Re: how to install postfix on my 11.10 box with everything else in place?

On Tue, 2011-11-08 at 14:25 -0500, Rashkae wrote:
ISP accepts plain e-mail on their own port 25 for forwarding. However,
ISP's increasingly require some kind of authentication for outgoing
e-mail, even when it originates from one of their IP's (again, to combat
those evil self mailing virii.) If your ISP smtp server requires
authentication, then I'll have to defer to someone else for instructions
on how to configure it.



Here's the text from my notes on how to do it. I'm actually not using my
ISP's SMTP server - my ISP is Virgin Media and I'm using the
authenticated SMTP server at 1&1.

Set up a temporary hack machine with a fresh install of Ubuntu Server,
fix the IP address, set it as your outgoing mail server in your
kmail/evolution/whatever and fiddle with it until it works, then
transfer your working configuration to your production server.

You'll also have to set the relayhost parameter in main.cf

This text pinched from:-
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html

See also my pdf file of the web site.


16. SMTP Authentication for Mail servers
Prev Next
16. SMTP Authentication for Mail servers

SMTP AUTH for mail server is a feature that is often required to relay
mail through other mail servers. To enable SMTP AUTH for Postfix, acting
as mail client in this scenario, you need to do the following steps:

Procedure 10. Configure SMTP AUTH for mail servers

1. Provide a file, which will holds necessary information about
credentials
2. Configure Postfix to enable SMTP AUTH for the smtp daemon
3. Configure Postfix to use the file with the SASL credentials.

16.1. Add credentials to sasl_passwd

Postfix, acting as mail client in this scenario, will need to be able to

1. know when to provide a username and password
2. pick the right credentials when there is more than one mail server
who requires Postfix to SMTP AUTH

16.1.1. Enter credentials

These informations are layed down in /etc/postfix/sasl_passwd:

[root@mail postfix]# less /etc/postfix/sasl_passwd
# foo.com1 username:password2
# bar.com username:password

1 Using the hostname Postfix can identify the correct username:password
when there are multiple entries in sasl_passwd
2 username:password are entered in plaintext format. They are separated
by a single colon “:”

The mail server that we want to relay through in this example is
mail.my-isp.org; username is test and it's password is testpass. We
open /etc/postfix/sasl_passwd and add our credentials. When we are done
it looks like this:

[root@mail postfix]# cat /etc/postfix/sasl_passwd
mail.my-isp.org test:testpass

16.1.2. Secure sasl_passwd

As you have noticed, the credentials in sasl_passwd are entered
plaintext. That means that anybody who can open the file will be able to
read this sensitive information. Therefore we change ownership and
permission to root and r/w only.

[root@mail postfix]# chown root:root /etc/postfix/sasl_passwd && chmod
600 /etc/postfix/sasl_passwd

After these commands ownership and permissions read like this:

[root@mail postfix]# ls -all /etc/postfix/sasl_passwd
-rw------- 1 root root 79 Dec 30
23:50 /etc/postfix/sasl_passwd

[Note] Note

You wonder why Postfix running as user postfix can read this file?

Postfix will start as user root, read all files that need root
permission and switch to user postfix after that.
16.1.3. Create sasl_passwd DB file

Now that we have set correct ownership and permissions there is one more
thing to do. A plaintext file can't be read as fast as database. Postfix
requires this file to be a database, because it doesn't want to spend a
lot of time looking the credentials up when it needs to get it's job
done. We create a sasl_passwd.db with the help of postmap:

[root@mail postfix]# postmap hash:/etc/postfix/sasl_passwd

After that there will be a new file sasl_passwd.db in /etc/postfix/.

[root@mail postfix]# ls -all /etc/postfix/sasl_passwd.db
-rw------- 1 root root 12288 Mar 13
23:13 /etc/postfix/sasl_passwd.db

From the onwership and permissions you can see that postmap applied the
same as in the source file. That's it for sasl_passwd; you only need to
get back when the informations need an update.
[Note] Note

Don't forget to postmap the file, when you change credentials. Postfix
will tell you anyway by claiming that sasl_passwd is newer than
sasl_passwd.db in the maillog.
16.2. Enable SMTP AUTH

There are only three options that you must set to enable SMTP AUTH for
mail servers in Postfix.
[Note] Note

You can easily tell that these parameters are settings for the smtp
daemon. They all begin with smtp_.
16.2.1. Enable SMTP AUTH

The first thing we do is enabling SMTP AUTH for the smtp daemon. We open
main.cf and enter some documentation first and then we set
smtp_sasl_auth_enable to yes.

# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes

16.2.2. Set path to sasl_passwd

Then we tell Postfix where to find sasl_passwd by adding
smtp_sasl_password_maps = hash:/path/to/sasl_passwd to the
configuration.

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

16.2.3. Set security options

Finally we set security options. In our scenario we will allow Postfix
to use anonymous and plaintext authentication. That's why we set the
paramter, but leave it empty:

smtp_sasl_security_options =

All settings together will give this listing in main.cf.

# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

16.2.4. Reload Postfix

All that you need to do now is to reload Postfix and you're ready to use
your ISPs mail server to relay mail.

[root@mail postfix]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system

Have fun!



--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: [SLE] sendmail vs postfix.
    ... You can do that with postfix. ... There's a delivery concurrency setting ... > a pair of mail servers with one delivering to a script that then delivered ... > is also real easy to break a sendmail install in such a way as to make ...
    (SuSE)
  • Re: Sendmail or Postfix
    ... Subject: Sendmail or Postfix ... > opinions on mail servers. ... It seems to have enough features to get me started while ...
    (RedHat)
  • Re: Can receive but cant send email
    ... >> some limitations though (some mail servers refuse the e-mail once in a ... Postfix enabler is nice, but it's shareware. ... SMTP is SMTP. ...
    (microsoft.public.mac.office.entourage)
  • postfix smtp auth TLS , cyrus sasl SSL/TLS
    ... Trying to get cyrus with SSL/TLS, as well as postfix with smtp auth ... I can login to imap accounts using SSL or TLS, and CRAM-MD5, etc. ... now that I am trying to get postfix smtp auth working through sasl, ...
    (freebsd-questions)
  • Re: Python vs C for a mail server
    ... The first four mail servers listed are, ... >> pretty sure O'Reilly has books for sendmail, postfix, and exim; ... >> know about qmail. ... >O'Reilly does have an Exim book, but it is out of date. ...
    (comp.lang.python)