assuming you got postfix up and running already
draft
make sure you connect from a host that is NOT in mynetworks
connect from a host that is not part of authorized SPF outbound
openssl s_client -starttls smtp -connect slackmx.nethence.com:25 ehlo std30.os3.su mail from:<check@nethence.com> rcpt to:<check@nethence.com> data lala . quit
==> expecting refused
first check that you can pass through
openssl s_client -starttls smtp -connect xc.nethence.com:25 #-crlf helo YOUR-TRUE-FQDN mail from:<> rcpt to:<> data ... .
then check that it’s truly enforced
telnet MX-SERVER-ADDRESS 25
at mail from stage, you should get
530 5.7.0 Must issue a STARTTLS command first
from a client that does not resolves or reverse resolves, the message should NOT pass through
try to send a message remotely or from internal network and w/o SASL, while being in mynetworks. since you are not one of the advertised MXes, the message should NOT pass through.
mail from:<email@yourdomain.com>
connect from an IP that should-be-blocked IP e.g. ADSL connection. your message should NOT pass through
should NOT pass through
helo SOME-WRONG-FQDN
try benchmark with smtpping
smtpping https://github.com/halon/smtpping