Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:
 
 

SMTP AUTH for Postfix

by Cyrus Mehta on February 8, 2004

To enable successful SMTP AUTH for Postfix functionality in FC1, here is what to do.

1. Confirm you have and/or have added the following RPM packages:

cyrus-sasl-2.1.15-6
cyrus-sasl-devel-2.1.15-6
cyrus-sasl-gssapi-2.1.15-6
cyrus-sasl-md5-2.1.15-6
cyrus-sasl-plain-2.1.15-6
postfix-2.0.11-5

Quickest way to review is through an "rpm -qa" command:
rpm -qa | egrep "sasl|postfix"


2. Added the following lines to the end of my /etc/postfix/main.cf file:
#BEGIN SASL config for SMTP AUTH
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
#next line looks stupid to keep as a NULL value,
#but is apparently important for sasl to work properly from
#my research. LOADS of stock documentation in /usr/share/doc/postfix/*
#and other websites incorrectly suggest (for this version of
#postfix atleast):smtpd_sasl_local_domain =$myhostname
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
#END SASL config for SMTP AUTH

3. Goto /etc/pam.d and created a cyrus file from a copy of my imap file with the following text:
#%PAM-1.0 Sasl for Postfix SMTP AUTH
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth

4. Restart the Postfix and saslauthd daemons:
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart

5. Review the fairly detailed documentation from the following site to test if your authentication works, specifically Section 12.4:
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html 

(Arguably one of the best overall sites on SMTP AUTH for Postfix, but proved unsuccessful in FC1).

FYI: use the perl command below instead of the printf statement to get your base64 encoding:
perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'

6. Review other documentation of website in #5 for some other config tweaks and how to setup mail clients like Outlook Express to authenticate using SMTP AUTH.

------------

P.S. Here is the output from a "postconf -n" to see all non-default settings in my main.cf file incase it matters

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
max_use = 10
mydestination = $myhostname, localhost.$mydomain
myhostname = YOURDOMAIN.COM
mynetworks = 192.168.0.0/24, 127.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.11/README_FILES
sample_directory = /usr/share/doc/postfix-2.0.11/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,  permit_mynetworks, check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 450