LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-26-2011, 08:06 AM   #1
Spuddy
Member
 
Registered: Jul 2010
Posts: 83

Rep: Reputation: 15
Postfix help!


Hello,

I'm in need of some assistance with Postfix mail server. I'm not great with Linux. I'm trying to setup a null client postfix server (no mailboxes). All I want it to do is act as an SSL SMTP server. But i'm stuggling to ever get it to do that.

I can get PHP to sendmail through the postfix server, but I cannot setup SSL SMTP.

Does anyone have any ideas or would anyone be willing to have a look for me?

Thanks,
 
Old 01-26-2011, 09:31 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Since your mail server is send/relay only, there are two cases where I see that SSL/TLS will be of benefit to you.

The first will be to authenticate your sending clients, assuming you are using it for more than local services such as PHP's mail function. In this case you will want to combine it with SASL. Postfix supports SASL via Dovecot or Cyrus, with Dovecot generally being easier. However, Dovecot is your receiving and delivery server, so this may not be what you want.

The second case is that you can have postfix attempt to connect to the next hop via SSL. The problem is that you can't enforce the use of SSL when the recipient domain doesn't support it. For this reason you will probably want to set your SSL/TLS settings to "may" use, rather than require.

There is another 'half' case and that is if you are accepting mail with the intent to relay. I would hope that you don't do this unless you have authenticated users, which goes back to the first usage case. Consequently, I think overall activating SSL/TLS may be of limited value to you in your application. Having said that, here are some links that should help you out. The first is a link to the postfix documentation. It tends to be complete, but can be difficult to interpret. I think the section on Enabling TLS in the Postfix SMTP server will be of particular interest. The second is a link to a how-to that I think is good for Postfix. It contains more information than you will need, but shows the how-to steps to enable and configure postfix. Between these two documents, there should be enough information to get it working and fine tune it to your send-only application.
 
Old 01-26-2011, 10:10 AM   #3
Spuddy
Member
 
Registered: Jul 2010
Posts: 83

Original Poster
Rep: Reputation: 15
Thanks for your response Noway2.

Let me explain a little better. One of our servers (we'll call it server10 for this purpose) has historically had postfix on it, so that our developers can use sendmail in their PHP code to deliver mail. This works fine off the default postfix install, delivers mail to any domain given to it. perfect.

Now, in addition to this we want remote clients out in the field on the internet to be able to use this same server (server10) to deliver mail to another server (exchange server). I have setup DNS for this postfix server (server10.ourdomain.com), and forwarded port 25 through to it from the firewall. I guess it is a relay rather than an mail server as I don't want the mail to stay locally I just want it to deliver.

We already have a hosted microsoft exchange on the MX20 & MX50 for ourdomain.com. However we would like the postfix server to relay mail from server10.ourdomain.com to mailboxes on our exchange server.

Would be great to hear your response.

Thanks again.
 
Old 01-26-2011, 02:57 PM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Your description makes perfect sense. There are a couple of ways that I can think of to handle this situation. The first of course would be to use SASL over TLS to provide a secure SMTP authentication - the SSL approach mentioned in your earlier post, if you will. With this method, remote users can authenticate to this server and it will forward their mail for them as you describe. A second approach would be to change the permit_my_networks to a less restrictive value, which would work if, for example, you clients use a VPN. A third approach would be to configure this server as a backup MX for the desired server. This can be done with a couple of changes to main.cf. The down side to this approach is that it will attempt to pass all mail for the destination domain, but it will only accept it for that domain. If the final recipient is an invalid user, e.g. spam, it will be handled at the final destination.

If you decide to go with secure authentication over SSL/TLS you will need either Cyrus or Dovecot to handle this for postfix. There is nothing that says you can't install Dovecot and not configure to handle any POP/IMAP accounts, using just the SASL portion. The one how-to document I referenced earlier should show you how to set this up.
 
Old 01-26-2011, 03:02 PM   #5
Spuddy
Member
 
Registered: Jul 2010
Posts: 83

Original Poster
Rep: Reputation: 15
ok, that makes more sense. So postfix can't handle the SSL/TLS connections (from say outlook express) without this Dovecot program you mention?
 
Old 01-26-2011, 04:23 PM   #6
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Not entirely. Postfix can handle SSL/TLS on the smtp side, but it can't handle it on the user authentication side (without assistance). Postfix support a few different authentication methods. By default, it will accept and relay messages that come from the "my_networks" parameter. The other methods include pop before smtp and some other methods I can't think of off hand.

So, without this, the SSL will work on the SMTP server-server transactions if both ends support it, but your users can't authenticate. With the addition of the Dovecot or Cyrus components, it can. The (not really a) weakspot in this is that it can only support 'plain' authentication over TLS. Normally, without TLS you want to avoid this as anyone with a packet sniffer can capture your credentials. When used over TLS, it becomes a non issue.

In doing some digging, I found this article. It might be worth taking a look at. It mentions using PAM and MYSQL and a round-about method of authentication for Postfix.

Also, the more I think about it, you may want to look at the Cyrus SASL libraries since you don't want pop-imap. The authentication portion MAY be separate from the POP/IMAP portion which could be more in line with your goals.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix send mail problem(In RH9, kernal 2.4.20, postfix 2.1.5) minor Linux - General 6 09-23-2019 10:09 PM
how to make postfix send email to another postfix in local network (LAN)? h4k33m Linux - Server 9 06-04-2015 04:33 PM
Postfix: postfix: fatal: chdir(/usr/libexec/postfix) Micro420 Ubuntu 2 07-13-2008 12:21 PM
Postfix error: /usr/lib/postfix/smtpd pid 7529 exit status 1 Chiragrs Linux - Networking 7 05-16-2008 12:42 AM
Postfix Configuration Question: Postfix server as a catch-all on office LAN enso491 Linux - Server 5 04-14-2008 04:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration