Postfix support SASLv2 for SMTP Auth
Scenario:
A small business with two departments. Each department need their own email domain. Our fellow John has responsibilities in our two departments business. It is pretty sure that he wants to have the same nick name on each department mailbox domain. The space of each created mailbox will be limited to 20MB to avoid reaching the end of our 40GB hard drive space and by consequence the mail system inoperabilty. The business growing is a fact, so we need to build the system in order to accept more departments and users easily.
Software:
- Postfix as the Mail Transfer Agent.
- Cyrus-Imapd to reach mailboxes.
- SASL for authentication.
Before configuration start, let's take a look to the involved elements and the way the email system it's supposed to work:
Here we'll create mailboxes that won't be stored in Postfix and won't use system accounts for authentication. The mailboxes will be created in Cyrus-Imapd and user authentication will be managed by SASL. In this configuration Postfix use LMTP protocol to communicate with Cyrus-Imapd mailboxes.
Generally, when a client wants to send a mail message it talks to Postfix. If the mail is for local delivery, Postfix checks the address and delivers the mail message into Cyrus-Imapd related mailbox. The message is delivered into Cyrus-Imapd mailbox, if the checks are passed and no rejection took place. If all is correct, at this time the message is stored in its related local mailbox, ready to be read from its owner. If the mail is for external delivery, Postfix asks into Internet to determine whom to talk to, and so to deliver the message.
To reach mailboxes, the client needs to authenticate against SASL database first. If authentication is passed the client can reach its mailbox where the mail messages are. To reach mail, clients can do it through a Mail User Agent with IMAP or POP3 protocols support (actually Thunderbird is a nice one, but there are lots of them out there.).
This process is illustrated in the following figure:
------------------
Incoming Mail |--+ Postfix <-----------| Outgoing Mail |
-|---------------- |
|| LMTP | |
-|---------------- |
|+> Cyrus +----------------+ |
|+> Imapd ||---->+ | |
-|--------------|- | | |
||Authentication|| 2| 1| |
|+< SASL <+| v ^ |
------------------ |Receiving| |Sending|
| |
+--------------------+
| Mail Client |
With the idea of what we want in mind, next we'll configure each element of our mail system, in this case Postfix as the MTA, Cyrus-Imapd as the mailbox store, and SALS for authentication user accounts.
The Setup System is for RHEL6 or CentOS6 after replease version, before start reading this document, you can refer http://172.22.16.150/wordpress/?p=127 Enable POP3 mail server service on IPStor Server for know POP3 and SASL setup.
Below steps about the setup postfix procedure:
$yum install postfix
$vi /etc/postfix/mail.cf for add lines
|
smtpd_recipient_restrictions = permit_sasl_autheNticated,permit_mynetworks,check_relay_domains |
The postfix basic configuration:
|
myhostname = h12-90.falconstor.com.tw
|
The /etc/postfix/access, edit below line and run $postmap /etc/postfix/access
|
172.22.13.136 OK # this can add IPStor server IP |
The run postmap /etc/postfix/access
* Why we have this document that reason is when QA try to reproduce BZ # 21422 email alert (callhome) issue. The issue cause callhome open more than one socket for connect to SMTP server. QA need to DISABLE SMTP EHLO support and we try to drop the EHLO request package by iptables tool. But it only see the callhome have panding Send-Q number 19. After try search the EHLO support with SMTP server and know the postfix have option can do that.
| # vi /etc/postfix/mail.cf smtp_never_send_ehlo = yes smtp_always_send_ehlo = no |