Postfix Problem [Was "Re: anybody have experience with thisoutfit?"]

Wed Jan 19 14:45:43 PST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Postfix allows SMTP-AUTH.  I believe SMTP-AUTH uses the SASL
implementation (I'm using Cyrus-SASL)

smtpd_recipient_restrictions = \
~ permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

This works wonders.  Also note that I only allow SMTP-SSL (port 465) or
STARTTLS for any SMTP-AUTH over untrusted networks.

~  For my SASL configuration:
/usr/lib/sasl2/smtpd.conf
- -------------------------
pwcheck_method: saslauthd
mech_list: plain login

Then, on startup of the saslauthd daemon, use "-a pam" of you want sasl
to use PAM for authentication

(On SuSE, this is done through /etc/sysconfig/saslauthd, which has
"SASLAUTHD_AUTHMECH=pam"

Shannon Scott wrote:
| I use pop-before-smtp.
|
| http://popbsmtp.sourceforge.net/
|
| I am curious, how do the more knowledgeable folks on the list handle
| remote relay with PostFix?
|
| Take Care.
| Shannon
|
|
| -----Original Message-----
| From: linux-users-bounces at linux-sxs.org
| [mailto:linux-users-bounces at linux-sxs.org] On Behalf Of Ken Moffat
| Sent: Monday, January 10, 2005 10:04 PM
| To: Linux tips and tricks
| Subject: Re: Postfix Problem [Was "Re: anybody have experience with
| thisoutfit?"]
|
| Kurt Wall wrote:
|
|
|>On Mon, Jan 10, 2005 at 05:55:05PM -0800, Ken Moffat took 30 lines to
|
| write:
|
|>
|>
|>
|>>dep wrote:
|>>
|>>
|>
|>[DSL rocks]
|>
|>
|>
|>
|>>I've been trying to set up remote smtp relaying using postfix and
|
| imap,
|
|>>but no luck. Relaying denied by my local postfix install. Works only
|>
|>>from inside my firewall, not from the web. (not yet.)
|>
|>>
|>>
|>
|>You need to add the host(s) allowed to relay to relay_domains (which
|>defaults to $mydestination).
|>
|>Kurt
|>
|>
|
|
| So this would allow sending from specific domains, but what if the
| domain is "comcast.net" or some such isp. My son has a comcast
| connection, but no email, using his yahoo mail address, but wants to be
| available on my domain. I don't really want to open up comcast.net. I
| wonder if they have a fixed ip address or if it changes.
|
| thanks for the answer.
|
|

- --
Matthew Carpenter
matt at eisgr.com                          http://www.eisgr.com/

Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB7riIso9lqh4MragRAkktAKDQ4VDFqE51ESClIkJlB0wITD1HXACeIt+U
MQp38hYWk0f/spIQKKqwzCI=
=8U59
-----END PGP SIGNATURE-----