So, after a long trek around the blog-o-tubes, I arrive here.
I'm trying to set up email for my domain. I don't really want to do my own email hosting with my own mailserver, especially since my teeny tiny VPS instance is probably straining under the weight of running a webserver+app server+DB+the various message passing frameworks (hosting a prototype webapp)
I want to use my GMail address to send and receive email using my VPS as a relay - I set up email forwarding already using Postfix, so if someone sends something to "[email protected]" it lands in my GMail account. Yay!
But now I want to respond from my GMail account, and have it forwarded to the recipient, with my domain specific email showing in the From: field. It'd be nice if everything could be done over SSL/TLS as well, for forwarding from my server to GMail, as well as requiring (or strongly preferring) it for incoming send/receive email connections. But I'm a bit lost in the master.cf/main.cf/iptables.rules files at the moment.
I just tried to close port 25 and open port 587 in iptables.rules (I understand 465 is now deprecated for SMTPS?), just to see what would happen, and incoming emails were just rejected according to the syslog - Google was trying to connect to port 25 still. But I guess I have to actually tell postfix to prefer SMTPS on 587? Is that the "smtps inet ...." line or the "submission inet..." line that I have to uncomment? And I understand that I can point my gmail account at an SMTP server, but then how do I actually create users for postfix? Do I actually create user accounts with useradd (bad, more attack "surface"), or can I create "virtual" accounts just for postfix to send mail with? In both cases, SSL/TLS seems kind of mandatory at least for the auth step...
So far I created some self-signed certs and told Postfix where they are, but now I'm kinda stuck: what ports do I open, what...err...things do I point at other things...how do I tell incoming connections "yo, encrypt yo'self homeboy"?
I've struggled with this for quite a while, and had a look through quite a few guides, but most were geared towards setting up a full mail stack, which I don't really want to do (out of resource-scarcity rather than laziness :P)