Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Postfix and SASL
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
dermot
Tux's lil' helper
Tux's lil' helper


Joined: 28 Mar 2003
Posts: 108
Location: Dublin, Ireland

PostPosted: Thu Apr 17, 2003 7:03 pm    Post subject: Postfix and SASL Reply with quote

If you're like me and own your own internet domain and are lucky enough to have access to a fast, always-on connection, you've probably tried hosting your own mail exchange using Postfix. And if you're anything like me, you also want to be able to use that mail server from your home PC, using POP to retrieve mail and SMTP to send it. Or maybe you want to give family and friends a free, unlimited(ish) email account @yourdomain.net.

Configuring Postfix as a relay is a bit of a pain and for good reason - you don't want people using your server and bandwidth to send spam to other internet users, do you? The downside of this is that it's impossible for legitimate users (like you and your family) to send emails via your server without some modification. Which is were this short how-to comes in, because I did this very thing today and it worked quite well.

First off, emerge cyrus-sasl, i think it's dev-lib/cyrus-sasl. Once that's done, you'll probably have to re-emerge postfix with sasl in your USE flags. At the end of your main.cf file, add
Code:
smtpd_sasl2_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_relay_domains
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

Then, in /usr/lib/sasl2/smtpd.conf, make sure that pwcheck_method is sasldb2. Change the owner of /etc/sasl2/sasldb2 to postfix and then add your user with
Code:
saslpasswd2 -c -u your.hostname.org -a smtpauth username

It'll ask you to enter a password twice. You can find your server's hostname by using
Code:
egrep myhostname /etc/postfix/main.cf

Make sure you use the value of $myhostname, because this is what Postfix passes to Sasl as your realm.

I think you're pretty much ready to test now - you need to set up your client to use the appropriate authentication, mine (Evolution) is set to Cram-MD5, though I think Digest-MD5 may also work (I was happy enough to stick with the first one that did!).

You'll find more in-depth instructions here, though it's worth noting that this document refers to a different version of Cyrus-SASL than the one that I used (which is the latest from sync at the time of writing).

Oh yeah, you - or some of your users - might want to use Outlook to retrieve mail from your server. Outlook's SMTP AUTH support is apparently borked, so you need to add broken_sasl_auth_clients = yes to your main.cf as well.

Hope this helps and your mileage will inevitably vary, so please feel free to add to or correct anything I've said here.
_________________
Dermot

I bought some rock star ashes from the back of Rolling Stone
I don't think he would've minded - he couldn't sell his soul
Back to top
View user's profile Send private message
dberkholz
Retired Dev
Retired Dev


Joined: 18 Mar 2003
Posts: 1008
Location: Minneapolis, MN, USA

PostPosted: Fri Aug 01, 2003 6:21 pm    Post subject: Reply with quote

One thing that caught me up for a while was that you can't run postfix in a chroot unless the sasldb2 is also in that chroot. Sounds logical but it just didn't occur to me. Setting up chroot is done in /etc/postfix/master.cf.
Back to top
View user's profile Send private message
-leliel-
Apprentice
Apprentice


Joined: 03 May 2003
Posts: 294
Location: Germany

PostPosted: Sun Aug 03, 2003 2:42 pm    Post subject: Reply with quote

Code:
root@tank leliel # saslpasswd2 -d leliel
root@tank leliel # saslpasswd2 -c -u tank.matrix -a smtpauth leliel
Password:
Again (for verification):
root@tank leliel # sasldblistusers2
leliel@tank.matrix: userPassword


any idea what could be wrong here??

allready reinstalled cyrus-sasl ... :(
Back to top
View user's profile Send private message
Proteus
Guru
Guru


Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany

PostPosted: Wed Aug 06, 2003 10:54 am    Post subject: Reply with quote

I can't see a problem there.
What do you mean?
_________________
Greetings,
Proteus
Back to top
View user's profile Send private message
-leliel-
Apprentice
Apprentice


Joined: 03 May 2003
Posts: 294
Location: Germany

PostPosted: Wed Aug 06, 2003 11:08 am    Post subject: Reply with quote

the OTP (or something like that) entry is missing. There should be two entries in the sasldb :(
Back to top
View user's profile Send private message
Proteus
Guru
Guru


Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany

PostPosted: Thu Aug 07, 2003 5:43 am    Post subject: Reply with quote

Maybe it would help to take a look at this thread:

Email System For The Home Network
https://forums.gentoo.org/viewtopic.php?t=56633&start=0
_________________
Greetings,
Proteus
Back to top
View user's profile Send private message
-leliel-
Apprentice
Apprentice


Joined: 03 May 2003
Posts: 294
Location: Germany

PostPosted: Thu Aug 07, 2003 6:20 am    Post subject: Reply with quote

nope, I've installed the mailserver exactly like the one described, but I could not send any mail, because this otp entry is missing, I think :(
Back to top
View user's profile Send private message
Proteus
Guru
Guru


Joined: 14 Jul 2002
Posts: 346
Location: Hamburg, Germany

PostPosted: Fri Aug 08, 2003 2:58 pm    Post subject: Reply with quote

Did you delete de sasldb before creating the new one?
And I think this command
Quote:
root@tank leliel # saslpasswd2 -d leliel

was not in the guide - I never used it.
Why do you use it? Does it work if you leave it out?
_________________
Greetings,
Proteus
Back to top
View user's profile Send private message
-leliel-
Apprentice
Apprentice


Joined: 03 May 2003
Posts: 294
Location: Germany

PostPosted: Fri Aug 08, 2003 3:45 pm    Post subject: Reply with quote

yes, I deleted the sasldb and created a new one ... I also tried saslpasswd2 -d with no result. :(
Back to top
View user's profile Send private message
870Fragmaster
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2002
Posts: 92
Location: Gulfport, Ms

PostPosted: Sat Aug 23, 2003 12:20 am    Post subject: Reply with quote

I am having this problem too. the OTP entry is missing on mine. i followed the Email for the Home Network guide also. Kmail will not send mail using TLS. only plain w/ no encryption. It will also send w/ out authentication.
Back to top
View user's profile Send private message
870Fragmaster
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2002
Posts: 92
Location: Gulfport, Ms

PostPosted: Sat Aug 23, 2003 1:25 am    Post subject: Reply with quote

Ok I figured out what I did wrong, I did not sign the certificate properly. I left out the CommonName or something. Once I got that going, away it went.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum