Linux Server Details

User Tools

Site Tools

Trace:
secure_outgoing_smtp_via_postfix_courier_tls_and_sasl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
secure_outgoing_smtp_via_postfix_courier_tls_and_sasl [2022/07/19 21:13] – external edit 127.0.0.1secure_outgoing_smtp_via_postfix_courier_tls_and_sasl [2022/07/22 23:47] (current) – Updated formatting and added current config admin
Line 1: Line 1:
 ====== Secure_Outgoing_SMTP_via_Postfix,_Courier,_TLS_and_SASL ====== ====== Secure_Outgoing_SMTP_via_Postfix,_Courier,_TLS_and_SASL ======
  
-***OK. First off:  apt-get**+\\
  
- apt-get install postfix-tls libsasl2-2 sasl2-bin libsasl2-modules+**For more recent setup with Debian Bullseye, please see: 
 +[[setup-config-debian-bullseye#secure_smtpd_using_postfix_and_sasl]]**
  
 +
 +**Note: Details below are old and may not apply**
 +
 +***OK. First off:  apt-get**
 +<code>
 + apt-get install postfix-tls libsasl2-2 sasl2-bin libsasl2-modules
 +</code>
 Main Website used for Config: http://www.falkotimme.com/howtos/perfect_setup_debian_sarge/index.php Main Website used for Config: http://www.falkotimme.com/howtos/perfect_setup_debian_sarge/index.php
  
Line 59: Line 67:
 </del> </del>
  
 +<code>
  vi /etc/postfix/main.cf  vi /etc/postfix/main.cf
- <nowiki>//</nowiki>add in+ #add in
  smtpd_sasl_auth_enable = yes  smtpd_sasl_auth_enable = yes
- <nowiki>//</nowiki>Then try and send emails via smtpd+ #Then try and send emails via smtpd 
 +</code>
  
 ***Restart Postfix<br>** ***Restart Postfix<br>**
 +
 Now continuing onto Auth<br> Now continuing onto Auth<br>
 +
 Because postfix runs chrooted - need to move the /var/run dir <br> Because postfix runs chrooted - need to move the /var/run dir <br>
 +<code>
  mkdir -p /var/spool/postfix/var/run/saslauthd  mkdir -p /var/spool/postfix/var/run/saslauthd
  rm -fr /var/run/saslauthd  rm -fr /var/run/saslauthd
 +</code>
  
 **Edit /etc/default/saslauthd** **Edit /etc/default/saslauthd**
 +<code>
  Remove # in front of START=yes  Remove # in front of START=yes
  Add the line <del>PARAMS</del>OPTIONS="-m /var/spool/postfix/var/run/saslauthd"  Add the line <del>PARAMS</del>OPTIONS="-m /var/spool/postfix/var/run/saslauthd"
 +</code>
  
 **Edit /etc/init.d/saslauthd** **Edit /etc/init.d/saslauthd**
 +
  <del>Add a # to dir=`dpkg-statoverride --list $PWDIR`  <del>Add a # to dir=`dpkg-statoverride --list $PWDIR`
  Add in dir=".... below the PIDFILE entry  Add in dir=".... below the PIDFILE entry
Line 82: Line 99:
  PIDFILE="${PWDIR}/saslauthd.pid"  PIDFILE="${PWDIR}/saslauthd.pid"
  dir="root sasl 755 ${PWDIR}"</del>  dir="root sasl 755 ${PWDIR}"</del>
- <nowiki>//</nowiki>change to:+ 
 +<code> 
 + #change to:
  createdir root sasl 755 $RUN_DIR  createdir root sasl 755 $RUN_DIR
  
Line 89: Line 108:
 ***/etc/init.d/saslauthd start** ***/etc/init.d/saslauthd start**
 ***MAKE SURE TO ADJUST FIREWALL - OPEN UP PORT 111 Locally** ***MAKE SURE TO ADJUST FIREWALL - OPEN UP PORT 111 Locally**
 +</code>
  
 ====== Debugging and testing ====== ====== Debugging and testing ======
 +<code>
  user@otherserver:~$ telnet mail.burkesys.com 25  user@otherserver:~$ telnet mail.burkesys.com 25
  Trying 78.47.9.122...  Trying 78.47.9.122...
Line 105: Line 126:
  250-8BITMIME  250-8BITMIME
  250 DSN  250 DSN
 +</code>
  
 After connecting via telnet, type "ehlo localhost" and watch for the "STARTTLS" line. This *should* show up. After connecting via telnet, type "ehlo localhost" and watch for the "STARTTLS" line. This *should* show up.
Line 110: Line 132:
 Of course o2 have started filtering external traffic over port 25, and filterting out the starttls which makes life difficult for thunderbird. See: http://markmail.org/message/v5uofqpx5l5pu4rm Of course o2 have started filtering external traffic over port 25, and filterting out the starttls which makes life difficult for thunderbird. See: http://markmail.org/message/v5uofqpx5l5pu4rm
 Just as well I have port 587 open for use with a nice iptable rule: Just as well I have port 587 open for use with a nice iptable rule:
 +<code>
  iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to ip.address:25  iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to ip.address:25
  iptables -t nat -L  iptables -t nat -L
  iptables -t nat -D PREROUTING 1  iptables -t nat -D PREROUTING 1
 +</code>
secure_outgoing_smtp_via_postfix_courier_tls_and_sasl.txt · Last modified: 2022/07/22 23:47 by admin