Scribd Logo
Upload

Welcome to Scribd!

  • SMTP

    Uploaded by

    snpslm03
    39 views3 pages
    SMTP AUTH for ma il server is a fea ture th a t is often required to rela y ma il through other ma il servers. Postfix, a cting a s ma il client in this scena rio, will need to be a ble to 1. Know when to provide a userna me a nd pa ssword 2. Pick the right creden tia ls when there

    Original Description:

    Original Title

    smtp

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SMTP AUTH for ma il server is a fea ture th a t is often required to rela y ma il through other ma il servers. Postfix, a cting a s ma il client in this scena rio, will need to be a ble to 1. Know when to provide a userna me a nd pa ssword 2. Pick the right creden tia ls when there

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    39 views3 pages

    SMTP

    Uploaded by

    snpslm03
    SMTP AUTH for ma il server is a fea ture th a t is often required to rela y ma il through other ma il servers. Postfix, a cting a s ma il client in this scena rio, will need to be a ble to 1. Know when to provide a userna me a nd pa ssword 2. Pick the right creden tia ls when there

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    16.

    SMT P Authentication for Mail servers

    http://postx.state-of-mind.de/patrick.koetter/smtp...

    16. SMT P Aut hent icat ion f or Mail servers Prev 16. SMT P Aut hent icat ion f or Mail servers Next

    SMTP AUTH for ma il server is a fea ture th a t is often required to rela y ma il through other ma il servers. To ena ble SMTP AUTH for Postfix, a cting a s ma il client in this scena rio, you need to do the following steps: Pr oced ur e 10. Conf ig ur e SMT P AUT H f or mail ser ver s 1. Provide a file, which will holds necessa ry informa tion a bout credentia ls 2. Configure Postfix to ena ble SMTP AUTH for the smtp da emon 3. Configure Postfix to use the file with the SASL credentia ls. 16.1. Ad d cr ed ent ials t o sasl_passwd Postfix, a cting a s ma il client in this scena rio, will need to be a ble to 1. know when to provide a userna me a nd pa ssword 2. pick the right creden tia ls when there is more tha n one ma il server who requires Postfix to SMTP AUTH 16.1.1. Ent er cr ed ent ials These informa tions a re la yed down in /etc/postfix/sasl_passwd: [root@mail postfix]# less /etc/postfix/sasl_passwd # foo.com username:password # bar.com username:password

    Using the hostname Postfix can identify the correct username:password when there are multiple entries in sasl_passwd username:password are entered in plaintext format. They are separated by a single colon :
    The ma il server tha t we wa nt to rela y th rough in this exa mple is ma il.my-isp.org; userna me is test a nd it's pa ssword is testpa ss. We open /etc/postfix/sasl_passwd a nd a dd our creden tia ls. When we a re done it looks like this: [root@mail postfix]# cat /etc/postfix/sasl_passwd mail.my-isp.org test:testpass 16.1.2. Secur e sasl_passwd As you ha ve noticed, the credentia ls in sasl_passwd a re entered pla intext. Tha t mea ns tha t a nybody who ca n open the file will be a ble to rea d this sensitive informa tion. Th erefore we cha nge ownership a nd permission to root a nd r/w only. [root@mail postfix]# chown root:root /etc/postfix/sasl_passwd && chmod 600 /etc/postfi After these comma n ds ownership a nd permissions rea d like this:

    1 of 3

    05/18/2010 11:07 AM

    16. SMT P Authentication for Mail servers

    http://postx.state-of-mind.de/patrick.koetter/smtp...

    [root@mail postfix]# ls -all /etc/postfix/sasl_passwd -rw------1 root root 79 Dec 30 23:50 /etc/postfix/sasl_passwd

    Not e You wonder why Postfix running a s user postfix ca n rea d th is file? Postfix will sta rt a s user root, rea d a ll files tha t need root permission a nd switch to user postfix a fter tha t. 16.1.3. C r eat e sasl_passwd DB f ile Now tha t we ha ve set correct ownership a nd permissions th ere is one more thing to do. A pla intext file ca n't be rea d a s fa st a s da ta ba se. Postfix requires this file to be a da ta ba se, beca use it doesn't wa n t to spend a lot of time looking the creden tia ls up when it needs to get it's job don e. We crea te a sa sl_pa sswd.db with the help of post map: [root@mail postfix]# postmap hash:/etc/postfix/sasl_passwd After tha t there will be a new file sa sl_pa sswd.db in /etc/postfix/. [root@mail postfix]# ls -all /etc/postfix/sasl_passwd.db -rw------1 root root 12288 Mar 13 23:13 /etc/postfix/sasl_passwd.db From the onwership a nd permissions you ca n see tha t post map a pplied the sa me a s in the source file. Tha t's it for sasl_passwd; you only need to get ba ck when the informa tions need a n u pda te. Not e Don't forget to post map the file, when you cha nge credentia ls. Postfix will tell you a nywa y by cla iming tha t sasl_passwd is newer tha n sasl_passwd.db in the ma illog. 16.2. Enable SMT P AUT H There a re only three options tha t you must set to ena ble SMTP AUTH for ma il servers in Postfix. Not e You ca n ea sily tell tha t these pa ra meters a re settings for th e smtp da emon. They a ll begin with smtp_. 16.2.1. Enable SMT P AUT H The first thing we do is ena bling SMTP AUTH for the smtp da emon. We open ma in.cf a nd enter some documenta tion first a nd then we set smtp_sasl_auth_enable to yes. # SASL SUPPORT FOR SERVERS # # The following options set parameters needed by Postfix to enable # Cyrus-SASL support for authentication of mail servers. # smtp_sasl_auth_enable = yes

    2 of 3

    05/18/2010 11:07 AM

    16. SMT P Authentication for Mail servers

    http://postx.state-of-mind.de/patrick.koetter/smtp...

    16.2.2. Set pat h t o sasl_passwd Then we tell Postfix where to find sasl_passwd by a dding smtp_sasl_password_maps = hash:/path/to/sasl_passwd to the configura tion . smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 16.2.3. Set secur it y opt ions Fina lly we set security options. In our scena rio we will a llow Postfix to use a non ymous a nd pla intext a uthentica tion. Tha t's why we set the pa ra mter, but lea ve it empty: smtp_sasl_security_options = All settings together will give this listing in main.cf. # SASL SUPPORT FOR SERVERS # # The following options set parameters needed by Postfix to enable # Cyrus-SASL support for authentication of mail servers. # smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = 16.2.4. Reload Post f ix All tha t you need to do now is to reloa d Postfix a nd you're rea dy to use your ISPs ma il server to rela y ma il. [root@mail postfix]# postfix reload postfix/postfix-script: refreshing the Postfix mail system Ha ve fun!

    Prev 15. Adding TLS support to Postfix

    Up Home

    Next 17. FAQ

    3 of 3

    05/18/2010 11:07 AM

    You might also like