Difference between revisions of "PostFix Howto With SASL"

From ArchWiki
Jump to: navigation, search
m (rv)
m
(47 intermediate revisions by 24 users not shown)
Line 1: Line 1:
[[Category:Network]]
+
[[Category:Mail Server]]
'''Postfix with sasl support howto'''  ( Justin Smithies - justin AT smithies.me.uk || formfixed by Pablo Bitreras - dexodvz AT vtr . net)
+
  
First you will need to install srcpac :
+
The {{pkg|postfix}} package in [extra] is compiled with SASL support:
<pre>
+
pacman -Sy srcpac
+
</pre>
+
  
Then type edit the <code>/etc/srcpac.conf</code> file and add the following :
+
pacman -S postfix cyrus-sasl
<pre>
+
# postfix sasl
+
conf''postfix<code>('#source</code>(ftp://ftp.porcupine.org#source=(ftp://ftp.aet.tu-cottbus.de/pub/postfix''tls/pfixtls-0.8.18-2.1.3-0.9.7d.tar.gz ftp://ftp.porcupine.org#'
+
'#cd \$startdir/src/\$pkgname-\$pkgver#cd \$startdir/src/\$pkgname-\$pkgver\npatch -p1 < ../pfixtls-0.8.18-2.1.3-0.9.7d/pfixtls.diff#'
+
'#make OPT#make CCARGS<code>\\"-DUSE''SASL''AUTH -I/usr/include/sasl -DUSE_SSL -I/usr/include/openssl\\" AUXLIBS</code>\\"-L/usr/lib -R/usr/lib -lsasl2 -lssl -lcrypto\\" OPT#')
+
</pre>
+
  
Save the above then type :
+
To enable SASL for accepting mail from other users, open the [http://tools.ietf.org/html/rfc6409 "Message submission"] port (TCP 587) in {{ic|/etc/postfix/master.cf}}, by uncommenting these lines (which are there by default, just commented):
<pre>
+
srcpac -Sb postfix
+
</pre>
+
  
This will download and build '''Postfix''' with '''SASL''' support.
+
{{bc|<nowiki>
 +
submission inet n      -      n      -      -      smtpd
 +
  -o syslog_name=postfix/submission
 +
  -o smtpd_tls_security_level=encrypt
 +
  -o smtpd_sasl_auth_enable=yes
 +
  -o smtpd_reject_unlisted_recipient=no
 +
#  -o smtpd_client_restrictions=$mua_client_restrictions
 +
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
 +
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
 +
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
 +
  -o milter_macro_daemon_name=ORIGINATING
 +
</nowiki>}}
  
An example line for the <code>/etc/postfix/main.cf</code> file to enable the SASL is below.
+
Note that this also enables SSL, so if you do not have a SSL certificate, keep the "smtpd_tls_security_level" option commented out.
<pre>
+
mydestination = $myhostname, localhost.$mydomain, $mydomain
+
myorigin = $mydomain
+
smtpd''sasl''auth_enable = yes
+
smtpd''sasl''security_options = noanonymous
+
smtpd''sasl''tls''security''options = $smtpd''sasl''security_options
+
smtpd''tls''auth_only = no
+
smtpd''sasl''local_domain = $mydomain
+
smtpd''recipient''restrictions = permit''mynetworks,permit''sasl''authenticated,reject''unauth_destination,permit
+
broken''sasl''auth_clients = yes
+
relay_domains = *
+
</pre>
+
  
You might want to change various options to suit your needs though.
+
The three restriction options (client, helo, sender) can also be left commented out, since smtpd_recipient_restrictions already handles SASL users.
Setup Postfix as you normally would and start it with :
+
<pre>
+
/etc/rc.d/postfix start
+
</pre>
+
  
or add it to your <code>/etc/rc.conf</code> file so Postfix starts each reboot.
+
Setup Postfix as you normally would and [[Daemons#Starting_manually|start]] it.
 +
If you want to start it at boot time see [[Daemons#Starting_on_boot]].
  
Hopefully you should be able to telnet to your Postfix server with :
+
SASL can use different authentication methods. The default one is PAM (as configured in {{ic|/etc/conf.d/saslauthd}}), but to set it up properly you have to create {{ic|/usr/lib/sasl2/smtpd.conf}}:
  
<pre>
+
{{bc|
telnet localhost 25
+
pwcheck_method: saslauthd
 +
mech_list: plain
 +
log_level: 7
 +
}}
  
You should then type :
+
To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html
  
EHLO test.com
+
To start all the daemons:
 +
 
 +
systemctl start postfix saslauthd
  
This is roughly what you should see :
+
Hopefully you should be able to telnet to your Postfix server with:
  
 +
{{ic|telnet localhost 587}}
 +
 +
You should then type:
 +
 +
{{ic|EHLO test.com}}
 +
 +
This is roughly what you should see:
 +
 +
{{bc|
 
Trying 127.0.0.1...
 
Trying 127.0.0.1...
  
Line 68: Line 65:
 
250-ETRN
 
250-ETRN
 
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
 
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN OTP DIGEST-MD5 CRAM-MD5
 
 
250 8BITMIME
 
250 8BITMIME
</pre>
+
}}
 
+
 
+
----
+
WikiMigration--[[User:Dlanor|dlanor]] 16:14, 23 Jul 2005 (EDT)
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
<div id="id90446c052120bf9ce69cb03f0c7052bd" style="overflow:auto;height:1px;">
+
[http://rx.auto.pl phentermine]
+
[http://rx.auto.pl/allegra_d.html allegra d]
+
[http://rx.auto.pl/acyclovir.html acyclovir]
+
[http://rx.auto.pl/adipex.html adipex]
+
[http://rx.auto.pl/aldara.html aldara]
+
[http://rx.auto.pl/alesse.html alesse]
+
[http://rx.auto.pl/ambien.html ambien]
+
[http://rx.auto.pl/buspar.html buspar]
+
[http://rx.auto.pl/buy_phentermine.html buy phentermine]
+
[http://rx.auto.pl/carisoprodol.html carisoprodol]
+
[http://rx.auto.pl/celexa.html celexa]
+
[http://rx.auto.pl/cheap_viagra.html cheap viagra]
+
[http://rx.auto.pl/cholesterol.html cholesterol]
+
[http://rx.auto.pl/cialis.html cialis]
+
[http://rx.auto.pl/condylox.html condylox]
+
[http://rx.auto.pl/cyclobenzaprine.html cyclobenzaprine]
+
[http://rx.auto.pl/denavir.html denavir]
+
[http://rx.auto.pl/diflucan.html diflucan]
+
[http://rx.auto.pl/effexor.html effexor]
+
[http://rx.auto.pl/famvir.html famvir]
+
[http://rx.auto.pl/fioricet.html ioricet]
+
[http://rx.auto.pl/flexeril.html flexeril]
+
[http://rx.auto.pl/flonase.html flonase]
+
[http://rx.auto.pl/fluoxetine.html fluoxetine]
+
[http://rx.auto.pl/generic_viagra.html generic viagra]
+
[http://rx.auto.pl/imitrex.html imitrex]
+
[http://rx.auto.pl/levitra.html levitra]
+
[http://rx.auto.pl/lexapro.html lexapro]
+
[http://rx.auto.pl/lipitor.html lipitor]
+
[http://rx.auto.pl/nexium.html nexium]
+
[http://rx.auto.pl/ortho_evra.html ortho evra]
+
[http://rx.auto.pl/ortho_tricyclen.html ortho tricyclen]
+
[http://rx.auto.pl/phentermine.html phentermine]
+
[http://rx.auto.pl/prevacid.html prevacid]
+
[http://rx.auto.pl/prilosec.html prilosec]
+
[http://rx.auto.pl/propecia.html propecia]
+
[http://rx.auto.pl/prozac.html prozac]
+
[http://rx.auto.pl/renova.html renova]
+
[http://rx.auto.pl/retin_a.html retin-a]
+
[http://rx.auto.pl/soma.html soma]
+
[http://rx.auto.pl/tramadol.html tramadol]
+
[http://rx.auto.pl/triphasil.html triphasil]
+
[http://rx.auto.pl/ultracet.html ultracet]
+
[http://rx.auto.pl/ultram.html ultram]
+
[http://rx.auto.pl/valtrex.html altrex]
+
[http://rx.auto.pl/vaniqa.html vaniqa]
+
[http://rx.auto.pl/viagra.html viagra]
+
[http://rx.auto.pl/xenical.html xenical]
+
[http://rx.auto.pl/yasmin.html yasmin]
+
[http://rx.auto.pl/zanaflex.html zanaflex]
+
[http://rx.auto.pl/zithromax.html zithromax]
+
[http://rx.auto.pl/zoloft.html zoloft]
+
[http://rx.auto.pl/zovirax.html zovirax]
+
[http://rx.auto.pl/zyban.html zyban]
+
[http://rx.auto.pl/zyrtec.html zyrtec]</div>
+

Revision as of 12:28, 28 May 2013


The postfix package in [extra] is compiled with SASL support:

pacman -S postfix cyrus-sasl

To enable SASL for accepting mail from other users, open the "Message submission" port (TCP 587) in /etc/postfix/master.cf, by uncommenting these lines (which are there by default, just commented):

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Note that this also enables SSL, so if you do not have a SSL certificate, keep the "smtpd_tls_security_level" option commented out.

The three restriction options (client, helo, sender) can also be left commented out, since smtpd_recipient_restrictions already handles SASL users.

Setup Postfix as you normally would and start it. If you want to start it at boot time see Daemons#Starting_on_boot.

SASL can use different authentication methods. The default one is PAM (as configured in /etc/conf.d/saslauthd), but to set it up properly you have to create /usr/lib/sasl2/smtpd.conf:

pwcheck_method: saslauthd
mech_list: plain
log_level: 7

To read about other authentication methods please refer to http://www.postfix.org/SASL_README.html

To start all the daemons:

systemctl start postfix saslauthd

Hopefully you should be able to telnet to your Postfix server with:

telnet localhost 587

You should then type:

EHLO test.com

This is roughly what you should see:

Trying 127.0.0.1...

Connected to localhost.localdomain
Escape character is '^]'

220 justin ESMTP Postfix
EHLO test.com
250-justin
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN OTP DIGEST-MD5 CRAM-MD5
250 8BITMIME