Configuring Postfix for outgoing email

Mr. C. · 09-30-2009, 07:01 PM

Sorry, I copy and pasted port 2525 from a post above. I don't know which port is used by smtp-rog.mail.yahoo.com (Roger's use of Yahoo's services) to relay through their servers. I also don't know if they require authentication if you are on their networks. You'll have to check their documentation on this. I recall they do block outbound port 25, so you setup your server to make port 25 outbound connections (eg. it can't deliver mail directly; it must use their mail servers).

You can check which services are available to you, and which protocols are in use with telnet:

Code:

 $ telnet smtp-rog.mail.yahoo.com 25 
Trying 206.190.36.18...
Connected to smtp-rog.mail.yahoo.com.
Escape character is '^]'.
220 smtp121.rog.mail.re2.yahoo.com ESMTP
ehlo example.com
250-smtp121.rog.mail.re2.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
quit
221 smtp121.rog.mail.re2.yahoo.com
Connection closed by foreign host.


$ telnet smtp-rog.mail.yahoo.com 587
Trying 206.190.36.18...
Connected to smtp-rog.mail.yahoo.com.
Escape character is '^]'.
220 smtp129.rog.mail.re2.yahoo.com ESMTP
ehlo example.com
250-smtp129.rog.mail.re2.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
quit
221 smtp129.rog.mail.re2.yahoo.com
Connection closed by foreign host.

You can see they provide AUTHentication via LOGIN, PLAIN, and XYMCOOKIE.

And if TLS is in use, use openssl to establish the encrypted connection:

Code:

openssl s_client -connect smtp-rog.mail.yahoo.com:587 -starttls smtp
...

It appears they are not offering TLS on standard ports 25 (smtp) and 587 (submission), as there is no STARTTLS protocol announcement when you connect (see output from telnet commands above). Without TLS, or an encryption protocol, your password will be sent via cleartext (eg. if you must use PLAIN).

Code:

$ openssl s_client -connect smtp-rog.mail.yahoo.com:25 -starttls smtp
CONNECTED(00000004)
didn't found starttls in server response, try anyway...
18552:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/home/builds/ab/netbsd-4-0-1-RELEASE/src/crypto/dist/openssl/ssl/s23_clnt.c:567:

$ openssl s_client -connect smtp-rog.mail.yahoo.com:587 -starttls smtp  
CONNECTED(00000004)
didn't found starttls in server response, try anyway...
18512:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/home/builds/ab/netbsd-4-0-1-RELEASE/src/crypto/dist/openssl/ssl/s23_clnt.c:567:

I know nothing about Trixbox, so can't help w/why its main.cf doesn't stick.

The documentation for postfix's smtp_sasl_password_maps says nothing about MX lookups and brackets:

Code:

smtp_sasl_password_maps (default: empty)
       Optional SMTP client lookup tables with one username:password entry per
       remote hostname or domain,  or  sender  address  when  sender-dependent
       authentication  is  enabled.   If  no username:password entry is found,
       then the Postfix SMTP client will not attempt to  authenticate  to  the
       remote host.

       The  Postfix  SMTP client opens the lookup table before going to chroot
       jail, so you can leave the password file in /etc/postfix.

so you can trust that. Postfix cares about matching a hostname to a login/password, and you've provided the specfic hostname. Consider: how could you use an MX inside the maps, as *you* won't know ahead of time, nor control, the list of MXs the service provider configures. MX helps route mail; but you aren't using an MX. Instead, you are using a particular, specific host in which to relay mail... and you need its username/password to authenticate.

chris · 09-30-2009, 08:44 PM

Thanks yet again Mr.C, you have been more than helpful and have certainly taught me a few things today and set me on a good path to further educate myself regarding postfix and such.

Really, you have gone above and beyond from my previous experiences regarding help forums. I'm gonna keep at it, read a couple of man pages and figure this sucker out.

It just seemed daunting when in theory, things should work effortlessly so long just a few required parameters/conditions are met. I have tried several different ways and no luck as of yet. Tomorrow will be a new day and thanks again for the help.

Cheers!

Chris

Mr. C. · 09-30-2009, 10:10 PM

Glad to help - you're welcome.

If you want a great book re: postfix, try:

http://www.postfix-book.com/

it will walk you through building your postfix mail server and explain each step along the way. The authors are frequent helpers on the postfix mailing list.

If you know how you setup your mail program to send mail to Roger's/Yahoo, you'll use the same settings for postfix acting an authenticated client.

mrpurple · 05-05-2010, 09:25 PM

I'm have the same issue as Original poster:

Quote:

May 6 14:13:09 SERVER1 postfix/smtpd[18717]: connect from techoffice1[192.168.2.6]
May 6 14:13:09 SERVER1 postfix/smtpd[18717]: E117B2143D: client=techoffice1[192.168.2.6]
May 6 14:13:09 SERVER1 postfix/cleanup[18720]: E117B2143D: message-id=<BA6A12AC105840D3967DC6A237FACDA3@techoffice1>
May 6 14:13:10 SERVER1 postfix/qmgr[18407]: E117B2143D: from=<user@example.com>, size=1383, nrcpt=1 (queue active)
May 6 14:13:10 SERVER1 postfix/smtpd[18717]: disconnect from techoffice1[192.168.2.6]
May 6 14:13:11 SERVER1 postfix/smtp[18721]: fatal: open database /etc/postfix/saslpasswd.db: No such file or directory
May 6 14:13:12 SERVER1 postfix/master[18403]: warning: process /usr/lib/postfix/smtp pid 18721 exit status 1
May 6 14:13:12 SERVER1 postfix/master[18403]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling

except I DID create the password file and postmap it
sudo postmap /etc/postfix/sasl_passwd
smtp.ISP.com user

ass
sudo postmap /etc/postfix/sasl_passwd
So now I'm a bit lost?

mrpurple · 05-05-2010, 09:58 PM

Many appologies.
a careful copy and paste revealed that i was editing sasl_passwd instead of saslpasswd. (Actually eident in my post above)
sorry ppl