Postfix behind NAT router woes

[MattJo.]

Hi,

So, things "work" so-to-speak, but I have read that because my server is behind a NAT router postfix will function as an open relay. I think I have verified that it is with an e-mail test, but how can I confirm this and more importantly--how can I fix it.

Also, how can I ensure that authorization is always encrypted (Postfix running on Perfect Server setup: Lucid with ISPConfig3).

thanks,

Matt

[MattJo.]

So forget the part about the server behind a NAT--that was me being dense.

I was going to ask all sorts of specific questions, but it occurs to me that my basic understanding of the mailing mechanisms security are flawed: What level of security does the default installation of Perfect Server with ISPConfig3 give with respect to e-mail security? Does it encrypt my username and password? Does it encrypt all of a message or only part of it? How can I implement them if it doesn't? Additionally, how can I harden the SMTP security?

I have spent a great deal of time trying to implement some of the things I have read in Faq Forge and the Postfix site. Additionally Mark_NL has been very helpful, but I think I am missing something. Any help is much appreciated.

thanks,

Matt

[Toucan]

When you followed the guide it talked you through creating security certificates in this section:

Code:

mkimapdcert
mkpop3dcert

When you connect to postfix via a client such as outlook it will ask you if you wish to connect via a secure connection. Although the standard certificate security will fail as it is self signed, you are still connected securely

Everything between you and the server then is secure. Beyond that point I believe is much more difficult to control.

[admins]

Read more about SMTP authentification, TLS and more
If you don't send authentificated your password will be send over the internet clearly.