It’s too bad that adding the provider’s external smtp server(s) to mynetworks didn’t yet allow them to deliver self-originating emails.
I would have liked that routing solution, because if the email clients submit to the external smtp server, that would allow email to continue working even when the own server or its internet connection is down. A solution that could allow to continue receiving emails during the downtime might be to use the provider mailboxes (MX) but normally just let them forward all email to self-hosted (internal) addresses (providing the regular imap access and complete email archive for the clients). Then the copies on the provider’s imap server can get auto-deleted after say 30 days to avoid filling up the mailbox. But when the server is down, one may still simply check the imap mailbox at the provider, to see any new and the most recent emails until the own server is back up. (Sending just continues working as usual, submitting emails directly to the provider.)
The other solution is to let all your email clients submit all emails to your own “smtp.thatoo.com” server, but let the own server use the provider’s smtp as relayhost (with login). I suppose that is also what @Dams is doing, he just only refers to the webmail client on the same box when talking of using localhost:587. Such a “sasl_password_map relayhost” configuration is shown in the easiest experimental form (simple single file main.cf config, login not hidden in a separte root owned file) in “Setup the relay server” in the (general debian) howto that I already linked to above. But then, when the own server is down there is also no way to communicate with the usual email addresses anymore. (For coordination, help seeking and minimal fallback for all the other services on the own server like chat, files, etc.)
Guess the problem with receiving own domain email from an external smtp server could have to do with the default configuration only allowing the own domain in the From: header when receiving on port 587, but completely blocking it on port 25?
BTW: The Yunohost recomendation to request a -all configuration also blocks legit forwarded yunohost emails, and webform contact emails, for recipients that honor SFP.
So -all may be a yunohost default to reconsider, and to comment accordingly in the admin interface.
Because of the above problems it’s often recommended to only request at most a “softfail” for other smtp senders, by using ~all instead of -all.
I don’t use dyndns, I use a VPN with fixe IPv4.
I’ve just changed to ~all in the DNS of Gandi and I’ll test tomorrow (24h for DNS to be surely updated). I’ll let you know.
Hope it does help. Make sure to have the server IPs in mynetworks, in case you removed them. Once you have it working, it would be great if you could file a proper bugreport about supporting an external smtp server (in and out / mynetworks and relayhost), and allowing forwarding of own emails at recipients, and webform usage, etc.