HowTo Setup Authenticated Postfix
I recently had the experience of setting up Postfix. It works really well, in my opinion; however, setting it up wasn’t the simplest for what I wanted. But, at least it was simpler than sendmail
Reading through several articles on the Internet, everyone was giving steps on how to setup postfix to handle e-mail for any FQDN (Fully-Qualified Domain Name). Well, we don’t want to be handling someone else’s e-mail, so we decided to set it up with authentication. All of the guides on setting up Postfix with SASL authentication are great and all; however, they don’t address the issue of, what if you want to receive mail as well. That’s a simple fix, but moreover, what if you have a service like mailman running? Mailman isn’t easily configured to authenticate against the SMTP server to send mail. So, the following are the configurations that I’ve come up with to solve all of these problems:
For the file /etc/postfix/main.cf
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix myhostname = hostname.domain.tld mydomain = domain.tld myorigin = $mydomain inet_interfaces = all inet_protocols = all mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain, $mydomain unknown_local_recipient_reject_code = 550 mynetworks = 192.168.0.0/24, 127.0.0.1/32 relay_domains = $mydestination smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination broken_sasl_auth_clients = yes alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases alias_database = hash:/etc/aliases recipient_delimiter = + debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.5/samples readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES
Now keep in mind, your values for some of the above WILL be different. This configuration is on a machine that’s running mailman as well (thus the /etc/mailman/aliases file).
And lastly, for SASL auth, edit the file: /usr/lib64/sasl2/smtpd.conf
pwcheck_method: saslauthd mech_list: plain login
Your lib64 directory may just be lib, depending on the architecture of your box. All of these edits were made a 64-bit Fedora 12 machine, but they should work for every machine.
And last note. After all of the edits have been made, make sure to restart postfix and restart saslauthd with the following:
/etc/init.d/postfix restart /etc/init.d/saslauthd restart
For questions on what some of the postfix settings mean, you can check out one of the following:
postconf man-page by running “man postconf” or visit http://www.postfix.org/postconf.5.html
Postfix Documentation at: http://www.postfix.org/documentation.html
Postfix HowTo’s at: http://www.postfix.org/docs.html
Postfix is definition the easiest MTA I’ve ever had the pleasure of working with, as far as configuration goes. I hope this helps
‹ Forefront Client Security – MOM Installation Failure Distributed Commands With Ruby ›