Difference between revisions of "PostFix Howto With SASL"

From ArchWiki
Jump to: navigation, search
(rm spam)
(32 intermediate revisions by 20 users not shown)
Line 1: Line 1:
[[Category:Network]]
+
[[Category:Mail Server]]
'''Postfix with sasl support howto''' ( Justin Smithies - justin AT smithies.me.uk || formfixed by Pablo Bitreras - dexodvz AT vtr . net)
+
The postfix package in [extra] is compiled with sasl support:
 +
  pacman -S postfix cyrus-sasl
  
First you will need to install srcpac :
+
An example line for the {{ic|/etc/postfix/main.cf}} file to enable the SASL is below.
<pre>
+
{{bc|<nowiki>
pacman -Sy srcpac
+
mydestination = $myhostname, localhost.$mydomain, $mydomain
</pre>
+
myorigin = $mydomain
 +
smtpd_sasl_auth_enable = yes
 +
smtpd_sasl_security_options = noanonymous
 +
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
 +
smtpd_tls_auth_only = no
 +
smtpd_sasl_local_domain = $mydomain
 +
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit
 +
broken_sasl_auth_clients = yes
 +
relay_domains = *</nowiki>
 +
}}
  
Then type edit the <code>/etc/srcpac.conf</code> file and add the following :
+
You might want to change various options to suit your needs though.
<pre>
+
Setup Postfix as you normally would and [[Daemons#Starting_manually|start]] it.
# postfix sasl
+
If you want to start it at boot time see [[Daemons#Starting_on_boot]].
conf''postfix<code>('#source</code>(ftp://ftp.porcupine.org#source=(ftp://ftp.aet.tu-cottbus.de/pub/postfix''tls/pfixtls-0.8.18-2.1.3-0.9.7d.tar.gz ftp://ftp.porcupine.org#'
+
'#cd \$startdir/src/\$pkgname-\$pkgver#cd \$startdir/src/\$pkgname-\$pkgver\npatch -p1 < ../pfixtls-0.8.18-2.1.3-0.9.7d/pfixtls.diff#'
+
'#make OPT#make CCARGS<code>\\"-DUSE''SASL''AUTH -I/usr/include/sasl -DUSE_SSL -I/usr/include/openssl\\" AUXLIBS</code>\\"-L/usr/lib -R/usr/lib -lsasl2 -lssl -lcrypto\\" OPT#')
+
</pre>
+
  
Save the above then type :
+
SASL can use different authentication methods. The default one is PAM (as configured in {{ic|/etc/conf.d/saslauthd}}), but to set it up properly you have to create {{ic|/usr/lib/sasl2/smtpd.conf}}:
<pre>
+
srcpac -Sb postfix
+
</pre>
+
  
This will download and build '''Postfix''' with '''SASL''' support.
+
{{bc|
 +
pwcheck_method: saslauthd
 +
saslauthd_path: /var/run/saslauthd/mux
 +
mech_list: plain login
 +
log_level: 7
 +
}}
  
An example line for the <code>/etc/postfix/main.cf</code> file to enable the SASL is below.
+
To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html
<pre>
+
mydestination = $myhostname, localhost.$mydomain, $mydomain
+
myorigin = $mydomain
+
smtpd''sasl''auth_enable = yes
+
smtpd''sasl''security_options = noanonymous
+
smtpd''sasl''tls''security''options = $smtpd''sasl''security_options
+
smtpd''tls''auth_only = no
+
smtpd''sasl''local_domain = $mydomain
+
smtpd''recipient''restrictions = permit''mynetworks,permit''sasl''authenticated,reject''unauth_destination,permit
+
broken''sasl''auth_clients = yes
+
relay_domains = *
+
</pre>
+
  
You might want to change various options to suit your needs though.
+
To start all the daemons:
Setup Postfix as you normally would and start it with :
+
systemctl start postfix
<pre>
+
systemctl start saslauthd
/etc/rc.d/postfix start
+
</pre>
+
 
+
or add it to your <code>/etc/rc.conf</code> file so Postfix starts each reboot.
+
  
 
Hopefully you should be able to telnet to your Postfix server with :
 
Hopefully you should be able to telnet to your Postfix server with :
  
<pre>
+
{{ic|telnet localhost 25}}
telnet localhost 25
+
  
 
You should then type :
 
You should then type :
  
EHLO test.com
+
{{ic|EHLO test.com}}
  
 
This is roughly what you should see :
 
This is roughly what you should see :
  
 +
{{bc|
 
Trying 127.0.0.1...
 
Trying 127.0.0.1...
  
Line 68: Line 60:
 
250-ETRN
 
250-ETRN
 
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
 
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN OTP DIGEST-MD5 CRAM-MD5
+
250-AUTH<nowiki>=</nowiki>PLAIN OTP DIGEST-MD5 CRAM-MD5
 
250 8BITMIME
 
250 8BITMIME
</pre>
+
}}

Revision as of 13:50, 4 January 2013

The postfix package in [extra] is compiled with sasl support:

pacman -S postfix cyrus-sasl

An example line for the /etc/postfix/main.cf file to enable the SASL is below.

mydestination = $myhostname, localhost.$mydomain, $mydomain
myorigin = $mydomain
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = no
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit
broken_sasl_auth_clients = yes
relay_domains = *

You might want to change various options to suit your needs though. Setup Postfix as you normally would and start it. If you want to start it at boot time see Daemons#Starting_on_boot.

SASL can use different authentication methods. The default one is PAM (as configured in /etc/conf.d/saslauthd), but to set it up properly you have to create /usr/lib/sasl2/smtpd.conf:

pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login
log_level: 7

To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html

To start all the daemons:

systemctl start postfix
systemctl start saslauthd

Hopefully you should be able to telnet to your Postfix server with :

telnet localhost 25

You should then type :

EHLO test.com

This is roughly what you should see :

Trying 127.0.0.1...

Connected to localhost.localdomain
Escape character is '^]'

220 justin ESMTP Postfix
EHLO test.com
250-justin
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN OTP DIGEST-MD5 CRAM-MD5
250 8BITMIME