Activities

January 2014
M T W T F S S
« Dec   Feb »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Postfix : Quick setup of authenticated SMTP server

Today one of my friends asked me to provide information/assistance to how to setup authenticated smtp server for sending email remotely. He is planning to use this server as a bulk email marketing server.

Here is the easy setup to configure an authenticated SMTP server within 10 minutes. Here I’m using system user account to authenticate email. Do not use any sudo/shell users to have email account. Or you may need to block the shell access in network level.

A. Creating Email user account

   #useradd -s /sbin/nologin user1
   #password  user1

B. install postfix (MTA) and Dovecot(POP/IMAP) servers

[root@host28 ~]# yum install postfix dovecot
Dependencies Resolved
================================================================================
 Package       Arch         Version                    Repository          Size
================================================================================
Installing:
 dovecot       x86_64       1:2.0.9-7.el6              base               1.9 M
 postfix       x86_64       2:2.6.6-2.2.el6_1          RC-CentOS6.4       2.0 M
Transaction Summary
================================================================================
Install       2 Package(s)
Total download size: 3.9 M
Installed size: 15 M
Is this ok [y/N]: y

C. Configure Postfix server

Edit the file “/etc/postfix/main.cf” and uncomment the following values

myhostname = mail.serveridol.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
home_mailbox = Maildir/

1. myhostname –> This setting is used to specify the fully-qualified domain name of the email domain.

2. alias –> Aliases are ways of delivering mail to different users without having to set up dozens of different accounts. You can create any number of alias . Suppose I want to receive 3 domains which mx record pointing to this server in a single account, just add name alias on “/etc/aliases”

Alias for multiple domain email account
liju: support@domain1.com, support@domain2.com

myorigin –> This setting is important as internal emails from packages such as cron jobs do not supply full mail ‘credentials’ such as sender email. Instead, they rely on ‘myorigin’ setting

mynetworks –> This setting defines the network that Postfix will allow to send mail. If configured incorrectly, it could allow your mail server to be used as an open relay, which allows unauthorized users to send emails through your server.

inet_interfaces — > define the interface that Postfix sends and receives mail on.
home_mailbox –> This will create a folder “Maildir” on each users home directory and hold all the users mail there. The default location is ” /var/spool/mail/user”

After updating the details on /etc/postfix/main.cf file. Now you need to restart the mail service.

[root@host28 ~]# service postfix restart
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
[root@host28 ~]# netstat -nlp | grep ":25"
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      6879/master
tcp        0      0 :::25                       :::*                        LISTEN      6879/master
[root@host28 ~]#

D. Enabling Dovecot SASL smtp authentication on Postfix

Inorder to enable the smtp authentcation, you may need to add the following line at the end of the “/etc/postfix/main.cf” file

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Again restart the Postfix server,

[root@host28 ~]# service postfix restart
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]

E. Configure Dovecot for SMTP AUTH through Dovecot SASL

Edit the file “/etc/dovecot/conf.d/10-master.conf” and add/update the “service auth” entries as shown below

service auth {

unix_listener /var/spool/postfix/private/auth {
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}

}

Save the file and restart Dovecot,

[root@host28 ~]# service dovecot restart
Stopping Dovecot Imap:                                     [FAILED]
Starting Dovecot Imap:                                     [  OK  ]
[root@host28 ~]# netstat -nlp | grep ":110"
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      7049/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      7049/dovecot
[root@host28 ~]#

That’s it. You have almost done 🙂 !!

How I test smtp authentication is working and my mail server is NOT an Open relay

There are two options,

a. Use “sendEmail” third party commandline program to send email. My usage is shown below,

[root@rc-025 log]# /usr/bin/sendEmail -f no-reply@serveridol.com   -t liju@serveridol.com  -s 192.168.0.28 -u Alert-Notification -l /var/log/sendEmail  -o message-content-type=auto -m " this is mail body"  -o username=liju -o password=blahblah
Jan 10 12:07:23 rc-025 sendEmail[4187]: Email was sent successfully!  From: <no-reply@serveridol.com > To: <liju@serveridol.com > Subject: [Alert-Notification] Server: [192.168.0.28:25]

-s = SMTP server name or IP
-o username = smtp user name
-o password = SMTP password

b. Use telnet to send an email

use this link http://www.linuxmail.info/postfix-smtp-auth-dovecot-sasl/

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>