0

I have just setup my debian mailserver using postfix, dovecot and SASL as explained in this excellent tutorial. I have used postfixadmin to setup a virtual list of aliases for sending user@domain.com to their email (for example, user@gmail.com). This works for receiving but for sending out with their new email I need to authenticate them. Question is, where does this authentication come from? Because they're aliases they do not have an account on the server! Can anyone help?

ingh.am
  • 273
  • 3
  • 15

1 Answers1

-1

You need to do three things, create a file (or DB) with domain username:password style entries, postmap (or create a query that will find the info) that file, then tell postfix to use those entries when sending to servers who need them:

smtp_sasl_auth_enable = yes # you should have this already
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_passwd # this is the postmap variety smtp_sasl_password_maps = mysql:/etc/postfix/mysql_sasl_passwd # MySQL version

Read more Here

NickW
  • 10,263
  • 1
  • 20
  • 27
  • I have smtpd_sasl_auth_enable = yes, but not without the d! – ingh.am Mar 18 '13 at 15:12
  • Yeah, just create a table, and follow the model of other tables and queries.. I'm trying to find out what postfix wants in terms of responses. – NickW Mar 18 '13 at 15:15
  • Cool thanks. I'm probably going to use the postmap just because our Mysql server is not localhost. Trying not to complicate things! – ingh.am Mar 18 '13 at 15:19
  • There's something for you to follow here: http://anothersysadmin.wordpress.com/2009/02/06/postfix-as-relay-to-a-smtp-requiring-authentication/ in the comments :) – NickW Mar 18 '13 at 15:22
  • BTW, the link in the comments was a mysql statement, what I wrote in the answer will work fine for the postmap command. – NickW Mar 18 '13 at 15:24
  • Yea I figured. I've set this up as that post does, but keep getting auth failed. Do you think its the md5-digest mechanism maybe? – ingh.am Mar 18 '13 at 15:47
  • What's the error? – NickW Mar 18 '13 at 15:49
  • warning: SASL authentication failure: Password verification failed – ingh.am Mar 18 '13 at 15:55
  • Hmm, it's quite possibly this: http://www.postfix.org/SASL_README.html#client_sasl_filter – NickW Mar 18 '13 at 15:59
  • Just to confirm, in sasl-passwords I do put the password as plain text, then run postmap which hashes it in the db it outputs? – ingh.am Mar 18 '13 at 16:15
  • All correct, if you want, you can even make the file root root, that way the file with the unhashed passwords is more secure. The problem you have may also be that the mechanism you're trying to auth with on the other side isn't present.. – NickW Mar 18 '13 at 16:18
  • That's what I've read, although I'm using gmail which is quite popular so looking to see if that's a common problem. I did notice when using telnet to test and calling EHLO mail.domain.com it attempts over plain login (I think): `250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN`, shouldn't this be MD5 DIGEST? – ingh.am Mar 18 '13 at 16:21
  • Very possibly, you should test to gmail and see what they respond to your ehlo. – NickW Mar 18 '13 at 16:44
  • Hmm, I've just noticed that changing the relayhost option in postfix is causing everything to stop! Thanks for your help so far. – ingh.am Mar 18 '13 at 17:03
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/7971/discussion-between-nickw-and-ing0) – NickW Mar 18 '13 at 17:04