Can anyone suggest me a proper tutorial to configure postfix SASL and tls in my centOs 5 server. I need this to authenticate clients on a different network to send mail from my mail server and prevent problem of open relay.
Asked
Active
Viewed 262 times
1 Answers
0
The official documentation for Postfix is fine for this:
http://www.postfix.org/SASL_README.html
You need to make a choice about whether to use Cyrus SASL or Dovecot SASL. If you are using Dovecot as an IMAP server on that machine, then use it (this allows you to use your Dovecot login details to authenticate with Postfix as well. Very convenient):
http://www.postfix.org/SASL_README.html#server_dovecot
Otherwise, use the Cyrus SASL.
http://www.postfix.org/SASL_README.html#server_cyrus
When using Cyrus SASL, you will probably want to use either the shadow or PAM plugin. Skip the others unless you know you need to use them instead (i.e. LDAP or SQL). You will need to install the SASL libraries. For plain login (i.e. PLAIN or LOGIN methods) you need:
- cyrus-sasl
- cyrus-sasl-plain (this holds the actual Cyrus plugins)
Once you have configured SASL, follow the instructions for telling Postfix to enable SASL authentication.
webtoe
- 1,976
- 11
- 12
-
More importantly, he also needs to read, understand, and configure http://www.postfix.org/TLS_README.html; then, he needs to enable submission(8), and set smtpd_tls_auth_only = yes in main.cf. – adaptr Apr 11 '12 at 11:53
-
A few other points. `submission` is for listening on port 587. This isn't strictly necessary as you can use port 25 but it is often useful e.g. mobile phone providers often block port 25. However `smtpd_tls_auth_only` should only be set to `on` for the `submission` client. Not all mail servers/clients support SSL and you won't receive mail from them if this is set `on` for the normal smtpd process running on port 25 (this is becoming more rare but worth keeping in mind). – webtoe Apr 11 '12 at 13:22