I have a postfix server on my LAN running with Virtualmin. I have a total of 4 domains on this server and I need to be able to send and receive email to and from the domains on this server.

The issue is that my ISP (Comcast) blocks inbound and outbound port 25.

So, I have a remote VPS that I was hoping to use to relay mail through, both inbound and outbound on port 587. This VPS also has Postfix on Virtualmin installed.

So I have the four domains:

domain.com domain2.com domain3.com domain4.com

If I send an email from user1@domain.com I want it to be relayed through my external mail server (mail.domain.com, also on my VPN as 10.1.0.10) and onto its destination. Meanwhile, if someone sends an email to user1@domain.com my MX records will make it get delivered to mail.domain.com and then onto my network through port 587 and my VPN.

I got a little bit done in this regard. I can hit my VPS but I get a few error messages. I guess I have problems figuring out how to make a user on my VPS able to relay mail through this Postfix server to pass SASL authentication.

Here is my main.cf on my Postfix server on my LAN:

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated     defer_unauth_destination
myhostname = cactuar.domain.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = cactuar.domain.local, localhost.domain.local, , localhost
relayhost = [10.1.0.10]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks     permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no

# enable SASL authentication 
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication. 
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption 
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

this is my main.cf on my remote mail.domain.com VPS:

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated     defer_unauth_destination
myhostname = mail.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain $mydomain
relaydomains = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks     permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no
transport_maps = hash:/etc/postfix/transport

# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
#
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks     permit_sasl_authenticated reject_unauth_destination
smtp_sasl_auth_enable = yes
myorigin = $mydomain

When I send an email from my home server to the internet, I get the following mail.log results:

On my home server:

Dec  5 12:41:02 cactuar postfix/qmgr[29509]: DEA6EC1725: from=<user1@domain.com>, size=655, nrcpt=1 (queue active)
Dec  5 12:41:03 cactuar dovecot: imap(domain): Connection closed in=748 out=2203
Dec  5 12:41:03 cactuar postfix/smtp[32026]: DEA6EC1725: to=<me@gmail.com>, relay=10.1.0.10[10.1.0.10]:587, delay=0.29, delays=0.08/0.04/0.17/0, dsn=4.7.8, status=deferred (SASL authentication failed; server 10.1.0.10[10.1.0.10] said: 535 5.7.8 Error: authentication failed: generic failure)

On my remote VPS when a mail comes from my home server:

Dec  5 13:43:34 kupo postfix/smtpd[29636]: connect from unknown[10.0.0.24]
Dec  5 13:43:34 kupo postfix/smtpd[29636]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec  5 13:43:34 kupo postfix/smtpd[29636]: warning: SASL authentication failure: Password verification failed
Dec  5 13:43:34 kupo postfix/smtpd[29636]: warning: unknown[10.0.0.24]: SASL PLAIN authentication failed: generic failure
Dec  5 13:43:34 kupo postfix/smtpd[29636]: disconnect from unknown[10.0.0.24]

I have setup a user in saslauthd using the command saslpasswd2 -c <username>, have that username in my internal server when I connect to the remote VPS, and saslauthd is running on both machines.

Hoping that someone can guide me to get this sorted out.

Thanks for any help you can provide.