| View previous topic :: View next topic |
| Author |
Message |
dermot
Tux's lil' helper
Joined: 28 Mar 2003
Posts: 108
Location: Dublin, Ireland
|
 Posted: Thu Apr 17, 2003 7:03 pm Post subject: Postfix and SASL |
 |
|
If you're like me and own your own internet domain and are lucky enough to have access to a fast, always-on connection, you've probably tried hosting your own mail exchange using Postfix. And if you're anything like me, you also want to be able to use that mail server from your home PC, using POP to retrieve mail and SMTP to send it. Or maybe you want to give family and friends a free, unlimited(ish) email account @yourdomain.net.
Configuring Postfix as a relay is a bit of a pain and for good reason - you don't want people using your server and bandwidth to send spam to other internet users, do you? The downside of this is that it's impossible for legitimate users (like you and your family) to send emails via your server without some modification. Which is were this short how-to comes in, because I did this very thing today and it worked quite well.
First off, emerge cyrus-sasl, i think it's dev-lib/cyrus-sasl. Once that's done, you'll probably have to re-emerge postfix with sasl in your USE flags. At the end of your main.cf file, add
| Code: | smtpd_sasl2_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_relay_domains
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous |
Then, in /usr/lib/sasl2/smtpd.conf, make sure that pwcheck_method is sasldb2. Change the owner of /etc/sasl2/sasldb2 to postfix and then add your user with
| Code: | | saslpasswd2 -c -u your.hostname.org -a smtpauth username |
It'll ask you to enter a password twice. You can find your server's hostname by using
| Code: | | egrep myhostname /etc/postfix/main.cf |
Make sure you use the value of $myhostname, because this is what Postfix passes to Sasl as your realm.
I think you're pretty much ready to test now - you need to set up your client to use the appropriate authentication, mine (Evolution) is set to Cram-MD5, though I think Digest-MD5 may also work (I was happy enough to stick with the first one that did!).
You'll find more in-depth instructions here, though it's worth noting that this document refers to a different version of Cyrus-SASL than the one that I used (which is the latest from sync at the time of writing).
Oh yeah, you - or some of your users - might want to use Outlook to retrieve mail from your server. Outlook's SMTP AUTH support is apparently borked, so you need to add broken_sasl_auth_clients = yes to your main.cf as well.
Hope this helps and your mileage will inevitably vary, so please feel free to add to or correct anything I've said here.
_________________
Dermot
I bought some rock star ashes from the back of Rolling Stone
I don't think he would've minded - he couldn't sell his soul |
|
| Back to top |
|
 |
dberkholz
Developer
Joined: 18 Mar 2003
Posts: 1008
Location: Rochester, MN, USA
|
| Posted: Fri Aug 01, 2003 6:21 pm Post subject: |
|
|
| One thing that caught me up for a while was that you can't run postfix in a chroot unless the sasldb2 is also in that chroot. Sounds logical but it just didn't occur to me. Setting up chroot is done in /etc/postfix/master.cf. |
|
| Back to top |
|
|
-leliel-
Apprentice
Joined: 03 May 2003
Posts: 294
Location: Germany
|
| Posted: Sun Aug 03, 2003 2:42 pm Post subject: |
|
|
| Code: | root@tank leliel # saslpasswd2 -d leliel
root@tank leliel # saslpasswd2 -c -u tank.matrix -a smtpauth leliel
Password:
Again (for verification):
root@tank leliel # sasldblistusers2
leliel@tank.matrix: userPassword |
any idea what could be wrong here??
allready reinstalled cyrus-sasl ...  |
|
| Back to top |
|
|
Proteus
Guru
Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany
|
| Posted: Wed Aug 06, 2003 10:54 am Post subject: |
|
|
I can't see a problem there.
What do you mean?
_________________
Greetings,
Proteus |
|
| Back to top |
|
|
-leliel-
Apprentice
Joined: 03 May 2003
Posts: 294
Location: Germany
|
| Posted: Wed Aug 06, 2003 11:08 am Post subject: |
|
|
| the OTP (or something like that) entry is missing. There should be two entries in the sasldb |
|
| Back to top |
|
|
Proteus
Guru
Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany
|
|
| Back to top |
|
|
-leliel-
Apprentice
Joined: 03 May 2003
Posts: 294
Location: Germany
|
| Posted: Thu Aug 07, 2003 6:20 am Post subject: |
|
|
| nope, I've installed the mailserver exactly like the one described, but I could not send any mail, because this otp entry is missing, I think |
|
| Back to top |
|
|
Proteus
Guru
Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany
|
| Posted: Fri Aug 08, 2003 2:58 pm Post subject: |
|
|
Did you delete de sasldb before creating the new one?
And I think this command
| Quote: | | root@tank leliel # saslpasswd2 -d leliel |
was not in the guide - I never used it.
Why do you use it? Does it work if you leave it out?
_________________
Greetings,
Proteus |
|
| Back to top |
|
|
-leliel-
Apprentice
Joined: 03 May 2003
Posts: 294
Location: Germany
|
| Posted: Fri Aug 08, 2003 3:45 pm Post subject: |
|
|
| yes, I deleted the sasldb and created a new one ... I also tried saslpasswd2 -d with no result. |
|
| Back to top |
|
|
870Fragmaster
Tux's lil' helper
Joined: 01 Jul 2002
Posts: 90
Location: Gulfport, Ms
|
| Posted: Sat Aug 23, 2003 12:20 am Post subject: |
|
|
| I am having this problem too. the OTP entry is missing on mine. i followed the Email for the Home Network guide also. Kmail will not send mail using TLS. only plain w/ no encryption. It will also send w/ out authentication. |
|
| Back to top |
|
|
870Fragmaster
Tux's lil' helper
Joined: 01 Jul 2002
Posts: 90
Location: Gulfport, Ms
|
| Posted: Sat Aug 23, 2003 1:25 am Post subject: |
|
|
| Ok I figured out what I did wrong, I did not sign the certificate properly. I left out the CommonName or something. Once I got that going, away it went. |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
