I would like to host mail services for some domains. I have succesfully setup postfix to consult sql for those virtual domains. What I would like to do is:
For connections on 25:
- Deny relaying (only deliver to recipients of my virtual domains)
- Leave tls optional, but offer auth only if client does tls
- Accept only non-blacklisted clients (e.g restrict XBL+SBL+PBL from spamhaus) or clients that do tls and auth ("friend mail servers" that are setup to authenticate with me with auth and tls)
For connections on 587:
- Enforce tls and auth
- Permit relaying.
- Accept only non-blacklisted clients (blacklists like above but leave out PBL checking)
My Questions:
A. I know of the postfix options for the above , but I cant find how to differentiate them based on the listening port.
B. Will I run into widely known problems with supposedly legit clients with the above policy?
I am new to mail server setup, sorry for any meaningless question/assupmtion (please point it). Thanks.