Using Cloudron as an SMTP smarthost relay for other systems

wu-lee

I'm looking into using my Cloudron server as a SMTP relay for other servers on our domain, allowing them to send notifications, password resets, etc. through credentials for a mailbox-enabled account on it.

We can update our DNS records to ensure SPF/DKIM/DMARC allow this.

However, there are some constraints:

• I can't allow Cloudron to define itself as the domain's MX server. This is because our domain has an existing MX server which handles all incoming mail to the domain.
• Assume no 3rd party relay service is available.
  • Our MX service is run by a 3rd party who do not want to provide us with a SMTP relay service
  • We don't want to use a 3rd party SMTP relay service like Mailgun, Sendgrid etc. (There are reasons for that but that's outside the scope of this question.)

Cloudron's option to act as a mail server is enabled, I've just not checked the box allowing Cloudron to update the DNS. This results in a warning in Cloudron's dashboard that email is incorrectly configured, and although it'd be nice to suppress that, I can live with it for the moment.

The immediate problem seems to be that we can't connect to port 25 on the Cloudron server. Our ISP (Hetzner) claims they are not blocking it, so I am wondering if something else is wrong.

Checking netstat -plant, something is listening on 0.0.0.0 on port 25 on the Cloudron server, but not port 465 or 587. More investigation reveals this to be postfix, which I don't think should be installed on Cloudron servers. Removing it, there is now nothing listening on any of the above ports.

Inspecting the output of iptables -L I can't see anything which explicitly allows SMTP ports, so perhaps Cloudron's SMTP service is not quite enabled fully.

The question is: should I be able to get this to work if the ports are genuinely unblocked?

I'm wondering if Cloudron won't support this situation for some known reason. The lack of port 465 etc. seems like a sign that it's not fully enabled the SMTP service in some way?

And, beyond that, will the DKIM headers etc. be inserted correctly on relayed mail? I would expect this to be necessary to support regular mail clients which wouldn't know the correct keys to use, but I can't check that until I can get to the point of being able to send an email.

Thanks!

wu-lee

Perhaps I should add: is there another way than enabling the mailboxes option in the dashboard? I infer that all the Cloudron hosted apps will have access to an internal SMTP relay service - so external access to that is what I'm really after, not making Cloudron think it should be an MX server.