Mailproxy : nginx or postscript ?!?

I need some help …
context :
-> latest ipfire (with nginx as reverse proxy for let’s encrypt)
-> some servers on the LAN (later on DMZ maybe) : NAS (syno), home assistant (raspberry), WEB server (raspberry)
-> I’ve a permanent IP (with a three domain names) that permit access from Internet all these servers with https (let’s encrypt).
Now, I’ve build a mail server (iredmail) …

I can send and receive some mails (with NAT) … but not all : because (?) of authentification (?) smtp, pop3 and imap ?

I’ve read some articles … two solutions (for now ?!?) :slight_smile:
1- mailproxy with nginx (on ipfire) :
(for example)

2- mail proxy with postfix (on ipfire)

Two questions :slight_smile:
1/ what solution should I choose : nginx or postfix ? did you find a tuto ?
2/ did you eard about a better solution than iredmail (with SOGo) as mail server ?

Why put a proxy on mail traffic? Which ports are you forwarding?
Does the reverse pointer for the mailserver hostname point to your public ip address?

when I use port forwarding (imap, pop and smtp), some providers like (google) accept to send or receive mail from my mail server but others (gandi, outlook, …) refuse because MTA’s poor réputation or lack of authentification, … So I need authentification with let’s encrypt for example ; self signed certificates are not enough !

Authentication certificates are two very different things.

For authentication you can achieve it via the common email ports, plain and encrypted.
If you buy a certificate you can install it to your email and webserver.

Let’sencrypt it’s another way to make certificate work. The client has to talk with webserver to provide challenge and response, therefore install certificates to the services that need it.
There’s quite no proxy involved (to add) on the setup.

More explanations :
On ipfire, I’ve nginx as reverse proxy with let’s encrypt to access my NAS and my webserver via (it’s a private use). This config is ok.
But now, I want a personal mailserver (with Iredmail ?) - Iredmail works ok but the matter is “certificates” … “sending MTA’s reputation” … “smtp auth” “imap auth”.
I’m not clear because I probably doesn’t use right words.

I fund a very interesting tuto from nginx ( … May be use ipfire as imap auth backend ?
What about ?
What about smtp auth ? Is it MTA’s reputation ?

I too am trying to set this up… Same setup (Outisde world --> IPFire w/nginx and Let’s Encrypt for web servers/sites–>web servers) want to add iredmail as separate server with all of it basic features (SMNP, IMAP, webmail).

I can port forward in the firewall rules the needed ports but how (without manually copying the LE Certs every time they update) can I either forward the certs to the iRedmail server via proxy or some form of UUCP type thing for dovecot/postfix. I can proxy the webmail portion like I do the other webservers but so far not the dovecot/postifx portion.