SMTP AUTH is a bit tricky for an amateur to configure, as it is not a requirement and not enabled by default in MTAs yet.
- MTA: Postfix
- remote: preconfigured as MX (example.org)
- local: yet to configure
- SMTP AUTH: SASL (Cyrus SASL)
- remote: saslauthd
- local: hash db (/etc/postfix/sasl_passwd)
- No TLS, no submission port, just plain port 25 (lame)
- Todo: TLS
Configuration (local)
Configure Postfix SMTP server and client
Tweak myorigin, etc. on the server. Enable SASL on the client.
% sudo vi /etc/postfix/main.cf
...
%
Check the configuration.
% sudo postconf -n
...
append_at_myorigin = yes
append_dot_mydomain = no
...
mydestination = foo, localhost.localdomain, localhost, local.example.org
myhostname = foo
...
myorigin = local.example.org
...
relayhost = [example.org]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = may
...
%
Prepare SASL db
% sudo cp /dev/null /etc/postfix/sasl_passwd
% sudo chmod 700 /etc/postfix/sasl_passwd
% sudo vi /etc/postfix/sasl_passwd
...
% sudo cat /etc/postfix/sasl_passwd
[mail.example.org] johnd:opensesame
[mail.example.org]:submission johnd:opensesame
% sudo postmap /etc/postfix/sasl_passwd
% sudo ls /etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd
%
Don't forget to postmap.
Testing
% sudo /etc/init.d/postfix restart
% echo test | mail jdoe@example.org
% sudo tail -f /var/log/mail.log
Troubleshooting
Invalid envelope from
Remote smtpd may reject connections with invalid FQDN in envelope from.
Quick-and-dirty workaround:
[ubuntu] Postfix, smarthost and local mail
http://ubuntuforums.org/showpost.php?p=6348383&postcount=3
myorigin = local.myvaliddomain.com append_at_myorigin = yes mydestination = ..., local.myvaliddomain.com
- Set bogus FQDN to myorigin, so that envelope from may look like FQDN.
- Enable append_at_myorigin to add the bogus FQDN to messages to local users (e.g. root -> root@bogusFQDN)
- Include the bogus FQDN in mydestination, so that messages to bogus FQDN be handled locally.
SASL authentication mechanism
If you are using plain text and find something like this in the log,
... (SASL authentication failed; cannot authenticate to server ...: no mechanism available)
read the document carefully.
Postfix SASL Howto
http://www.postfix.org/SASL_README.html#client_sasl
By default, the Postfix SMTP client does not use authentication methods that send plaintext passwords, and defers delivery with the following error message: "Authentication failed: cannot SASL authenticate to server". To enable plaintext authentication specify, for example:/etc/postfix/main.cf:
smtp_sasl_security_options = noanonymous
This disables noplaintext by explicitly setting only noanonymous. (Not recommended though.)
Reference
- http://www.postfix.org/SASL_README.html
- http://www.postfix-jp.info/trans-2.3/jhtml/SASL_README.html
- http://www.debian.org/doc/manuals/debian-reference/ch06.ja.html#_the_configuration_of_postfix_with_sasl
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450787
- http://ubuntuforums.org/showpost.php?p=6348383&postcount=3
- http://www.amazon.co.jp/exec/obidos/ASIN/4274065766/arakinotes-22
Other Articles
- 17 Jul 2010 : とちぎテストの会議
- 17 Jul 2010 : 本のテスト(あるいは人間向けソフトウェアのテストについて)
- 16 Jul 2010 : オブジェクト倶楽部2010夏イベント
- 17 May 2010 : 『プログラミングRuby 1.9』近日発行
- 11 Apr 2010 : TOC 2010の資料を読んで
- 20 Mar 2010 : Shibuya.lisp TechTalk #5
- 20 Mar 2010 : 『プログラミングClojure』の編集制作におけるLisp/Scheme