Difference between revisions of "Postfix SMTP authentication using dovecot"
From Notes_Wiki
m |
m |
||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Postfix server configuration]] > [[Postfix SMTP authentication using dovecot]] | |||
Postfix SMTP authentication can work using both dovecot and cyrus. To use dovecot for SMTP authentication use following steps: | Postfix SMTP authentication can work using both dovecot and cyrus. To use dovecot for SMTP authentication use following steps: | ||
Line 79: | Line 78: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Postfix server configuration]] > [[Postfix SMTP authentication using dovecot]] |
Latest revision as of 10:43, 14 July 2022
Home > CentOS > CentOS 6.x > Postfix server configuration > Postfix SMTP authentication using dovecot
Postfix SMTP authentication can work using both dovecot and cyrus. To use dovecot for SMTP authentication use following steps:
- In /etc/dovecot/conf.d/10-master.conf as part of "service auth" there should be a unix_listener at /var/spool/postfix/private/auth using following configuration:
- service auth {
- unix_listener auth-userdb {
- }
- # Postfix smtp-auth
- unix_listener /var/spool/postfix/private/auth {
- mode = 0660
- user = postfix
- group = postfix
- }
- }
- In /etc/dovecot/conf.d/10-auth.conf set auth_mechanisms to both plain and login using:
- auth_mechanisms = plain login
- service dovecot restart
- Configure postfix to use socket created by dovecot for authentication using following lines appended in /etc/postfix/main.cf file:
- #Indicates use dovecot auth
- smtpd_sasl_type = dovecot
- #Specified location of authentication socket supplied by dovecot
- #wrt /var/spool/postfix
- smtpd_sasl_path = private/auth
- #Enable SASL authentication
- smtpd_sasl_auth_enable = yes
- #Also advertize "AUTH PLAIN=" along with "AUTH PLAIN " to support broken clients esp outlook
- broken_sasl_auth_clients = yes
- #Do not allow anonymous access for SASL. Very important
- #If SSL or TLS is configured then perhaps noplaintext over
- #non-encryption channel can also be configured
- smtpd_sasl_security_options = noanonymous
- #smtpd_sasl_security_options = noanonymous, noplaintext
- #Do not allow anonymous access for SASL over TLS/SSL. Here
- #plaintext auth should not be a problem
- smtpd_sasl_tls_security_options = noanonymous
- #Allow relay for anybody sending to mydomain and allow relay from trusted networks.
- #Further allow relay to any destination from anywhere for authenticated clients
- smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
- #Append username of user who authentication in email headers
- smtpd_sasl_authenticated_header = yes
- service postfix restart
- Test authentication using
- telnet <mail-server> 25
- EHLO test
- AUTH PLAIN <auth-string>
- where auth-string can be obtained using "echo -ne '\000username\000password' | openssl base64" by replacing username and password appropriately
Steps learned from http://www.postfix.org/SASL_README.html#server_sasl_enable
Troubleshooting Relay access denied after successful authentication
If "Relay access is denied" even after successful authentication then try appending this to /etc/postfix/main.cf:
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
and do "service postfix restart"
Steps learned from http://serverfault.com/questions/42519/how-to-correct-postfix-relay-access-denied
Home > CentOS > CentOS 6.x > Postfix server configuration > Postfix SMTP authentication using dovecot