Creating Authenticated Relay using Postfix

Posted on 2006-05-09
Last Modified: 2013-12-16
As the title would indicate, I'm hoping to create an Authenticated relay using Postfix.  I've searched the Internet high and low on how to do this, but I am still falling short.

What appears to be happening is, I can send an e-mail... and it appears to send without error.  However, it never makes it to the recipient.  My theory is Postfix is stopping it, since it does not want to relay mail.  This is also happening when authenticating, so I'm stumped.

If anybody could give me some config tips to help me correctly set up my Postfix to relay authenticated e-mails, I will forever be indebted to you.

Question by:dharvell
    LVL 25

    Expert Comment

    you are trying to have users authenticate with your mail server in order to send email, correct?

    if so, no problem, I know a couple of ways to do it, but before I get into that I will wait for you to confirm my suspicion.  Also, if this is it, also answer if your /var/spool/postfix directory structure is on the same partition as the /var/lib/

    Author Comment

    Cyclops -

    Sounds like your suspicion is dead on!  And yes... the /var/spool/postfix is on the same partition as /var/lib/.  So far, so good! :)
    LVL 25

    Accepted Solution

    perfect, the reason I asked that question is because we can setup your postfix installation to use saslauthd to verify username/password against the /etc/shadow file so any changes that happen there automatically take effect for sending and receiving (other methods make it so the sending password is stored in a different area than the receiving password).

    Okay, here is what you do.
    1) Make sure saslauthd is installed
    2) make a directory /etc/postfix/sasl/ with privileges 755 owned by root group owned by root
        In the directory make the file called smtpd.conf with privileges of  644 owned by root group owned by root
    mech_list:         plain login
    pwcheck_method:    saslauthd
    log_level:      3
    the mech_list can have more then plain and login, but those are needed for MS clients, thunderbird and others can use cram-md5 or digest-md5 no problem
    3) edit the
    smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions=  permit_mynetworks,  permit_sasl_authenticated,  reject_unauth_destination
    line 1 says where to find the sasl config file, 2 says enable sasl, 3 says the domain to send to saslauthd (*NOTE: also try with $myhostname missing, some installs need that depending upon the cyrus-sasl install you have), 4 says don't allow anonymous connections, 5 says be compatible with MS clients, and 6 says relay for mynetworks, sasl authenticated users, MTAs, and no one else
    4) edit /etc/sysconfig/saslauthd
    this will make the sasl daemon authenticate against the system shadow file

    as soon as you make those changes restart postfix and saslauthd.  That should be everything, but if its still not working, let me know.  Also, you may want to look at securing your connections with SSL since you are passing your password via an easily crackable method

    Author Comment

    Cyclops -

    Beautiful!  Sending mail works like a charm!  Now, when I attempt to RECEIVE mail (I sent myself a test to my Gmail account, which worked great, so I attempted to reply from my Gmail account), I get the following error (from Gmail):

    PERM_FAILURE: SMTP Error (state 9): 554 <>: Relay access denied

    So, in a nutshell, sending seems to work great, but receiving doesn't seem to...  Any thoughts?

    Thanks again!

    Author Comment

    Okay... I got the send working.  All I had to do was add a $mydomain in the allowed relay in the /etc/postfix/ file.  Excellent!

    Thanks for the help.
    LVL 25

    Expert Comment

    awesome, glad I could help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
    The purpose of this article is to demonstrate how we can use conditional statements using Python.
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now