Postfix SMTP authentication.

seanbranagh · ‎02-08-2007

I am switching from cPanel hosting to a VPS with Virtualmin. With the cPanel server users were required to use the option in Outlook etc "My outgoing server requires authentication" and set it to the same as the incomming server i.e. name@domain.com and their password. With Postfix on the VPS the SMTP authentication will only work with name-domain.com despite the fact that the incomming server accepts name@domain.com as there is valid Unix users name@domain.com and name-domain.com. How can I make the SMTP server accept the Unix users name@domain.com? I really don't want to ask all my users to start changing this setting.

SteveA · ‎17-06-2007

What are you using to provide the SMTP authentication?

seanbranagh · ‎02-08-2007

Whatever Virtualmin sets up by default. I appologize for not knowing exactly.

seanbranagh · ‎02-08-2007

OK looks like Cyrus-sasl. Having a look through the files now for some sort of users file.

seanbranagh · ‎02-08-2007

In Postfix's virtual domains all addresses are mapped like name@domain.com to name-domain.com

SteveA · ‎17-06-2007

Is postfix running chrooted or not? It can cause problems with sasl authentication.
have you read:
http://www.sendmail.org/~ca/email/cyrus/sysadmin.html

seanbranagh · ‎02-08-2007

==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
That means it is not running chrooted? Can I remove the # to run it chrooted? Which is best?

seanbranagh · ‎02-08-2007

I have tried changing the postfix processes to chroot but with no success. I read through the article and although I have not much understanding of it all, everything does appear to be set up properly on my server by Virtualmin.
I was suppossed to be changing the nameservers over yesterday to the new vps but it looks like I might have to inform my users that there will be a delay until next week.
I would be really grateful for any further help with this issue. Sean.

SteveA · ‎17-06-2007

Mine runs wihtout being chrooted and I use Dovecot-sasl and it's working just fine, once I put the right options in the various places in main.conf.

seanbranagh · ‎02-08-2007

I have now got it almost working by making postfix use dovecot-auth instead of cyrus. The only problem is that although it does force authentication for emails sent to mailboxes not on the server it does not require authentication for mail sent to mailboxes that are on the server. How do I force authentication for all mail sent through it?

seanbranagh · ‎02-08-2007

Section from postfix config:

# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix-2.3.3/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces permit_sasl_authenticated reject_unauth_destination
virtual_alias_maps = hash:/etc/postfix/virtual

SteveA · ‎17-06-2007

I've got (and this is is pretty paranoid server). But I've been kind and allowed my local machines access without authentication using permit_mynetworks. If you think ab out it - delivering email to mailboxes on the server (i.e. its the final destination) can't have authentication or you'll never get any upstream mailservers (such as Plusnet's) to connect.
smtpd_client_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sender_restrictions =
warn_if_reject,
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_invalid_hostname,
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
warn_if_reject,
reject_unauth_pipelining,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_sender,
permit
smtpd_helo_restrictions =
warn_if_reject,
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_unknown_helo_hostname,
permit

Postfix SMTP authentication.

Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.

Re: Postfix SMTP authentication.