 465, or 587. Username and password refer to your credentials on the relay host.

Be very careful with these steps. If you make a mistake, your outgoing mail could be relayed to the wrong server.


Update the existing relayhost directive in

/Library/Server/Mail/Config/postfix/main.cf

if necessary:

relayhost = [address]:port


Add the lines:

smtp_sasl_security_options =

smtp_tls_CAfile = /etc/certificates/relayhost.pem

smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

smtp_use_tls = yes


Create the file

/Library/Server/Mail/Config/postfix/sasl/passwd

with this content:

[address]:port username:password


Here address must match $relayhost.

Then create the password database:

sudo postmap /Library/Server/Mail/Config/postfix/sasl/passwd


This action creates the file

/Library/Server/Mail/Config/postfix/sasl/passwd.db

The password database files should be readable by root only.

Create the file

/etc/certificates/relayhost.pem

with the CA certificate(s) to be trusted for authentication of the remote host. You get those certificates from the service provider. If you can't find a link to download them, try this:

openssl s_client -connect address:port -showcerts < /dev/null | sed -n '/-BEGIN /,/-END /p' | sudo sh -c 'cat > /etc/certificates/relayhost.pem'


The command may produce an error message that isn't necessarily significant.

Finally, restart the Mail service.

Jan 9, 2014 2:39 AM in response to Linc Davis

This first part was enough to fix it. Thank you.


if necessary:

relayhost = [address]:port


My next question would be... has Apple actually removed this capability from the server interface? It does seem to be the case. I remember reading that only port 25 is the standard port for mail as per some RFC.


465 or 587 are mearly nonstandard implementations that were never adopted as a standard. Is Apple pushing a standards based approach to this?


Time to call my ISP since Apple/Standards world won't budge?

Jan 10, 2014 5:13 PM in response to basilmir

I am currently running Server 3.0, after downgrading form 3.0.1 because of issues with network users. I am not sure if my mail relay was set up under 3.0 or 3.0.1, but I have my mail relayed through a different port as you have described. I have entered an address such as smtp.relayhost.com:2525 and server accepted it.

I had issues with server, but this has not been one of them. I was contemplating upgrading from 3.0 to 3.0.2, but this would become an issue for me. Can someone confirm if this is still working in 3.0.2?

Thanks.

OS X Server 3.0.2 - Relay outgoing Mail through ISP no longer accepts a port

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.