tyme Posted April 16, 2008 Report Share Posted April 16, 2008 I'm working on setting up my server and I want to enable authentication before send for SMTP (Postfix). So far I've been able to get virtual mailboxes set up and working, but I can't find how to set postfix to authenticate these users before allowing them to send email. I want to do it this way so that I can avoid having an "completely" open relay while still being able to relay (so that users can send from any of the domains i host to anywhere). Any suggestions on how to approach this? I've essentially followed these directions, save for setting it up to allow checking with other than just squirrelmail. Link to comment Share on other sites More sharing options...
ianw1974 Posted April 16, 2008 Report Share Posted April 16, 2008 For authentication, you need to have cyrus-sasl, this is what I use with postfix. Then your directive within postfix is usually under smtpd_recipient_restrictions but can also be under smtpd_sender_restrictions and you put: smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain also, don't forget to put under smtpd_recipient_restrictions the reject_unauth_destination directive, else you will be an open relay. Then under mydestinations directive, list all domains you want your server to send/receive so that it's still not an open relay. If you put reject_unauth_destination, you'll need to put the domains under mydestination so as to ensure your more secure. I'd prefer it secured, than leaving it an open relay that requires authentication, in case something goes wrong! Link to comment Share on other sites More sharing options...
tyme Posted April 17, 2008 Author Report Share Posted April 17, 2008 I still seem to be missing a piece. I think postfix doesn't know how to authenticate the users...I'm not sure. Haven't had a lot of time to work on it just yet. Link to comment Share on other sites More sharing options...
ianw1974 Posted April 17, 2008 Report Share Posted April 17, 2008 Postfix does need a little bit of configuration for clients that are going to connect, and in particular one line for broken clients (Outlook - no surprise there!). When you have cyrus-sasl installed, you need to configure this with the IP of the machine that is providing the SMTP/POP3/IMAP services, so if the same server, then localhost will do in here. Otherwise, the IP of the other server. This is about the best document you could follow for doing this: http://www.gentoo.org/doc/en/virt-mail-howto.xml Look at section 4 for cyrus-sasl config and adapt it for your distro. Then look at section 6 for the SASL config. Ignore the TLS stuff, unless you want to use TLS with SMTP. Note, this is not the same as SMTPS (SSL). Link to comment Share on other sites More sharing options...
tyme Posted April 17, 2008 Author Report Share Posted April 17, 2008 (edited) thanks for the link...i'll try to sit down with that document tonight and see if i can get this configured correctly. Edited April 17, 2008 by tyme Link to comment Share on other sites More sharing options...
ianw1974 Posted April 17, 2008 Report Share Posted April 17, 2008 I'm using this config, so I know it works :) PM me if you need anything specific, as I have two working servers using SMTP auth, one with virtual domains, and one as an SMTP relay for two other email servers behind it. Link to comment Share on other sites More sharing options...
tyme Posted April 18, 2008 Author Report Share Posted April 18, 2008 (edited) [edit - apparently I was wrong, Thunderbird was set to use my old smtp server, which is why I thought it was working (it's not) ] now I'm not sure what's wrong...i could receive email before, but now I can't receive or send. When I attempt to connect to SMTP via localhost the connection either gets closed within a few seconds (by the server - "foreign host") or if I attempt EHLO I get no response back. I've tried sending a few emails and they aren't arriving. *sigh*...back to the drawing board. Edited April 18, 2008 by tyme Link to comment Share on other sites More sharing options...
tyme Posted April 18, 2008 Author Report Share Posted April 18, 2008 ugh. No progress. Setting this: mynetworks = my.ip.net.work/24, 127.0.0.0/8 In /etc/postfix/main.cf (following the Gentoo wiki) made smtp essentially unresponsive from localhost. I think some settings from the Gentoo wiki are causing problems...I'm not sure. Will have to get back to this tomorrow night. Link to comment Share on other sites More sharing options...
ianw1974 Posted April 18, 2008 Report Share Posted April 18, 2008 That shouldn't cause a problem, is practically the same as what I have in mine - all working OK. You must have some other config disturbing it. Link to comment Share on other sites More sharing options...
tyme Posted April 18, 2008 Author Report Share Posted April 18, 2008 I also found that setting myhostname and mydomain in /etc/postfix/main.cf causes mail to be delivered to the local users and not the virtual users. :unsure: Link to comment Share on other sites More sharing options...
tyme Posted April 18, 2008 Author Report Share Posted April 18, 2008 (edited) checking auth.log seems to have revealed the source of my issue: Apr 18 05:37:46 tymnia postfix/smtpd[27070]: sql_select option missing Now to figure out where in the configs i need to set this option...hmm...so far google hasn't provided an answer (aside from removing the sql ability for sasl, but that's not what i want to do). Edited April 18, 2008 by tyme Link to comment Share on other sites More sharing options...
ianw1974 Posted April 18, 2008 Report Share Posted April 18, 2008 I use mysql with my server. It's all in that Gentoo link I sent. I've even used this on CentOS/Red Hat too. Adapted slightly of course, but works. To disable local mail, edit master.cf and look for the local line and comment it out. Link to comment Share on other sites More sharing options...
tyme Posted April 19, 2008 Author Report Share Posted April 19, 2008 Adapted slightly of course, but works.I'm sure it does...I think I've just either missed a piece or there is some other difference in how arch does it that I'm missing. To disable local mail, edit master.cf and look for the local line and comment it out.Thanks for the tip :) Link to comment Share on other sites More sharing options...
ianw1974 Posted April 19, 2008 Report Share Posted April 19, 2008 I'm downloading the latest Arch iso now, so I'll replicate my config on this in vmware - won't take too long to see if I notice any issues. Link to comment Share on other sites More sharing options...
tyme Posted April 21, 2008 Author Report Share Posted April 21, 2008 (edited) note that I'm using 64-bit arch on this server, so there may be some differences if you grabbed 32-bit. Edited April 21, 2008 by tyme Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now