Add manual SMTP relay configuration

start_network.sh

@@ -192,58 +192,51 @@ else
 fi
 PID=$!
 
-# --- NEW: Enforce SMTP Relay (Brevo) ---
-if [[ -n "$RELAY_HOST" ]]; then
-    echo "🔗 Configuring SMTP Relay: $RELAY_HOST..."
-    
-    # 1. Configure Postfix to use the relay
-    # We wrap the host in [] to prevent MX lookups (standard for relays)
-    postconf -e "relayhost = [$RELAY_HOST]:$RELAY_PORT"
-    
-    # 2. Configure Authentication
-    if [[ -n "$RELAY_USER" ]] && [[ -n "$RELAY_PASSWORD" ]]; then
-        echo "   -> Setting Relay Authentication..."
-        
-        # Create the password file
-        echo "[$RELAY_HOST]:$RELAY_PORT $RELAY_USER:$RELAY_PASSWORD" > /etc/postfix/sasl_passwd
-        chmod 600 /etc/postfix/sasl_passwd
-        
-        # Hash it for Postfix
-        postmap /etc/postfix/sasl_passwd
-        
-        # Enable SASL for the relay
-        postconf -e 'smtp_sasl_auth_enable = yes'
-        postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
-        postconf -e 'smtp_sasl_security_options = noanonymous'
-    fi
-    
-    # 3. Reload Postfix to apply
-    supervisorctl restart postfix
-fi
-
-# 7. NEW: POST-START CONFIG ENFORCEMENT
-echo "⏳ Waiting 15s for vendor configs to generate..."
+# 7. POST-START CONFIG ENFORCEMENT
+echo "⏳ Waiting 15s for config generation..."
 sleep 15
 
-# C. Enforce SSL & Auth (The "Missing Link")
 echo "🔧 Enforcing Postfix SASL & Dovecot SSL..."
 
-# 1. Force Dovecot to require SSL
+# --- A. Force Dovecot SSL Required ---
 if [ -f /etc/dovecot/conf.d/10-ssl.conf ]; then
     sed -i 's/^ssl =.*/ssl = required/' /etc/dovecot/conf.d/10-ssl.conf
 fi
 
-# 2. Force Postfix to enable SASL Auth (THIS WAS MISSING)
-# This tells Postfix: "Use the Dovecot socket we created to check passwords"
+# --- B. Configure PHONE Authentication (Incoming) ---
+# This allows your phone to log in to port 587/465
+echo "   -> Enabling Phone Authentication (smtpd)..."
 postconf -e 'smtpd_sasl_type = dovecot'
 postconf -e 'smtpd_sasl_path = private/auth'
-postconf -e 'smtpd_sasl_auth_enable = yes'
+postconf -e 'smtpd_sasl_auth_enable = yes'  # <--- THIS IS THE FIX
+postconf -e 'smtpd_tls_auth_only = yes'
 
-# 3. Reload services to apply changes
-echo "🔄 Reloading Dovecot and Postfix..."
+# --- C. Configure BREVO Authentication (Outgoing) ---
+# This allows the server to log in to Brevo to send mail
+if [[ -n "$RELAY_HOST" ]]; then
+    echo "🔗 Configuring SMTP Relay: $RELAY_HOST..."
+    
+    # Configure Relay Host
+    postconf -e "relayhost = [$RELAY_HOST]:$RELAY_PORT"
+    
+    # Configure Relay Auth
+    if [[ -n "$RELAY_USER" ]] && [[ -n "$RELAY_PASSWORD" ]]; then
+        echo "   -> Setting Relay Authentication..."
+        
+        # Create password file
+        echo "[$RELAY_HOST]:$RELAY_PORT $RELAY_USER:$RELAY_PASSWORD" > /etc/postfix/sasl_passwd
+        chmod 600 /etc/postfix/sasl_passwd
+        postmap /etc/postfix/sasl_passwd
+        
+        # Enable Client Auth
+        postconf -e 'smtp_sasl_auth_enable = yes'
+        postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
+        postconf -e 'smtp_sasl_security_options = noanonymous'
+    fi
+fi
+
+echo "🔄 Reloading services..."
 supervisorctl restart dovecot
 supervisorctl restart postfix
 
-# 8. KEEP ALIVE
-# Wait for the main mailserver process to exit
 wait $PID