how to install postfix on my 11.10 box with everything else in place?
David Fletcher
dave at thefletchers.net
Tue Nov 8 20:25:57 UTC 2011
On Tue, 2011-11-08 at 14:25 -0500, Rashkae wrote:
> ISP accepts plain e-mail on their own port 25 for forwarding. However,
> ISP's increasingly require some kind of authentication for outgoing
> e-mail, even when it originates from one of their IP's (again, to combat
> those evil self mailing virii.) If your ISP smtp server requires
> authentication, then I'll have to defer to someone else for instructions
> on how to configure it.
>
>
Here's the text from my notes on how to do it. I'm actually not using my
ISP's SMTP server - my ISP is Virgin Media and I'm using the
authenticated SMTP server at 1&1.
Set up a temporary hack machine with a fresh install of Ubuntu Server,
fix the IP address, set it as your outgoing mail server in your
kmail/evolution/whatever and fiddle with it until it works, then
transfer your working configuration to your production server.
You'll also have to set the relayhost parameter in main.cf
This text pinched from:-
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html
See also my pdf file of the web site.
16. SMTP Authentication for Mail servers
Prev Next
16. SMTP Authentication for Mail servers
SMTP AUTH for mail server is a feature that is often required to relay
mail through other mail servers. To enable SMTP AUTH for Postfix, acting
as mail client in this scenario, you need to do the following steps:
Procedure 10. Configure SMTP AUTH for mail servers
1. Provide a file, which will holds necessary information about
credentials
2. Configure Postfix to enable SMTP AUTH for the smtp daemon
3. Configure Postfix to use the file with the SASL credentials.
16.1. Add credentials to sasl_passwd
Postfix, acting as mail client in this scenario, will need to be able to
1. know when to provide a username and password
2. pick the right credentials when there is more than one mail server
who requires Postfix to SMTP AUTH
16.1.1. Enter credentials
These informations are layed down in /etc/postfix/sasl_passwd:
[root at mail postfix]# less /etc/postfix/sasl_passwd
# foo.com1 username:password2
# bar.com username:password
1 Using the hostname Postfix can identify the correct username:password
when there are multiple entries in sasl_passwd
2 username:password are entered in plaintext format. They are separated
by a single colon “:”
The mail server that we want to relay through in this example is
mail.my-isp.org; username is test and it's password is testpass. We
open /etc/postfix/sasl_passwd and add our credentials. When we are done
it looks like this:
[root at mail postfix]# cat /etc/postfix/sasl_passwd
mail.my-isp.org test:testpass
16.1.2. Secure sasl_passwd
As you have noticed, the credentials in sasl_passwd are entered
plaintext. That means that anybody who can open the file will be able to
read this sensitive information. Therefore we change ownership and
permission to root and r/w only.
[root at mail postfix]# chown root:root /etc/postfix/sasl_passwd && chmod
600 /etc/postfix/sasl_passwd
After these commands ownership and permissions read like this:
[root at mail postfix]# ls -all /etc/postfix/sasl_passwd
-rw------- 1 root root 79 Dec 30
23:50 /etc/postfix/sasl_passwd
[Note] Note
You wonder why Postfix running as user postfix can read this file?
Postfix will start as user root, read all files that need root
permission and switch to user postfix after that.
16.1.3. Create sasl_passwd DB file
Now that we have set correct ownership and permissions there is one more
thing to do. A plaintext file can't be read as fast as database. Postfix
requires this file to be a database, because it doesn't want to spend a
lot of time looking the credentials up when it needs to get it's job
done. We create a sasl_passwd.db with the help of postmap:
[root at mail postfix]# postmap hash:/etc/postfix/sasl_passwd
After that there will be a new file sasl_passwd.db in /etc/postfix/.
[root at mail postfix]# ls -all /etc/postfix/sasl_passwd.db
-rw------- 1 root root 12288 Mar 13
23:13 /etc/postfix/sasl_passwd.db
>From the onwership and permissions you can see that postmap applied the
same as in the source file. That's it for sasl_passwd; you only need to
get back when the informations need an update.
[Note] Note
Don't forget to postmap the file, when you change credentials. Postfix
will tell you anyway by claiming that sasl_passwd is newer than
sasl_passwd.db in the maillog.
16.2. Enable SMTP AUTH
There are only three options that you must set to enable SMTP AUTH for
mail servers in Postfix.
[Note] Note
You can easily tell that these parameters are settings for the smtp
daemon. They all begin with smtp_.
16.2.1. Enable SMTP AUTH
The first thing we do is enabling SMTP AUTH for the smtp daemon. We open
main.cf and enter some documentation first and then we set
smtp_sasl_auth_enable to yes.
# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes
16.2.2. Set path to sasl_passwd
Then we tell Postfix where to find sasl_passwd by adding
smtp_sasl_password_maps = hash:/path/to/sasl_passwd to the
configuration.
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
16.2.3. Set security options
Finally we set security options. In our scenario we will allow Postfix
to use anonymous and plaintext authentication. That's why we set the
paramter, but leave it empty:
smtp_sasl_security_options =
All settings together will give this listing in main.cf.
# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
16.2.4. Reload Postfix
All that you need to do now is to reload Postfix and you're ready to use
your ISPs mail server to relay mail.
[root at mail postfix]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
Have fun!
More information about the ubuntu-users
mailing list