+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: SMTP (https://www.linux-noob.com/forums/forum-86.html)
+--- Thread: Setting Up Postfix On Debian Etch (/thread-1504.html)
Setting Up Postfix On Debian Etch - DustyBin - 2007-03-23
Ive read lots of 'how-tos' on how to do this but none of them worked on there own, I managed to get it working by merging bits of information together and heres how i got it working on Debian Etch, this might work on Debian Sarge too.
TARGET MACHINE
apt-get install postfix-tls sasl2-bin libsasl2 libsasl2-modules << stuff required for postfix
apt-get install popa3d << this is the pop daemon for downloading mail from server
edit /etc/default/saslauthd and make sure these lines say:
START=yes
MECHANISMS="pam"
edit /etc/postfix/sasl/smtpd.conf if this file doesnt exist create it!
pwcheck_method: saslauthd
edit /etc/postfix/main.cf (remove old config, copy and paste everything here but change ******)
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
myhostname = ****** # make sure this is resolvable (ie use yourmail.net)
mydomain = ****** # make sure this is resolvable, i got mine working using same as above.
myorigin = $mydomain
inet_interfaces = all
mydestination = $mydomain, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8, *.*.*.*/* # change this to local address + subnet so emails can be relayed out your box
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = ****** # i used same as 'mydomain' above
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_unverified_sender
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
postfix does a chroot so it can’t communicate with saslauthd. heres how to get round it:
rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
add a test user (remember to remove after)
useradd test
passwd testpass
edit /etc/passwd (so test cannot log in via ssh)
test:x:1001:1001::/home/test:/bin/false <<change this to false
start postfix + saslauthd services
/etc/init.d/postfix reload
/etc/init.d/saslauthd start
TEST POSTFIX CONNECTION WITH TELNET ON REMOTE MACHINE
We need perl to generate the string for the SASL telnet authentication
perl -MMIME::Base64 -e 'print encode_base64("testtesttestpass");' << change test / testpass accordingly
dGVzdAB0ZXN0AHRlc3RwYXNz << this will be used for authentication on telnet
telnet postfixmachineip 25
type 'ehlo localhost'
you should see something like this:
250-randallbum.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN DIGEST-MD5 NTLM CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 NTLM CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
now enter these commands and see if you get same response:
AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz
235 2.0.0 Authentication successful
MAIL FROM:<anyreal@mailaddress>
250 2.1.0 Ok
RCPT TO:<test@yourmail.net>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
This is a test email message, this better f****** work!
. << end message with '.'
250 2.0.0 Ok: queued as F11F234271
QUIT
POPA3D opens POP port 110 on the post fix server and also authenticates with users on the system the same way as Postfix has been setup to do. You could test this by sending a test email to the test user using the above method then setup a client like 'Evolution' to receive POP mail by putting in these details under 'Receiving Mail'
Server: postfixmachineip
Username: test
Now when you check for new mail it will ask for a password so use 'testpass' if you used method used here.
And if all went well, you should of received the test email.
Now you can do the same and put in the SMTP details for 'Sending Email'
Dont forget to remove user 'test' and put in some real users with strong passwords and disable ssh access if needs be.