How to configure SMTP authentication in postfix?

[Red Squirrel]

I googled this but I can't seem to find anything useful. I don't know where to start to set this up. I want any pop3 account to be valid. I also want it to be encrypted.

The only thing I found is papers that look like they were written when dialup was the cat's ass, and are probably very outdated. I'm guessing I have to make certificates and all that and that's where things can get complicated so I want a tutorial that will tell me all the commands and stuff, and what I have to edit and where.

 

[SoRnMaN]

First, you are going to need most than just postfix. You will need something like dovecot for pop/imap.

Also, how helpful a guide is depends on what OS and version of the OS you are using.. I found the following guide helpful.

http://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/

 

[Red Squirrel]

I have dovecot already. Not using Mysql though, just the normal files.

 

[Carlosinfl]

Yes. You need to enable SMTP auth / TLS / SASL. You need to do this for Postfix (MTA) in main.cf & Dovecot (dovecot,conf).

I was using RHEL / CentOS on my company email server with SSLv3 certificates from Digicert but you could create self signed if needed:

http://wiki.centos.org/HowTos/postfix_sasl

 

[CEpeep]

As always, for anything with Postfix, reference The Book of Postfix:
http://www.postfix-book.com/

This is a basic guide for the steps required: (written for FreeBSD, but the things you need to to are the same on Linux)
http://yocum.org/faqs/

You do not need Dovecot as long as you have Cyrus-SASL configured properly. If you want the server to handle any mail transport besides SMTP though, Dovecot is the smoothest way to set up a full-service mail server.

 

[Red Squirrel]

Yeah lot of the stuff I googled kept pointing me to that book. Don't want to buy a book just to configure something.

I gave up on it for now though, I was able to move the relay to another port.

SMTP is actually a very simple protocol, so one of these days I might look at coding my own mail server that will be easier to configure. Sometimes I wonder why some coders turn simple things into such complications for the user that even require complicated step by step turorials when they could make it so easy it documents itself. Though guess the TLS algorthm part would be the bigger challenge.

 

[CEpeep]

If you rely on Postfix as an essential part of your business or organization, you should own that book. It's the best reference there is and is essentially the manual. There are things about Postfix that are only properly explained in the book.

SMTP is indeed very simple, but SSL/TLS support is not. An SMTP server with built-in authentication and encryption support would be nice, but probably a bitch to maintain. Relying on Cyrus is more effective from a maintenance standpoint, though it does make installation slightly obtuse.

 

[Carlosinfl]

Yeah lot of the stuff I googled kept pointing me to that book. Don't want to buy a book just to configure something.

I gave up on it for now though, I was able to move the relay to another port.

SMTP is actually a very simple protocol, so one of these days I might look at coding my own mail server that will be easier to configure.

I've ran Postfix as our company mail server for 8 years now. Started on Postfix 2.3 and I've managed Sendmail, Exim4, Q-Mail, and Exchange...I honestly can't remotely think of an easier to manage SMTP server for any email related needs. There isn't a scenario that software can't natively support [Mail relay for Exchange, TLS / SASL, dial-up, multi-channel, etc etc etc...]. It's essentially just a router that routes mail versus network packets. Coding a new server software would be extremely wasteful considering how robust / secure and proven these projects have all been. If you're having problems configuring Postfix, I'm highly skeptical you would be able to code something better than what has been available for years through the keystrokes of many talented developers.

Good luck!

 

[Red Squirrel]

Part of the issue is lack of documentation (that I don't have to pay for). I suppose the other alternative is just looking at the source code and understand what's going on so I know what to put in the config file and what not. One issue with coding from scratch is there is probably not really any clear documentation out there on the actual protocol itself so I'd be doing lot of code reading to figure it out anyway.

For now I'll just stick with relay on another port. Eventually I want to setup a persistent VPN tunnel so I could use "local" relay only. To me it should be as simple as putting "smtpauthentication=true" somewhere then perhaps another option to choose the type of authentication then another to point it to the proper DB. It should do all the cert stuff or all the other weird stuff on its own automatically. I'm amazed at all the programs that require so many tedious manual stuff when it could just be doing it automatically instead. OpenVPN is probably the biggest nightmare with that stuff.