|
⇤ ← Revision 1 as of 2023-06-24 03:43:06
Size: 877
Comment:
|
Size: 1656
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| Postfix handles authentication separately for sending (`smtp`) and receiving (`smtpd`) mail. | Postfix handles '''authentication''' separately for sending (`smtp`) and receiving (`smtpd`) mail. |
| Line 12: | Line 12: |
At a minimum, install the `cyrus-sasl` package. The basic configuration for incoming mail is: {{{ smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_auth_only = yes }}} It may also be helpful to explicitly set the parameters for hooking into Cyrus. {{{ cyrus_sasl_config_path = /etc/sasl2/ smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = smtpd smtpd_sasl_service = smtpd }}} The `cyrus_sasl_config_path` and `smtpd_sasl_path` settings are used to look up the appropriate Cyrus profile, i.e. `/etc/sasl2/smptd.conf`. See [[Cyrus#Auxiliary_Properties|here]] for details. `smptd_sasl_service` is a value passed into the plugin. |
|
| Line 23: | Line 46: |
| smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd | |
| Line 24: | Line 48: |
| smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd |
Postfix Authentication
Postfix handles authentication separately for sending (smtp) and receiving (smtpd) mail.
Receiving Authenticated Mail
At a minimum, install the cyrus-sasl package.
The basic configuration for incoming mail is:
smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_auth_only = yes
It may also be helpful to explicitly set the parameters for hooking into Cyrus.
cyrus_sasl_config_path = /etc/sasl2/ smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = smtpd smtpd_sasl_service = smtpd
The cyrus_sasl_config_path and smtpd_sasl_path settings are used to look up the appropriate Cyrus profile, i.e. /etc/sasl2/smptd.conf. See here for details. smptd_sasl_service is a value passed into the plugin.
Sending Authenticated Mail
The basic configuration for outgoing mail is:
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noanonymous
Create a SASL passwd file like:
[smtp.gmail.com]:587 [email protected]:wwwwxxxxyyyyzzzz
Note that GMail specifically provides 16-character tokens. This is not a system requirement.
Run postmap /etc/postfix/sasl/sasl_passwd and a hashed file will be produced. If your postmap(1) does not use LMDB, replace the lmdb: with whatever algorithm was compiled into the distribution.