SMTP AUTH is a bit tricky for an amateur to configure, as it is not a requirement and not enabled by default in MTAs yet.
- MTA: Postfix
- remote: preconfigured as MX (example.org)
- local: yet to configure
- SMTP AUTH: SASL (Cyrus SASL)
- remote: saslauthd
- local: hash db (/etc/postfix/sasl_passwd)
- No TLS, no submission port, just plain port 25 (lame)
- Todo: TLS
Configuration (local)
Configure Postfix SMTP server and client
Tweak myorigin, etc. on the server. Enable SASL on the client.
% sudo vi /etc/postfix/main.cf
...
%
Check the configuration.
% sudo postconf -n
...
append_at_myorigin = yes
append_dot_mydomain = no
...
mydestination = foo, localhost.localdomain, localhost, local.example.org
myhostname = foo
...
myorigin = local.example.org
...
relayhost = [example.org]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = may
...
%
Prepare SASL db
% sudo cp /dev/null /etc/postfix/sasl_passwd
% sudo chmod 700 /etc/postfix/sasl_passwd
% sudo vi /etc/postfix/sasl_passwd
...
% sudo cat /etc/postfix/sasl_passwd
[mail.example.org] johnd:opensesame
[mail.example.org]:submission johnd:opensesame
% sudo postmap /etc/postfix/sasl_passwd
% sudo ls /etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd
%
Don't forget to postmap.
Testing
% sudo /etc/init.d/postfix restart
% echo test | mail jdoe@example.org
% sudo tail -f /var/log/mail.log
Troubleshooting
Invalid envelope from
Remote smtpd may reject connections with invalid FQDN in envelope from.
Quick-and-dirty workaround:
[ubuntu] Postfix, smarthost and local mail
http://ubuntuforums.org/showpost.php?p=6348383&postcount=3
myorigin = local.myvaliddomain.com append_at_myorigin = yes mydestination = ..., local.myvaliddomain.com
- Set bogus FQDN to myorigin, so that envelope from may look like FQDN.
- Enable append_at_myorigin to add the bogus FQDN to messages to local users (e.g. root -> root@bogusFQDN)
- Include the bogus FQDN in mydestination, so that messages to bogus FQDN be handled locally.
SASL authentication mechanism
If you are using plain text and find something like this in the log,
... (SASL authentication failed; cannot authenticate to server ...: no mechanism available)
read the document carefully.
Postfix SASL Howto
http://www.postfix.org/SASL_README.html#client_sasl
By default, the Postfix SMTP client does not use authentication methods that send plaintext passwords, and defers delivery with the following error message: "Authentication failed: cannot SASL authenticate to server". To enable plaintext authentication specify, for example:/etc/postfix/main.cf: smtp_sasl_security_options = noanonymous
This disables noplaintext by explicitly setting only noanonymous. (Not recommended though.)
Reference
- http://www.postfix.org/SASL_README.html
- http://www.postfix-jp.info/trans-2.3/jhtml/SASL_README.html
- http://www.debian.org/doc/manuals/debian-reference/ch06.ja.html#_the_configuration_of_postfix_with_sasl
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450787
- http://ubuntuforums.org/showpost.php?p=6348383&postcount=3
- http://www.amazon.co.jp/exec/obidos/ASIN/4274065766/arakinotes-22
Other Articles
- 13 Oct 2017: 『テスト駆動開発』
- 19 Oct 2016: 『新装版 達人プログラマー 職人から名匠への道』
- 19 Aug 2016: 『プログラミングElixir』
- 20 Oct 2015: Migrating from git-media to git-lfs
- 04 Oct 2015: Git Large File Storageクライアントのインストール
- 12 Aug 2015: isbn.rb
- 22 Apr 2015: 「なるのか、なすのか?」(To Be Or To Do?)