To enable port 587, edit the file /etc/postfix/master.cf
vi /etc/postfix/master.cf
and remove the # in front of the line (uncomment the line):
#submission inet n - n - - smtpd
so that it looks like this:
submission inet n - n - - smtpd
You may want to uncomment additional lines enabling SASL authentication right after this line. Each new line should start with space!
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
All the other settings to be configured in /etc/postfix/main.cf based on your environment.
Additionally you may need to configure TLS settings:
# TLS parameters
# you need to specify a real certificate location
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert.key
smtpd_use_tls=yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_sasl_tls_security_options=noanonymous
smtpd_tls_auth_only=yes
Depending if you use dovecot to receive emails you may need to add:
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
broken_sasl_auth_clients=yes
Additional security restrictions:
smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_helo_hostname,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_non_fqdn_recipient,reject_unknown_recipient_domain
check and restart postfix:
postfix check
systemctl restart postfix
You can make sure that postfix is now listening on both ports 25 and 587:
netstat -na | grep LISTEN | grep 25
netstat -na | grep LISTEN | grep 587
Don't forget to allow port 587 in your firewall.
Creation of postfix users is another story. As was mentioned in comments you should use SQL to store mailboxes (mail users). If you don't want to do so, you can use Linux users are described in details here.
P.S. I don't think it's feasible to provide the complete config here because it always very dependent on the specific case requirements and your environment.