SMTP Authentication (SMTP Auth) provides an access control mechanism that can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers.
3. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found. 
4. Configure SELinux using the commands below. Here’s the content of postfixdovecotsasl.te 
5. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix. Learn how to restart services here.
In a Terminal window, type in the highlighted commands below.Sample postfix session
Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.
You can send to email addresses belonging to your domain without authentication. This is normal as it enables you to receive mail from the outside.
The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form
click here:
If you encounter any problems, check the log file at /var/log/maillog.
**********Thanks regards cnuvasan*****************
Configure Postfix and Dovecot
1. Edit the file /etc/dovecot/conf.d/10-master.conf and make sure your service auth section has the lines below.
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
2. Edit the file /etc/dovecot/conf.d/10-auth.conf and update the line below.
auth_mechanisms = plain login
3. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found. mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
broken_sasl_auth_clients = yes
The first line says trust only localhost, meaning only localhost can send email outside the network (relay). The last line is there to support old clients like Microsoft Outlook Express 4.0 and Microsoft Exchange 5.0 just in case someone is still using it.
Lines starting with # are comments. Save the file after completing your changes.
4. Configure SELinux using the commands below. Here’s the content of postfixdovecotsasl.tewget linuxmail.info/files/rhel6/postfixdovecotsasl.te checkmodule -M -m -o postfixdovecotsasl.mod postfixdovecotsasl.te semodule_package -o postfixdovecotsasl.pp -m postfixdovecotsasl.mod semodule -i postfixdovecotsasl.pp
5. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix. Learn how to restart services here.Test Postfix
In a Terminal window, type in the highlighted commands below.[root@mail ~]# telnet mail smtp
Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.Trying 192.168.0.1...
Connected to mail.acme.local (192.168.0.1).
Escape character is '^]'.
220 mail.acme.local ESMTP Postfix
ehlo localhost
250-mail.acme.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Note the new 250-AUTH lines. See the old SMTP Telnet Test.mail from:<johndoe> 250 2.1.0 Ok rcpt to:<test@example.com> 554 5.7.1 <test@example.com>: Relay access deniedIt works, now to check if we can send it after authenticating.
auth plain AGpvaG5kb2UAcGFzc3dvcmQ= 235 2.0.0 Authentication successful rcpt to:<test@example.com> 250 2.1.5 Ok quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]#
You can send to email addresses belonging to your domain without authentication. This is normal as it enables you to receive mail from the outside.The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form
click here:
If you encounter any problems, check the log file at /var/log/maillog.
**********Thanks regards cnuvasan*****************
No comments:
Post a Comment