Tuesday 24 July 2007

Configuring Postfix to Relay to a Server with SMTP AUTH

If your system has a mail server installed and is not an actual mail server, it is preferable that your system relays through a host that is a regular mail server. In this example, we are configuring Postfix to relay to a host that requires SMTP and TLS.

Make these changes to your Postfix configuration, either by editing /etc/postfix/main.cf or using "postconf -e":
relayhost = [smtp.dl.nibble.bz]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes

The given password map file will need to be created and it is in the format of:
mailserver.example.com username:password

The name of the mail server must match your "relayhost" above, and the username and password are the credentials of some user with permission to relay mail. You can use your own credentials or create an account on the server to specifically allow mail relaying.

Once you have created the password map file, run:
postmap /etc/postfix/sasl_passwd

This should create a corresponding "sasl_passwd.db" file. Since both these files contain the above password in plaintext, you should protect them as much as possible:
chmod 600 /etc/postfix/sasl_passwd
chmod 640 /etc/postfix/sasl_passwd.db
chgrp mail /etc/postfix/sasl_passwd.db

Once you have edited your Postfix configuration and created the password map, just restart or reload postfix (just run "postfix reload") and you're done!

Optionally, you can enable SSMTP (on port 465) in addition to TLS on the standard SMTP port (25) which is useful for users who are connecting from sites which block outbound SMTP. It's trivial, un-comment these lines in master.conf and do "postfix reload" again:

smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

Props to the following resources:

No comments:

Post a Comment

Popular Posts