Difference between revisions of "Postfix with SASL"

From ArchWiki
Jump to: navigation, search
m (rm spam spammer:girl)
(24 intermediate revisions by 18 users not shown)
Line 1: Line 1:
[[Category:Network]]
+
[[Category:Mail Server]]
'''Postfix with sasl support howto''' ( Justin Smithies - justin AT smithies.me.uk || formfixed by Pablo Bitreras - dexodvz AT vtr . net)
+
The postfix package in [extra] is compiled with sasl support:
 +
  pacman -S postfix cyrus-sasl
  
First you will need to install srcpac :
+
An example line for the {{ic|/etc/postfix/main.cf}} file to enable the SASL is below.
<pre>
+
{{bc|<nowiki>
pacman -Sy srcpac
+
mydestination = $myhostname, localhost.$mydomain, $mydomain
</pre>
+
myorigin = $mydomain
 +
smtpd_sasl_auth_enable = yes
 +
smtpd_sasl_security_options = noanonymous
 +
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
 +
smtpd_tls_auth_only = no
 +
smtpd_sasl_local_domain = $mydomain
 +
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit
 +
broken_sasl_auth_clients = yes
 +
relay_domains = *</nowiki>
 +
}}
  
Then type edit the <code>/etc/srcpac.conf</code> file and add the following :
+
You might want to change various options to suit your needs though.
<pre>
+
Setup Postfix as you normally would and [[Daemons#Starting_manually|start]] it.
# postfix sasl
+
If you want to start it at boot time see [[Daemons#Starting_on_boot]].
conf''postfix<code>('#source</code>(ftp://ftp.porcupine.org#source=(ftp://ftp.aet.tu-cottbus.de/pub/postfix''tls/pfixtls-0.8.18-2.1.3-0.9.7d.tar.gz ftp://ftp.porcupine.org#'
 
'#cd \$startdir/src/\$pkgname-\$pkgver#cd \$startdir/src/\$pkgname-\$pkgver\npatch -p1 < ../pfixtls-0.8.18-2.1.3-0.9.7d/pfixtls.diff#'
 
'#make OPT#make CCARGS<code>\\"-DUSE''SASL''AUTH -I/usr/include/sasl -DUSE_SSL -I/usr/include/openssl\\" AUXLIBS</code>\\"-L/usr/lib -R/usr/lib -lsasl2 -lssl -lcrypto\\" OPT#')
 
</pre>
 
 
 
Save the above then type :
 
<pre>
 
srcpac -Sb postfix
 
</pre>
 
  
This will download and build '''Postfix''' with '''SASL''' support.
+
SASL can use different authentication methods. The default one is PAM (as configured in {{ic|/etc/conf.d/saslauthd}}), but to set it up properly you have to create {{ic|/usr/lib/sasl2/smtpd.conf}}:
  
An example line for the <code>/etc/postfix/main.cf</code> file to enable the SASL is below.
+
{{bc|
<pre>
+
pwcheck_method: saslauthd
mydestination = $myhostname, localhost.$mydomain, $mydomain
+
saslauthd_path: /var/run/saslauthd/mux
myorigin = $mydomain
+
mech_list: plain login
smtpd''sasl''auth_enable = yes
+
log_level: 7
smtpd''sasl''security_options = noanonymous
+
}}
smtpd''sasl''tls''security''options = $smtpd''sasl''security_options
 
smtpd''tls''auth_only = no
 
smtpd''sasl''local_domain = $mydomain
 
smtpd''recipient''restrictions = permit''mynetworks,permit''sasl''authenticated,reject''unauth_destination,permit
 
broken''sasl''auth_clients = yes
 
relay_domains = *
 
</pre>
 
  
You might want to change various options to suit your needs though.
+
To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html
Setup Postfix as you normally would and start it with :
 
<pre>
 
/etc/rc.d/postfix start
 
</pre>
 
  
or add it to your <code>/etc/rc.conf</code> file so Postfix starts each reboot.
+
To start all the daemons:
 +
systemctl start postfix
 +
systemctl start saslauthd
  
 
Hopefully you should be able to telnet to your Postfix server with :
 
Hopefully you should be able to telnet to your Postfix server with :
  
<pre>
+
{{ic|telnet localhost 25}}
telnet localhost 25
 
  
 
You should then type :
 
You should then type :
  
EHLO test.com
+
{{ic|EHLO test.com}}
  
 
This is roughly what you should see :
 
This is roughly what you should see :
  
 +
{{bc|
 
Trying 127.0.0.1...
 
Trying 127.0.0.1...
  
Line 68: Line 60:
 
250-ETRN
 
250-ETRN
 
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
 
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN OTP DIGEST-MD5 CRAM-MD5
+
250-AUTH<nowiki>=</nowiki>PLAIN OTP DIGEST-MD5 CRAM-MD5
 
250 8BITMIME
 
250 8BITMIME
</pre>
+
}}

Revision as of 13:50, 4 January 2013

The postfix package in [extra] is compiled with sasl support: 

pacman -S postfix cyrus-sasl

An example line for the /etc/postfix/main.cf file to enable the SASL is below. 

mydestination = $myhostname, localhost.$mydomain, $mydomain
myorigin = $mydomain
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = no
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit
broken_sasl_auth_clients = yes
relay_domains = *

You might want to change various options to suit your needs though. Setup Postfix as you normally would and start it. If you want to start it at boot time see Daemons#Starting_on_boot.

SASL can use different authentication methods. The default one is PAM (as configured in /etc/conf.d/saslauthd), but to set it up properly you have to create /usr/lib/sasl2/smtpd.conf: 

pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login
log_level: 7

To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html

To start all the daemons: 

systemctl start postfix
systemctl start saslauthd

Hopefully you should be able to telnet to your Postfix server with :

telnet localhost 25

You should then type :

EHLO test.com

This is roughly what you should see : 

Trying 127.0.0.1...

Connected to localhost.localdomain
Escape character is '^]'

220 justin ESMTP Postfix
EHLO test.com
250-justin
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN OTP DIGEST-MD5 CRAM-MD5
250 8BITMIME
Retrieved from "https://wiki.archlinux.org/index.php?title=Postfix_with_SASL&oldid=242961"