SMTP AUTH is a bit tricky for an amateur to configure, as it is not a requirement and not enabled by default in MTAs yet.
- MTA: Postfix
- remote: preconfigured as MX (example.org)
- local: yet to configure
- SMTP AUTH: SASL (Cyrus SASL)
- remote: saslauthd
- local: hash db (/etc/postfix/sasl_passwd)
- No TLS, no submission port, just plain port 25 (lame)
- Todo: TLS
Configuration (local)
Configure Postfix SMTP server and client
Tweak myorigin, etc. on the server. Enable SASL on the client.
% sudo vi /etc/postfix/main.cf
...
%
Check the configuration.
% sudo postconf -n
...
append_at_myorigin = yes
append_dot_mydomain = no
...
mydestination = foo, localhost.localdomain, localhost, local.example.org
myhostname = foo
...
myorigin = local.example.org
...
relayhost = [example.org]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = may
...
%
Prepare SASL db
% sudo cp /dev/null /etc/postfix/sasl_passwd
% sudo chmod 700 /etc/postfix/sasl_passwd
% sudo vi /etc/postfix/sasl_passwd
...
% sudo cat /etc/postfix/sasl_passwd
[mail.example.org] johnd:opensesame
[mail.example.org]:submission johnd:opensesame
% sudo postmap /etc/postfix/sasl_passwd
% sudo ls /etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd
%
Don't forget to postmap.
Testing
% sudo /etc/init.d/postfix restart
% echo test | mail jdoe@example.org
% sudo tail -f /var/log/mail.log
Troubleshooting
Invalid envelope from
Remote smtpd may reject connections with invalid FQDN in envelope from.
Quick-and-dirty workaround:
[ubuntu] Postfix, smarthost and local mail
http://ubuntuforums.org/showpost.php?p=6348383&postcount=3
myorigin = local.myvaliddomain.com append_at_myorigin = yes mydestination = ..., local.myvaliddomain.com
- Set bogus FQDN to myorigin, so that envelope from may look like FQDN.
- Enable append_at_myorigin to add the bogus FQDN to messages to local users (e.g. root -> root@bogusFQDN)
- Include the bogus FQDN in mydestination, so that messages to bogus FQDN be handled locally.
SASL authentication mechanism
If you are using plain text and find something like this in the log,
... (SASL authentication failed; cannot authenticate to server ...: no mechanism available)
read the document carefully.
Postfix SASL Howto
http://www.postfix.org/SASL_README.html#client_sasl
By default, the Postfix SMTP client does not use authentication methods that send plaintext passwords, and defers delivery with the following error message: "Authentication failed: cannot SASL authenticate to server". To enable plaintext authentication specify, for example:/etc/postfix/main.cf:
smtp_sasl_security_options = noanonymous
This disables noplaintext by explicitly setting only noanonymous. (Not recommended though.)
Reference
- http://www.postfix.org/SASL_README.html
- http://www.postfix-jp.info/trans-2.3/jhtml/SASL_README.html
- http://www.debian.org/doc/manuals/debian-reference/ch06.ja.html#_the_configuration_of_postfix_with_sasl
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450787
- http://ubuntuforums.org/showpost.php?p=6348383&postcount=3
- http://www.amazon.co.jp/exec/obidos/ASIN/4274065766/arakinotes-22
Other Articles
- 12 May 2011 : onlispja ebook
- 07 May 2011 : 文字校正用ユーティリティ
- 28 Apr 2011 : htdigest設定支援スクリプト
- 15 Apr 2011 : HudsonからJenkinsへの移行
- 11 Apr 2011 : Emacs Lispでert.elを使ってユニットテスト
- 25 Mar 2011 : Jenkins導入
- 11 Mar 2011 : 地震 / Earthquake in Japan