Difference between revisions of "Setting up postfix for authenticated relay"
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
< | This howto should work on both Bubba|TWO and Excito B3. But note that you should most likely only use this howto when your Bubba act as a Router in your lan. Security might be compromised otherwise. '''You have been warned''' . <br> This howto is a short description on howto configure Postfix to accept email for relay when the user authenticates himself. The usecase for this is to be able to use Bubba as an always available mailserver for sending emails when not at home. I myself use this setup and have all my laptops etc configured to send mail via my Bubba at home wherever i am in the world.<br> | ||
== Postfix configuration == | |||
Start by logging into Bubba via ssh and become root.<br> | Start by logging into Bubba via ssh and become root.<br> | ||
Edit the file ''/etc/postfix/main.cf'' | Edit the file ''/etc/postfix/main.cf'' | ||
Locate the lines with: | Locate the lines with: | ||
<pre>smtpd_recipient_restrictions = | <pre>smtpd_recipient_restrictions = | ||
permit_mynetworks | permit_mynetworks | ||
</pre> | </pre> | ||
And add the line: | And add the line: | ||
<pre> permit_sasl_authenticated | <pre> permit_sasl_authenticated | ||
</pre> | </pre> | ||
So the end result looks something like: | So the end result looks something like: | ||
<pre>smtpd_recipient_restrictions = | <pre>smtpd_recipient_restrictions = | ||
permit_mynetworks | permit_mynetworks | ||
Line 37: | Line 29: | ||
reject_rbl_client bl.spamcop.net | reject_rbl_client bl.spamcop.net | ||
permit | permit | ||
</pre> | </pre> | ||
Then at the end of the file append: | Then at the end of the file append: | ||
<pre>smtpd_sasl_auth_enable = yes | <pre>smtpd_sasl_auth_enable = yes | ||
Line 94: | Line 86: | ||
If you only use the standard port make sure that ''"Email server (Port 25)" ''is On. If not click the checkbox and then click update. | If you only use the standard port make sure that ''"Email server (Port 25)" ''is On. If not click the checkbox and then click update. | ||
[[Image:Open smtp default port.png|left|640px|Open smtp default port.png]]<br> | |||
<br> | |||
<br> | |||
<br> | |||
<br> | |||
If you decided to also use the extra port above you need to set this up manually. To do so select ''"Advanced firewall settings", ''check "''Open B3 port''" and enter the port you selected in "''Public port''". | |||
<br> | |||
[[Image:Manually open smtp port.png|640px]] | |||
<br> | |||
Then click "''Update''" and there should be one additional line in "''User defined open / forwarded ports''" | |||
<br> | |||
[[Image:Manually opened smtp port.png|640px]] | |||
== Final words == | |||
This should be it. Now you should be able to send emails from anywhere using the address and port of your Bubba and the user/password of your local user. | |||
As an example, here is how you should configure Evolution to use this setup. Exchange server and username for your own values. And note how we append the port to use if we don't use default port 25. | |||
[[Image:Evolution smtp settings.png]] |
Latest revision as of 08:28, 6 December 2010
This howto should work on both Bubba|TWO and Excito B3. But note that you should most likely only use this howto when your Bubba act as a Router in your lan. Security might be compromised otherwise. You have been warned .
This howto is a short description on howto configure Postfix to accept email for relay when the user authenticates himself. The usecase for this is to be able to use Bubba as an always available mailserver for sending emails when not at home. I myself use this setup and have all my laptops etc configured to send mail via my Bubba at home wherever i am in the world.
Postfix configuration
Start by logging into Bubba via ssh and become root.
Edit the file /etc/postfix/main.cf
Locate the lines with:
smtpd_recipient_restrictions = permit_mynetworks
And add the line:
permit_sasl_authenticated
So the end result looks something like:
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client dnsbl.njabl.org reject_rbl_client dnsbl.sorbs.net reject_rbl_client bl.spamcop.net permit
Then at the end of the file append:
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_tls_auth_only = yes
Dovecot configuration
Edit the config file /etc/dovecot/dovecot.conf
Locate the section that starts with:
auth default {
and there append the following:
socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } }
Optional, let Postfix listen on another port than the default one
A big problem for most home users is that their ISP blocks all traffic on the default mailserver port (25) and thus our solution won't work. A workaround for this is to let Postfix, our mailserver, listen on an additional non standard port for connections.
To do this edit the file /etc/postfix/master.cf
Locate the line that says
smtp inet n - - - - smtpd
and add the additional line below
20025 inet n - - - - smtpd
This tells Postfix to listen on both the standard smtp port (25) and also on 20025
Restart services
To finnish this up restart Dovecot and Postfix
/etc/init.d/dovecot restart /etc/init.d/postfix restart
Open ports in the firewall
Finally to be able to use this solution outside your Lan you will have to open upp the corresponding ports in Bubbas firewall.
- Log in to the web based admin UI as admin.
- Select Administration
- SelectNetwork
- Select Firewall
If you only use the standard port make sure that "Email server (Port 25)" is On. If not click the checkbox and then click update.
If you decided to also use the extra port above you need to set this up manually. To do so select "Advanced firewall settings", check "Open B3 port" and enter the port you selected in "Public port".
Then click "Update" and there should be one additional line in "User defined open / forwarded ports"
Final words
This should be it. Now you should be able to send emails from anywhere using the address and port of your Bubba and the user/password of your local user.
As an example, here is how you should configure Evolution to use this setup. Exchange server and username for your own values. And note how we append the port to use if we don't use default port 25.