LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-19-2018, 12:45 PM   #1
Ogmius
LQ Newbie
 
Registered: Feb 2003
Location: Washington
Posts: 17
Blog Entries: 1

Rep: Reputation: 0
Postfix as mail relay/edge server


Hey Folks,

I am a super newb at linux (probably know just enough to be dangerous and break things) and am really just doing this because linux servers are super cheap to host in the cloud, otherwise I would use a Windows box to serve this purpose.

Here's the scenario I need solved

My ISP blocks incoming and outgoing port 25 (as you would expect). I have an internal mail server listening on port 26 for incoming mail. Currently I use rollernet as an incoming mail relay. However, I also need to be able to send mail out. Previously I was using gmail to relay but then I realized that all of my mail was going out as my gmail account. Obviously not satisfactory.

What I would like is a linux box that will accept incoming mail for my domains (i manage 6) and forward them to my in house mail server on port 26. I also need this same box to accept incoming mail from my mail server (preferrably encrypted and authenticated) to send out to the internet, wherever it needs to go, but deny relay if it's not coming from my mail server (which is on a dynamic IP)

I've google searched my heart out and could not find docs to set this up, or at least docs I could understand how to piece together to make it work the way I need.

Any assistance would be helpful, and I appreciate the time anyone takes to read/reply to this

Thanks!
 
Old 02-19-2018, 01:48 PM   #2
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Hmmm.
Too cheap to pay MS to do it for you.
Too lazy to learn to do it yourself.
So ask LQ'ers to do it for you ...

http://www.postfix.org/docs.html

If you are running a mail server, you should at least learn enough to do it safely and responsibly.
 
1 members found this post helpful.
Old 02-19-2018, 06:30 PM   #3
Ogmius
LQ Newbie
 
Registered: Feb 2003
Location: Washington
Posts: 17

Original Poster
Blog Entries: 1

Rep: Reputation: 0
I'm asking because I've never done this before. I've setup postfix in a regular configuration, however this steps out of the bounds of my knowledge so I thought I would ask, you know, on a site dedicated to answering questions about linux.

I am more familiar with exchange and windows based servers like hMailServer, and know how to easily do this in Windows. I am sure if someone can point me to more than just a product doc I am capable but I think the terms I was looking for may not have been appropriate for my scenario

Descendent_Command, your answer is insulting and useless... If you don't want to answer questions related to linux, you probably shouldn't be frequenting linuxquestions.org

Anyway, a constructive answer would be appreciated. I couldn't find a doc that outlined a configuration near what I'm looking for so even a hint of the terminology would be appreciated.

Last edited by Ogmius; 02-19-2018 at 06:32 PM. Reason: Bah
 
Old 02-19-2018, 06:48 PM   #4
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,708

Rep: Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210
Quote:
Originally Posted by descendant_command View Post

http://www.postfix.org/docs.html

If you are running a mail server, you should at least learn enough to do it safely and responsibly.
Quote:
Originally Posted by Ogmius View Post
Anyway, a constructive answer would be appreciated. I couldn't find a doc that outlined a configuration near what I'm looking for so even a hint of the terminology would be appreciated.
IMO, this IS a constructive answer...I don't do postfix, but if I did, this link would be VERY helpful. Did you even look at it?
What have you already tried? How does it not work as you want?

I'd also point out that there's a reason your ISP blocks port 25...have you contacted them to see if you could relay mail through their mail servers? That's what most home users have to do. Many ISPs will allow you to "fudge" the domain name part of such mail, as long as you authenticate with their server first.

Where are your domains hosted? Are they also on your home-based dynamic IP hosted server?
If not, set up your mail server(s) under those domain(s) and use them.

I'm going to repeat this one point:
Quote:
If you are running a mail server, you should at least learn enough to do it safely and responsibly.

Last edited by scasey; 02-19-2018 at 06:50 PM.
 
Old 02-20-2018, 12:08 AM   #5
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Quote:
Originally Posted by Ogmius View Post
I'm asking because I've never done this before. I've setup postfix in a regular configuration, however this steps out of the bounds of my knowledge so I thought I would ask, you know, on a site dedicated to answering questions about linux.
Postfix is not "linux" - would you expect constructive advice about a custom Exchange setup in a Windows newbie forum?

Quote:
I am more familiar with exchange and windows based servers like hMailServer, and know how to easily do this in Windows. I am sure if someone can point me to more than just a product doc I am capable but I think the terms I was looking for may not have been appropriate for my scenario
So, all you need is somewhere to translate your knowlege of how to do it into the configuration to do it in postfix?
I thought the official postfix documentation would be the obvious place, and assuming you had been there already, I linked you to their pagefull of 'further reading' including many (endorsed) howto's and examples.

Quote:
Descendent_Command, your answer is insulting and useless... If you don't want to answer questions related to linux, you probably shouldn't be frequenting linuxquestions.org
Thank you for your feedback

Quote:
Anyway, a constructive answer would be appreciated. I couldn't find a doc that outlined a configuration near what I'm looking for so even a hint of the terminology would be appreciated.
Maybe you missed this?
http://www.postfix.org/STANDARD_CONF...ME.html#backup

Looks pretty close to what you want, yes?

PS Have requested thread to be moved to "Server" subforum.
 
Old 02-20-2018, 03:53 AM   #6
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195

Rep: Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043Reputation: 1043
Setting up a mail server using Postfix can be overwhelming. This is a good guide: https://workaround.org/ispmail. It uses Debian, and the tutorials are pretty much focused towards apt-based distros. So if you decide to follow the tutorial, choose the appropriate distro.

I stopped doing this completely manually a few years ago, as it really became complicated. Mail servers have to be configured quite precisely in order they are recognized as clean. I install and use VirtualMin now. Which makes setting up a mail server real easy.

jlinkels
 
Old 02-23-2018, 11:50 AM   #7
Ogmius
LQ Newbie
 
Registered: Feb 2003
Location: Washington
Posts: 17

Original Poster
Blog Entries: 1

Rep: Reputation: 0
Well after lots more googling and reviewing the docs that were posted here I think I've got 90% of this figured out and working. The last part is trying to figure out why my internal mail server fails to authenticate with postfix. I do have a dynamic IP with a dns alias that gets updated every time it changes, but it looks like from the logs it is trying to reconcile my comcast issued hostname in my sasl_passwd file? I would rather not have to update postfix every time my IP changes, and I can't afford to buy a static IP. So if anyone has any suggestions as to how I can permit maybe a connection from anywhere as long as the username/password is correct? That'd be close enough I think.... I am trying to keep my configuration as simple as possible

I've tried the following formats in my sasl_passwd file (ofcourse doing postmap /etc/postfix/sasl_passwd after each change), however none of this seems to work. Maybe i'm not setting up the auth correctly?
[arecord.mydomain.com] userass
arecord.mydomain.com userass
myipaddress userass


Here's my files and the log data

Postfix main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# General Settings
myorigin = /etc/mailname
myhostname = mta.my.domain
smtpd_banner = $myhostname
biff = no
readme_directory = no
compatibility_level = 2
mydestination =
mynetworks = [my.hostname.alias]
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

# appending .domain is the MUA's job.
append_dot_mydomain = yes

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = encrypt

# Relay Settings
relay_domains = serveral.relay domains.are here.to relay.mail
relayhost = [my.relay.domain]:26
smtpd_relay_restrictions = permit_sasl_authenticated reject_unauth_destination
#local_recipient_maps =
local_header_rewrite_clients = static:all
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#smtp_sasl_auth_enable = yes
#smtp_sasl_security_options =


Postfix master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=no
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes

#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}


Failure log

Feb 23 12:41:15 mta postfix/submission/smtpd[10441]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Feb 23 12:41:15 mta postfix/submission/smtpd[10441]: connect from my.crappy.comcast.net.dns.name[12.23.45.67]
Feb 23 12:41:16 mta postfix/submission/smtpd[10441]: warning: my.crappy.comcast.net.dns.name[12.23.45.67]: SASL LOGIN authentication failed: authentication failure
Feb 23 12:41:16 mta postfix/submission/smtpd[10441]: disconnect from my.crappy.comcast.net.dns.name[12.23.45.67] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
 
Old 02-23-2018, 03:24 PM   #8
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
OK, so to clarify what you are setting up, you have postfix as an inbound MX for 6 domains, forwarding inbound mail to your "internal" mail server (what?) behind your comcast "home" connection.
You also want to use your "external" postfix as an outbound smtp relay.

The sasl settings you are using above are for postfix's SMTP client, so for connections postfix makes to send mail, and to authenticate on that server (i.e. another relay).

If you want to use smtpd_sasl_auth_enable so you can authenticate on your posftix, to relay outbound mail from your "comcast" connection, you need to set it up as per http://www.postfix.org/SASL_README.html using either the dovecot or cyrus sasl method.

As you probably only need a single user, probably the cyrus / saslauthd / /etc/shadow method and just make a system user for the job.
 
Old 03-05-2018, 04:35 PM   #9
Ogmius
LQ Newbie
 
Registered: Feb 2003
Location: Washington
Posts: 17

Original Poster
Blog Entries: 1

Rep: Reputation: 0
Hey Folks,

Sorry I haven't updated this thread in a few days I've been crazy busy!

Anyway, I think I have this about 99% resolved. I am now able to send mail from gmail to my mail server via the Linux mail proxy. However, I am unable to return the message as I get an authentication failure. See below, when I run testsaslauth from the terminal, it works fine. Only when I attempt to send mail do I get the auth failure

I have reviewed several tutorials for setting up sasalauthd and postfix but cannot seem to resolve the issue. I've verified that the link is in place, the files are all correct, and post reboot I am still able to auth in the terminal

Termainal Command: testsaslauthd -u user -p pass (also work swith the -s pam switch)
Terminal Response: 0: OK "Success."

mail.log entry on send: SASL LOGIN authentication failed: authentication failure
NDR Report from the MTA: Remote server replied: 535 5.7.8 Error: authentication failed: authentication failure

here are the latest versions of my files

etc/postfix/main.cf
Quote:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# General Settings
myorigin = /etc/mailname
myhostname = mta.ogware.com
smtpd_banner = $myhostname
biff = no
readme_directory = no
compatibility_level = 2
mydestination =
mynetworks = mta.ogware.com
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

# appending .domain is the MUA's job.
append_dot_mydomain = yes

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = encrypt

# Relay Settings
relay_domains = ogware.com rickdoes.tech destinyshope.org thisloveisfor.us tsquared.us rickot.me
relayhost = [homestead.tsquared.us]:26
local_header_rewrite_clients = static:all

# SASL Auth Config
smtpd_sasl_path = /etc/postfix/sasl/smtpd
[B]/etc/postfix/master.cf

Quote:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=no
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes

#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
/etc/postfix/sasl/smtpd.conf

Quote:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
/etc/default/saslauthd

Quote:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
#OPTIONS="-c -r -m /var/run/saslauthd"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

Last edited by Ogmius; 03-05-2018 at 04:37 PM. Reason: Readability and accidentally posted master.cf twice
 
Old 03-06-2018, 03:24 AM   #10
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Quote:
Originally Posted by Ogmius View Post
I have reviewed several tutorials for setting up sasalauthd and postfix but cannot seem to resolve the issue. I've verified that the link is in place, the files are all correct, and post reboot I am still able to auth in the terminal
What distro / version are you running?
A generic postfix tutorial may not fit with the configuration implemented by different distro's.
Quote:
Originally Posted by Ogmius View Post
when I run testsaslauth from the terminal, it works fine. Only when I attempt to send mail do I get the auth failure

Termainal Command: testsaslauthd -u user -p pass (also work swith the -s pam switch)
Terminal Response: 0: OK "Success."
What about
Code:
testsaslauthd -u user -p password -f /var/spool/postfix/var/run/saslauthd/mux
Quote:
Originally Posted by Ogmius View Post
here are the latest versions of my files
etc/postfix/main.cf
Code:
# SASL Auth Config
smtpd_sasl_path = /etc/postfix/sasl/smtpd
This should just be
Code:
smtpd_sasl_path = smtpd
Also, make sure you have added the postfix user to the sasl group.

Quote:
Originally Posted by Ogmius View Post
/etc/default/saslauthd
Code:
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
Why use "PARAMS" rather than "OPTIONS"?
Also, do you need the 'realm' switch (-r)?
You probably don't with system users.

Also
etc/postfix/main.cf
Code:
relayhost = [homestead.tsquared.us]:26
This isn't what you want.
It relays ALL OUTBOUND (from postfix) MAIL via your home server.
Probably you want to use the 'transport_maps' directive, with a transport_maps file pointing your relay domains to the above destination, so your incoming is properly relayed, and your outgoing is sent via regular MX lookups.
 
Old 03-06-2018, 11:55 AM   #11
Ogmius
LQ Newbie
 
Registered: Feb 2003
Location: Washington
Posts: 17

Original Poster
Blog Entries: 1

Rep: Reputation: 0
Hey Descendant, to answer your questions in order:

I am using this Ubuntu release
Code:
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.4 LTS
Release:        16.04
Codename:       xenial
This command: testsaslauthd -u user -p password -f /var/spool/postfix/var/run/saslauthd/mux did not work at first until I added the following
Quote:
/etc/default/saslauthd
Code:
PIDFILE="/var/spool/postfix/var/run/saslauthd/saslauthd.pid"
I also removed -r from the Options

When I changed smtpd_sasl_path in main.cf to your suggestion, I got file not found again in the mail log, when I restored the full path it worked (STill with an auth failure, but not with file not found)

The postfix user IS in the sasl group, I verified by trying to add it again, should I add my user that I am using to authenticate with?

I removed the -r from the Options section of saslauthd config (after restoring it from "PARAMS', and replaced PARAMS with OPTIONS, these changes did not seem to have an impact, although I do not believe I need it -r, as I am simply authing using a local user

I was under the impression that relay host was a setting that only applied to relay_domains. I will test this further once we get the rest going.

Hope this helps, let me know if you need more detail or spot something I didn't

Thanks!
~Rick

Last edited by Ogmius; 03-06-2018 at 12:04 PM.
 
Old 03-07-2018, 03:39 AM   #12
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Quote:
Originally Posted by Ogmius View Post
I am using this Ubuntu release
OK, I'm testing on Debian Wheezy, which should be pretty close to that.
Check the documentation in /usr/share/doc/sasl2-bin/ for any buntu specific info.

I normally use dovecot auth, but saslauthd is now working too.

Quote:
This command: testsaslauthd -u user -p password -f /var/spool/postfix/var/run/saslauthd/mux did not work at first until I added the following
/etc/default/saslauthd
Code:
PIDFILE="/var/spool/postfix/var/run/saslauthd/saslauthd.pid"
Odd - I don't have, or appear to need, that.

Quote:
should I add my user that I am using to authenticate with?
No.

Post the output of:
Code:
ps aux | grep -e 'sasl\|postfix'; groups postfix; ls -laR /var/spool/postfix/var/run/saslauthd/ ; dpkg-statoverride --list | grep sasl
Also you can see what saslauthd is doing by running it in debug mode.
Code:
# service saslauthd stop
# /usr/sbin/saslauthd -a pam -d -c -m /var/spool/postfix/var/run/saslauthd
Then test from another terminal and by sending mail and see if there is any further clues.
(ctrl-c to stop the debug version then restart the normal service to get back where you were)
 
1 members found this post helpful.
Old 03-08-2018, 10:55 AM   #13
Ogmius
LQ Newbie
 
Registered: Feb 2003
Location: Washington
Posts: 17

Original Poster
Blog Entries: 1

Rep: Reputation: 0
Hey Descended, so after all this troubleshooting I've finally got it working. I want to do some more testing before I say its 100% solid, once I'm done I will post all the things I needed to do to get it working the way I intended

Thanks for all your help!
 
Old 03-08-2018, 12:05 PM   #14
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,876

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Quote:
Originally Posted by Ogmius View Post
I've finally got it working.
Care to share the final pieces of your puzzle, for the next person searching?
 
Old 03-08-2018, 12:50 PM   #15
Ogmius
LQ Newbie
 
Registered: Feb 2003
Location: Washington
Posts: 17

Original Poster
Blog Entries: 1

Rep: Reputation: 0
Yes, the final piece was setting MECHANISMS="shadow" in /etc/default/saslauthd

For some reason, I was reading the documentation as shadow and pam were interchangable, but after reading that over and over again (lol) I THINK i realized that shadow is local users, and pam is for when you are using something like dovecot to provide authentication via saslauthd.

Also, I think another piece I was missing was also adding my relay user (incoming) to the sasl group, which I didn't think I had to do but apparently I did.

I am going to do some more testing, then tear it down and rebuild it from scratch and doc the whole thing which I will post in a separate how to thread (should that go anywhere in specific?) so if people need direction on this kind of need they have something to actually follow instead of piecing together several docs like I ended up doing (with help here of course)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Mail Relay Server with HA for ISP kryspek Linux - Software 6 04-25-2017 12:04 PM
Postfix Mail Relay Server harsha.s.aryan@gmail.com Linux - Server 4 11-03-2015 01:48 AM
Configuration help - Open relay ,Postfix,dovecot virtual mail server Pinkdog Linux - Server 2 07-30-2014 12:10 PM
Postfix Mail server to relay mail for dynamic IP clients seventy-7 Linux - Server 2 01-28-2009 02:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration