Creating Authenticated Relay using Postfix

As the title would indicate, I'm hoping to create an Authenticated relay using Postfix.  I've searched the Internet high and low on how to do this, but I am still falling short.

What appears to be happening is, I can send an e-mail... and it appears to send without error.  However, it never makes it to the recipient.  My theory is Postfix is stopping it, since it does not want to relay mail.  This is also happening when authenticating, so I'm stumped.

If anybody could give me some config tips to help me correctly set up my Postfix to relay authenticated e-mails, I will forever be indebted to you.

Thanks.
dharvellAsked:
Who is Participating?
 
Cyclops3590Connect With a Mentor Commented:
perfect, the reason I asked that question is because we can setup your postfix installation to use saslauthd to verify username/password against the /etc/shadow file so any changes that happen there automatically take effect for sending and receiving (other methods make it so the sending password is stored in a different area than the receiving password).

Okay, here is what you do.
1) Make sure saslauthd is installed
2) make a directory /etc/postfix/sasl/ with privileges 755 owned by root group owned by root
    In the directory make the file called smtpd.conf with privileges of  644 owned by root group owned by root
contents:
----------------------------------------------------------------------------
mech_list:         plain login
pwcheck_method:    saslauthd
log_level:      3
----------------------------------------------------------------------------
the mech_list can have more then plain and login, but those are needed for MS clients, thunderbird and others can use cram-md5 or digest-md5 no problem
3) edit the main.cf
-----------------------------------------------------------------------------
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_auth_enable=yes
smtpd_sasl_local_domain=$myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients=yes
smtpd_recipient_restrictions=  permit_mynetworks,  permit_sasl_authenticated,  reject_unauth_destination
---------------------------------------------------------------------------------
line 1 says where to find the sasl config file, 2 says enable sasl, 3 says the domain to send to saslauthd (*NOTE: also try with $myhostname missing, some installs need that depending upon the cyrus-sasl install you have), 4 says don't allow anonymous connections, 5 says be compatible with MS clients, and 6 says relay for mynetworks, sasl authenticated users, MTAs, and no one else
4) edit /etc/sysconfig/saslauthd
contents
-----------------------------------------------------------------------------
SASL_AUTHMECH="shadow"
SASL_MECH_OPTIONS=
SASLAUTHD_OPTS=
-----------------------------------------------------------------------------------
this will make the sasl daemon authenticate against the system shadow file

as soon as you make those changes restart postfix and saslauthd.  That should be everything, but if its still not working, let me know.  Also, you may want to look at securing your connections with SSL since you are passing your password via an easily crackable method
0
 
Cyclops3590Commented:
you are trying to have users authenticate with your mail server in order to send email, correct?

if so, no problem, I know a couple of ways to do it, but before I get into that I will wait for you to confirm my suspicion.  Also, if this is it, also answer if your /var/spool/postfix directory structure is on the same partition as the /var/lib/
0
 
dharvellAuthor Commented:
Cyclops -

Sounds like your suspicion is dead on!  And yes... the /var/spool/postfix is on the same partition as /var/lib/.  So far, so good! :)
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

 
dharvellAuthor Commented:
Cyclops -

Beautiful!  Sending mail works like a charm!  Now, when I attempt to RECEIVE mail (I sent myself a test to my Gmail account, which worked great, so I attempted to reply from my Gmail account), I get the following error (from Gmail):

PERM_FAILURE: SMTP Error (state 9): 554 <emailaddress@domain.com>: Relay access denied

So, in a nutshell, sending seems to work great, but receiving doesn't seem to...  Any thoughts?

Thanks again!
0
 
dharvellAuthor Commented:
Okay... I got the send working.  All I had to do was add a $mydomain in the allowed relay in the /etc/postfix/main.cf file.  Excellent!

Thanks for the help.
0
 
Cyclops3590Commented:
awesome, glad I could help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.