As a default a SMTP-server runs on TCP port 25 and listens for incoming mails. This has one main disadvantage: Mails that are received by the DS as terminal-station as well as mails that local client send to DS to relay to other server will end on the same port. This is especially problematic if you use a anti-spam solution like spamassassin ¹⁾. That would scan incoming mails as well as outgoing ones, which leads to an unnecessary load on the server.

Processing of an imcoming mail without any external filters takes abount 1/10 of a second. But if a spamfilter is involved the processing time goes up to 2 to 3 seconds!! The solution for this dilemma is to use another port for postfix for mails sent by local clients, which should not be scanned for spam.

Postfix offers two possibilities:

1. SMTP-Submission Port 587
2. any other Port

the file responsible for the config is master.cf in /usr/syno/mailstation/etc/

Important:

192.168.1.99:25 inet    n       -       n       -       -       smtpd
 -o content_filter=spamfilter:dummy

• A config of a service always expects TAB as whitespaces in the first line.
• following lines (which belong to the service), must always start with a single space char.
• inside the following line(s) always use single spaces!

-o stands for Override, means every service will take it's basic config from main.cf and then override it with the config specified in master.cf. You can override almost any option from the main.cf in master.cf

192.168.1.99:2525 inet    n       -       n       -       -       smtpd
 -o receive_override_options=no_header_body_checks
 -o smtpd_etrn_restrictions=reject
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_reject_unlisted_sender=yes
 -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

Code above creates a smtpd instance on port 2525 with the given override options. Important is that you activate 1. SASL authentification and 2. ensure that smtpd_recipient_restrictions are set correclty. These restrictions check RCPT TO command to be from a client out of your network (can be defined with mynetworks in main.cf) or from a client that could successfulls authenticate with SASL service. Alls other mails will be rejected.

submission      inet    n       -       n       -       -       smtpd
 -o receive_override_options=no_header_body_checks
 -o smtpd_etrn_restrictions=reject
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_reject_unlisted_sender=yes
 -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

Code above let postfix listen on any interface for connections on port 587 (submission port ²⁾ )