Difference between revisions of "Postfix SMTP authentication using dovecot"

From Notes_Wiki
m
m
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
<yambe:breadcrumb>Postfix_server_configuration|Postfix server configuration</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Postfix server configuration]] > [[Postfix SMTP authentication using dovecot]]
=Postfix SMTP authentication using dovecot=


Postfix SMTP authentication can work using both dovecot and cyrus.  To use dovecot for SMTP authentication use following steps:
Postfix SMTP authentication can work using both dovecot and cyrus.  To use dovecot for SMTP authentication use following steps:
Line 55: Line 54:
#:</pre>
#:</pre>
# service postfix restart
# service postfix restart
# Test authentication using
## telnet &lt;mail-server&gt; 25
## EHLO test
## AUTH PLAIN &lt;auth-string&gt;
##:where auth-string can be obtained using "echo -ne '\000username\000password' | openssl base64" by replacing username and password appropriately


Steps learned from http://www.postfix.org/SASL_README.html#server_sasl_enable
Steps learned from http://www.postfix.org/SASL_README.html#server_sasl_enable
Line 60: Line 64:




==Troubleshooting Relay access denied after successful authentication==


<yambe:breadcrumb>Postfix_server_configuration|Postfix server configuration</yambe:breadcrumb>
If "Relay access is denied" even after successful authentication then try appending this to /etc/postfix/main.cf:
<pre>
smtpd_recipient_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
</pre>
and do "service postfix restart"
 
Steps learned from http://serverfault.com/questions/42519/how-to-correct-postfix-relay-access-denied
 
 
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Postfix server configuration]] > [[Postfix SMTP authentication using dovecot]]

Latest revision as of 10:43, 14 July 2022

Home > CentOS > CentOS 6.x > Postfix server configuration > Postfix SMTP authentication using dovecot

Postfix SMTP authentication can work using both dovecot and cyrus. To use dovecot for SMTP authentication use following steps:

  1. In /etc/dovecot/conf.d/10-master.conf as part of "service auth" there should be a unix_listener at /var/spool/postfix/private/auth using following configuration:
    service auth {
    unix_listener auth-userdb {
    }
    # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
    }
    }
  2. In /etc/dovecot/conf.d/10-auth.conf set auth_mechanisms to both plain and login using:
    auth_mechanisms = plain login
  3. service dovecot restart
  4. Configure postfix to use socket created by dovecot for authentication using following lines appended in /etc/postfix/main.cf file:
    #Indicates use dovecot auth
    smtpd_sasl_type = dovecot
    #Specified location of authentication socket supplied by dovecot
    #wrt /var/spool/postfix
    smtpd_sasl_path = private/auth
    #Enable SASL authentication
    smtpd_sasl_auth_enable = yes
    #Also advertize "AUTH PLAIN=" along with "AUTH PLAIN " to support broken clients esp outlook
    broken_sasl_auth_clients = yes
    #Do not allow anonymous access for SASL. Very important
    #If SSL or TLS is configured then perhaps noplaintext over
    #non-encryption channel can also be configured
    smtpd_sasl_security_options = noanonymous
    #smtpd_sasl_security_options = noanonymous, noplaintext
    #Do not allow anonymous access for SASL over TLS/SSL. Here
    #plaintext auth should not be a problem
    smtpd_sasl_tls_security_options = noanonymous
    #Allow relay for anybody sending to mydomain and allow relay from trusted networks.
    #Further allow relay to any destination from anywhere for authenticated clients
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    #Append username of user who authentication in email headers
    smtpd_sasl_authenticated_header = yes
  5. service postfix restart
  6. Test authentication using
    1. telnet <mail-server> 25
    2. EHLO test
    3. AUTH PLAIN <auth-string>
      where auth-string can be obtained using "echo -ne '\000username\000password' | openssl base64" by replacing username and password appropriately

Steps learned from http://www.postfix.org/SASL_README.html#server_sasl_enable


Troubleshooting Relay access denied after successful authentication

If "Relay access is denied" even after successful authentication then try appending this to /etc/postfix/main.cf:

smtpd_recipient_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination

and do "service postfix restart"

Steps learned from http://serverfault.com/questions/42519/how-to-correct-postfix-relay-access-denied


Home > CentOS > CentOS 6.x > Postfix server configuration > Postfix SMTP authentication using dovecot