Difference between revisions of "Postfix with SASL"
m (rm spam spammer:girl) |
|||
(24 intermediate revisions by 18 users not shown) | |||
Line 1: | Line 1: | ||
− | [[Category: | + | [[Category:Mail Server]] |
− | + | The postfix package in [extra] is compiled with sasl support: | |
+ | pacman -S postfix cyrus-sasl | ||
− | + | An example line for the {{ic|/etc/postfix/main.cf}} file to enable the SASL is below. | |
− | < | + | {{bc|<nowiki> |
− | + | mydestination = $myhostname, localhost.$mydomain, $mydomain | |
− | </ | + | myorigin = $mydomain |
+ | smtpd_sasl_auth_enable = yes | ||
+ | smtpd_sasl_security_options = noanonymous | ||
+ | smtpd_sasl_tls_security_options = $smtpd_sasl_security_options | ||
+ | smtpd_tls_auth_only = no | ||
+ | smtpd_sasl_local_domain = $mydomain | ||
+ | smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit | ||
+ | broken_sasl_auth_clients = yes | ||
+ | relay_domains = *</nowiki> | ||
+ | }} | ||
− | + | You might want to change various options to suit your needs though. | |
− | + | Setup Postfix as you normally would and [[Daemons#Starting_manually|start]] it. | |
− | + | If you want to start it at boot time see [[Daemons#Starting_on_boot]]. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | SASL can use different authentication methods. The default one is PAM (as configured in {{ic|/etc/conf.d/saslauthd}}), but to set it up properly you have to create {{ic|/usr/lib/sasl2/smtpd.conf}}: | |
− | + | {{bc| | |
− | + | pwcheck_method: saslauthd | |
− | + | saslauthd_path: /var/run/saslauthd/mux | |
− | + | mech_list: plain login | |
− | + | log_level: 7 | |
− | + | }} | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html | |
− | |||
− | |||
− | / | ||
− | |||
− | + | To start all the daemons: | |
+ | systemctl start postfix | ||
+ | systemctl start saslauthd | ||
Hopefully you should be able to telnet to your Postfix server with : | Hopefully you should be able to telnet to your Postfix server with : | ||
− | + | {{ic|telnet localhost 25}} | |
− | telnet localhost 25 | ||
You should then type : | You should then type : | ||
− | EHLO test.com | + | {{ic|EHLO test.com}} |
This is roughly what you should see : | This is roughly what you should see : | ||
+ | {{bc| | ||
Trying 127.0.0.1... | Trying 127.0.0.1... | ||
Line 68: | Line 60: | ||
250-ETRN | 250-ETRN | ||
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5 | 250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5 | ||
− | 250-AUTH=PLAIN OTP DIGEST-MD5 CRAM-MD5 | + | 250-AUTH<nowiki>=</nowiki>PLAIN OTP DIGEST-MD5 CRAM-MD5 |
250 8BITMIME | 250 8BITMIME | ||
− | + | }} |
Revision as of 13:50, 4 January 2013
The postfix package in [extra] is compiled with sasl support:
pacman -S postfix cyrus-sasl
An example line for the /etc/postfix/main.cf
file to enable the SASL is below.
mydestination = $myhostname, localhost.$mydomain, $mydomain myorigin = $mydomain smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_tls_auth_only = no smtpd_sasl_local_domain = $mydomain smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit broken_sasl_auth_clients = yes relay_domains = *
You might want to change various options to suit your needs though. Setup Postfix as you normally would and start it. If you want to start it at boot time see Daemons#Starting_on_boot.
SASL can use different authentication methods. The default one is PAM (as configured in /etc/conf.d/saslauthd
), but to set it up properly you have to create /usr/lib/sasl2/smtpd.conf
:
pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: plain login log_level: 7
To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html
To start all the daemons:
systemctl start postfix systemctl start saslauthd
Hopefully you should be able to telnet to your Postfix server with :
telnet localhost 25
You should then type :
EHLO test.com
This is roughly what you should see :
Trying 127.0.0.1... Connected to localhost.localdomain Escape character is '^]' 220 justin ESMTP Postfix EHLO test.com 250-justin 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5 250-AUTH=PLAIN OTP DIGEST-MD5 CRAM-MD5 250 8BITMIME