Set up Postfix to allow relaying

Q I run a local mail server that acts as my mail gateway and storage. This works well when connected to my LAN, but when I connect from elsewhere (I have a static IP address), I can receive mail but not send it. I am using Postfix and Dovecot on Gentoo. I found something on this in the Gentoo documentation, but it was part of a virtual mail hosting setup, and I don't need anything that complex.

A Postfix is set up to deny relaying by default. It can only accept mail either to or from your domain, to avoid being used by spammers. You need to configure it to use SASL (Simple Authentication and Security Layer) to allow remote users to log in with a password to send mail. First, ensure that Postfix has SASL support. If you don't already have sasl in your USE flags, add it and re-emerge Postfix (users of binary distros don't have to worry about this step). This will also install SASL for you. Next, edit /etc/sasl2/smtpd.conf and change the pwcheck_method line to

pwcheck_method:saslauthd

With some distros, this file may be /usr/lib/sasl/smtpd.conf. You should also edit /etc/conf.d/saslauthd to tell SASL how to authenticate users. Change the SASLAUTHDOPTS line to ONE of the following:

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a shadow"

depending on whether or not you use PAM (pluggable authentication modules for Linux). Now you need to make a couple of changes to Postfix's configuration. Edit /etc/postfix/main.cf and add these lines to the end:

# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options =noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
broken_sasl_auth_clients = yes

The last line is only needed to accept connections from older versions of Outlook Express and Exchange. Finally, start Saslauthd, set it to start on boot and tell Postfix to load the changed configuration.

/etc/init.d/saslauthd start
rc-update add saslauthd default
/etc/init.d/postfix reload

If you want more information, there is a detailed Howto at http://postfix.state-of-mind.de/patrick.koetter/smtpauth.

Follow us on Identi.ca or Twitter

Username:   Password:
Create Account | About TuxRadar