Jump to content

SMTP Authenticate before send


Recommended Posts

I'm working on setting up my server and I want to enable authentication before send for SMTP (Postfix). So far I've been able to get virtual mailboxes set up and working, but I can't find how to set postfix to authenticate these users before allowing them to send email. I want to do it this way so that I can avoid having an "completely" open relay while still being able to relay (so that users can send from any of the domains i host to anywhere).

 

Any suggestions on how to approach this? I've essentially followed these directions, save for setting it up to allow checking with other than just squirrelmail.

Link to comment
Share on other sites

For authentication, you need to have cyrus-sasl, this is what I use with postfix. Then your directive within postfix is usually under smtpd_recipient_restrictions but can also be under smtpd_sender_restrictions and you put:

 

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain

 

also, don't forget to put under smtpd_recipient_restrictions the reject_unauth_destination directive, else you will be an open relay. Then under mydestinations directive, list all domains you want your server to send/receive so that it's still not an open relay. If you put reject_unauth_destination, you'll need to put the domains under mydestination so as to ensure your more secure. I'd prefer it secured, than leaving it an open relay that requires authentication, in case something goes wrong!

Link to comment
Share on other sites

I still seem to be missing a piece. I think postfix doesn't know how to authenticate the users...I'm not sure. Haven't had a lot of time to work on it just yet.

Link to comment
Share on other sites

Postfix does need a little bit of configuration for clients that are going to connect, and in particular one line for broken clients (Outlook - no surprise there!).

 

When you have cyrus-sasl installed, you need to configure this with the IP of the machine that is providing the SMTP/POP3/IMAP services, so if the same server, then localhost will do in here. Otherwise, the IP of the other server.

 

This is about the best document you could follow for doing this:

 

http://www.gentoo.org/doc/en/virt-mail-howto.xml

 

Look at section 4 for cyrus-sasl config and adapt it for your distro. Then look at section 6 for the SASL config. Ignore the TLS stuff, unless you want to use TLS with SMTP. Note, this is not the same as SMTPS (SSL).

Link to comment
Share on other sites

thanks for the link...i'll try to sit down with that document tonight and see if i can get this configured correctly.

Edited by tyme
Link to comment
Share on other sites

I'm using this config, so I know it works :)

 

PM me if you need anything specific, as I have two working servers using SMTP auth, one with virtual domains, and one as an SMTP relay for two other email servers behind it.

Link to comment
Share on other sites

[edit - apparently I was wrong, Thunderbird was set to use my old smtp server, which is why I thought it was working (it's not) ]

 

now I'm not sure what's wrong...i could receive email before, but now I can't receive or send. When I attempt to connect to SMTP via localhost the connection either gets closed within a few seconds (by the server - "foreign host") or if I attempt EHLO I get no response back. I've tried sending a few emails and they aren't arriving.

 

*sigh*...back to the drawing board.

Edited by tyme
Link to comment
Share on other sites

ugh. No progress. Setting this:

mynetworks = my.ip.net.work/24, 127.0.0.0/8

In /etc/postfix/main.cf (following the Gentoo wiki) made smtp essentially unresponsive from localhost. I think some settings from the Gentoo wiki are causing problems...I'm not sure. Will have to get back to this tomorrow night.

Link to comment
Share on other sites

That shouldn't cause a problem, is practically the same as what I have in mine - all working OK. You must have some other config disturbing it.

Link to comment
Share on other sites

I also found that setting myhostname and mydomain in /etc/postfix/main.cf causes mail to be delivered to the local users and not the virtual users. :unsure:

Link to comment
Share on other sites

checking auth.log seems to have revealed the source of my issue:

Apr 18 05:37:46 tymnia postfix/smtpd[27070]: sql_select option missing

Now to figure out where in the configs i need to set this option...hmm...so far google hasn't provided an answer (aside from removing the sql ability for sasl, but that's not what i want to do).

Edited by tyme
Link to comment
Share on other sites

I use mysql with my server. It's all in that Gentoo link I sent. I've even used this on CentOS/Red Hat too. Adapted slightly of course, but works.

 

To disable local mail, edit master.cf and look for the local line and comment it out.

Link to comment
Share on other sites

Adapted slightly of course, but works.
I'm sure it does...I think I've just either missed a piece or there is some other difference in how arch does it that I'm missing.

 

To disable local mail, edit master.cf and look for the local line and comment it out.
Thanks for the tip :)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...