Sat 01 October 2011

Filed under Email

Tags Cool Geek Security

Relaying with Postfix, SASL, Authentication and TLS

Create All The Files!

/etc/postfix/sasl/saslpass

mail.myserver.com relayuser:my password with spaces


/etc/postfix/tls_policy

[mail.myserver.com]:587 encrypt protocols=TLSv1 ciphers=high
[mail.myserver.com]:msa encrypt protocols=TLSv1 ciphers=high
[mail.myserver.com]:submission encrypt protocols=TLSv1 ciphers=high

Set File Permissions on SASL password file

chown root:root /etc/postfix/sasl/saslpass
chmod 600 /etc/postfix/sasl/saslpass

Hash All The Files!

postmap /etc/postfix/sasl/saslpass
postmap /etc/postfix/tls_policy

Configure All The Postfix!

## Since I am using TLS, I will allow plain text and LOGIN (which are disabled by default
postconf -e "smtp_sasl_security_options = "

## Enable SASL for outgoing SMTP traffic.
postconf -e  "smtp_sasl_auth_enable = yes"

### Add the SASL password map
postconf -e " smtp_sasl_password_maps = hash:/etc/postfix/sasl/saslpass"

### Set the TLS Policy map so that my mail server uses TLS w/ the appropriate policies.
postconf -e " smtp_tls_policy_maps = hash:/etc/postfix/tls_policy"

### Add the relayhost as my upstream mail server, note the format, it's important.
postconf -e "relayhost = [mail.myserver.com]:587"

Brief Explanation

I needed to relay from my in-house Linux box, which runs Postfix (on Ubuntu, incidentally), through my colo-hosted mail server. This recipe will work for Comcast, Verizon, Frontier, and Gmail. Those are the only places I have tested it. All of those mailservers have a Submission port (587) which accepts TLS.

This should work for just about any setup.

Props

There are tons of howto's. I own much to Bens Bits, Patrick Koetter, Postfix Documentation, and of course, Google.

Comment

Wed 22 September 2010

Filed under Email

Tags Geek Lamer Moments

Zimbra Management

Read This Fine Article - it tells you how, almost. I didn't find it that great. It tells you what to do but lends no guidance as to how to fix brokenness.

Changing the name

Ultimately, I got a message which many people have seen:

Unable to contact ...

Read More

Wed 04 August 2010

Filed under Email

Tags Cool Geek Lamer Moments

My Problems

Since all of you, like me, use Gmail - Having abandoned dignity and surrendered and amazing amount of personal information to the matrix - you will likely need to search. Sometimes the searches are harder than others. For instance, eventually you want to search for mail from "chuck.dare@nasa ...

Read More

Fri 11 December 2009

Filed under Email

Tags Geek Security

A New Client

A client turned up our first full-time Mail.app Mac user with Snow Leopard today. I was called in because of attachment sending problems. It seems that files around 7MB would attach and send, but anything larger was failing. The entrenched support reported watching logs, etc. IIS ...

Read More

Sat 31 May 2008

Filed under Email

Tags Lamer Moments Obvious Secret Messages

I hate Microsoft. I truly do. These assholes are simply unbelievable. I cannot articulate the fury and frustration which I feel at this moment. Seriously. The insanity of whatever policy drives them is beyond the measure of intelligent people.

I cannot write a scathingly witty post about overcoming them. I ...

Read More

Wed 05 March 2008

Filed under Email

Tags Lamer Moments Obvious

I am having more and more problems with OpenDNS. I have dropped it's

usage at my house, and I am dropping it all my business locations.

Your "website is down thing" is not only a huge pain in the ass, but

it's generally wrong.

1 in 10 are ...

Read More

Tue 14 November 2006

Filed under Email

Tags Lamer Moments Retarded Security

Task: Upgrade Symantec Antivirus for Microsoft Exchange.
Diffculty: Symantec Continues to Suck.

Despite a clear desire to escape from these things it can be difficult. Todays installment brought a new error: "Please Insert Disk 1". Despite all my best attempts, I could not divine what disk '1' was/is.

After ...

Read More

Wed 06 September 2006

Filed under Email

Tags Cool Python

My lovely wife has been using Evolution for some time now. We use Gmail lots anymore, but she still has lists and other traffic bound for Evolution on our Cyrus IMAP server. One continuous problem is the crappy filter problems with Evolution.

Cyrus provides a usable solution for this, Sieve ...

Read More

Fri 01 September 2006

Filed under Email

Tags Cool Security

This is a simple, but cool, recipe for querying Exchange from Postfix. This is used with a Windows 2003 Small Business Server, running (s)Exchange 2003.

We don't often use this, because of the obvious problem of being unable to receive mail when Exchange crashes or must be rebooted ...

Read More

Wed 23 August 2006

Filed under Email

Tags Geek Security

Everyone wants to know what to do with Postfix. I have tried to find a way to publish something. Everyone who does seems to always be out of date.

Not so for this guy or that guy.

Read More

Tue 25 July 2006

Filed under Email

Tags Cool Security

A growing number of small businesses are using Blackberry handhelds. Microsofts services haven't taken off as strong, but in a year or two I suspect Microsofts products will be kings of the market.

For now, we have a wide range of Blackberry services. Most of my clients use the ...

Read More

Mon 17 July 2006

Filed under Email

Tags Lamer Moments Python Retarded

Microsoft Exchange, the pithy "message server of the masses". Running atop the 'venerable' Windows 2003 Small Business Server. It calmly neglects everything except it's beloved Outlook. Which in turn neglects everything except it's cancerous host: Windows.

Microsoft Assist (paid) phone support, separated by distance, culture, and of course ...

Read More

Mon 17 July 2006

Filed under Email

Tags Cool Lamer Moments

Gmail is cool and everything. GmailFS is one example of the coolness of Google, and Gmail. Google tends to publish AJAX Api's for everything, making things extensible, even if XML Situps suck.

However, a new sucky thing (for me) has developed. I did not realize that the Google Spam ...

Read More

Thu 13 April 2006

Filed under Email

We use CRM114, SpamAssassin and Postfix for most of our antispam solutions. We have somehow avoided using LDAP up to this point. Postfix 2.2 seems to have made a lot of relavent changesd regarding LDAP support, and now things are working smoothly and more clearly than ever.


Some don ...

Read More

Tue 28 March 2006

Filed under Email

Tags Cool Security

My esteemed colleague Pacopablo has created a Howto on using Postfix with SMTPAUTH. Now, he can relay via his ISP, bypassing certain mail server restrictions due to having a dynamic IP address.

Read More

Up To Something © Joshua M Schmidlkofer Powered by Pelican and Twitter Bootstrap. Icons by Font Awesome and Font Awesome More