I’ve finished up here (and trying out Tailscale) for one small purpose only. I want to be able to send email through the SMTP server on my home computer across the internet, from my phone and laptop. I’ve tried many ways without success.
Can someone be so kind as to point this noob to the relevant features / settings of Tailscale and relevant help docs. Thanks in anticipation.
Ok, so the easiest way would be to install tailscale on your home computer (where your smtp server is running) and on your phone / laptop.
when you have installed tailscale on all your devices, you should see them listed under the machines tab in your tailscale admin portal on tailscale.com. The next step i’d recommend is to disable key-expiry on your home computer so you wont need to login again after a period of time.
at this moment, your devices should be able to ping all the other devices on tailscale (with the 100.x.x.x IP you can find on the admin portal).
Lets say your home computer has assigned the tailscale IP 100.50.60.20.
Thats the IP you need to specify in your mail client as smtp-server.
It may be necessary to adjust your home computers firewall to allow incoming smtp-traffic from the tailscale network.
Fantastic. Thanks so much for the clear noob-friendly directions. Sorry for delay getting back. I managed to miss the notification somehow.
Anyway since posting here I’ve been continuing on, and most of what you’ve said I’ve more or less acquired. It doesn’t look as if I’ll need to do anything with my computer’s firewall, so far. But we’ll see.
A supplementary question if I could beg your indulgence (or that of other forum members). Not so much macOS specific this time. What has actually worked best so far has been very simply sending email to the (postfix) server using port 25, no SSL/TLS, and no SASL authentication details. It feels like I’ve stepped through the looking glass, especially after weeks of trying unsuccessfully to configure postfix (and our router, with port forwarding etc) to allow me to relay mail to my own server over the internet. So the question itself: Is it really true that I can safely relay email through my server - via my tailnet , across the big bad internet, using no more authentication than my tailnet IP? Is it really that good, that simple? Or should one still configure client etc restrictions in the server?
Glad you got it working!
For your security question: yes, it‘s that simple! Theoretically. Why? Because everything can and most likely will get a security flaw, like we saw in the past with the windows client. But it got fixed very fast.
The big bad internet can’t see into your tailscale tunnel. That’s what it is made for. Protect your private servers from the WWW.
So yes, it would be enough to limit your postfix to the Tailscale network.
However, if it is possible, I would configure a simple username/password auth for the postfix server nevertheless. Just for my own paranoia.
Just don’t ever open port 25 directly to the WWW (portforwarding) without proper protection. No need for it anyways since you’re now running tailscale.
Many thanks, Jonas. You’ve been most helpful. Cheers.
So here I am to revive this thread. The new element is that I’ve just upgraded the home desktop to Ventura. Suddenly the local smtp functionality has taken a nosedive. Sending email from the desktop host itself is doing as fine as ever. But sending remotely from my laptop (still on Monterey) and iPhone (ios16) is another matter. Emails appear from my end to have been sent successfully, but the recipients never receive them. I try again, and again with the same messages → same result. Does anyone know whether there’s some bug in Ventura (or Tailscale itself for that matter) that might be causing this?
eN0ch, did you resolve this yet? I had the same issue, but I just re-initialized everything and it’s working fine.
Another question however, I am attempting to use Proofpoint (email security) and came across your email in overcoming email obstacles with Tailscale. After reading it, it appears the only port you have opened in your firewall is port 25; is that correct?