Postfix support SASLv2 for SMTP Auth

Scenario:

A small business with two departments. Each department need their own email domain. Our fellow John has responsibilities in our two departments business. It is pretty sure that he wants to have the same nick name on each department mailbox domain. The space of each created mailbox will be limited to 20MB to avoid reaching the end of our 40GB hard drive space and by consequence the mail system inoperabilty. The business growing is a fact, so we need to build the system in order to accept more departments and users easily.

Software:

  • Postfix as the Mail Transfer Agent.
  • Cyrus-Imapd to reach mailboxes.
  • SASL for authentication.

Before configuration start, let's take a look to the involved elements and the way the email system it's supposed to work:

Here we'll create mailboxes that won't be stored in Postfix and won't use system accounts for authentication. The mailboxes will be created in Cyrus-Imapd and user authentication will be managed by SASL. In this configuration Postfix use LMTP protocol to communicate with Cyrus-Imapd mailboxes.

Generally, when a client wants to send a mail message it talks to Postfix. If the mail is for local delivery, Postfix checks the address and delivers the mail message into Cyrus-Imapd related mailbox. The message is delivered into Cyrus-Imapd mailbox, if the checks are passed and no rejection took place. If all is correct, at this time the message is stored in its related local mailbox, ready to be read from its owner. If the mail is for external delivery, Postfix asks into Internet to determine whom to talk to, and so to deliver the message.

To reach mailboxes, the client needs to authenticate against SASL database first. If authentication is passed the client can reach its mailbox where the mail messages are. To reach mail, clients can do it through a Mail User Agent with IMAP or POP3 protocols support (actually Thunderbird is a nice one, but there are lots of them out there.).

This process is illustrated in the following figure:

 

                          ------------------
          Incoming Mail |--+     Postfix  <-----------| Outgoing Mail  |
                          -|----------------                     |
                          ||     LMTP      |                     |
                          -|----------------                     |
                          |+>    Cyrus    +----------------+     |
                          |+>    Imapd    ||---->+         |     |
                          -|--------------|-     |         |     |
                          ||Authentication||    2|        1|     |
                          |+<    SASL    <+|     v         ^     |
                          ------------------     |Receiving|  |Sending|
                                                     |           |
                                                 +--------------------+
                                                 |     Mail Client    |

With the idea of what we want in mind, next we'll configure each element of our mail system, in this case Postfix as the MTA, Cyrus-Imapd as the mailbox store, and SALS for authentication user accounts.

The Setup System is for RHEL6 or CentOS6 after replease version, before start reading this document, you can refer http://172.22.16.150/wordpress/?p=127 Enable POP3 mail server service on IPStor Server​ for know POP3 and SASL setup.

Below steps about the setup postfix procedure:

$yum install postfix 

$vi /etc/postfix/mail.cf for add lines

smtpd_recipient_restrictions = permit_sasl_autheNticated,permit_mynetworks,check_relay_domains
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname

The postfix basic configuration:

myhostname = h12-90.falconstor.com.tw
mydomain = falconstor.com.tw
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost = $mydomain
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

 

 

The /etc/postfix/access, edit below line and run $postmap /etc/postfix/access

172.22.13.136 OK # this can add IPStor server IP

The run postmap /etc/postfix/access

* Why we have this document that reason is when QA try to reproduce BZ # 21422 email alert (callhome) issue. The issue cause callhome open more than one socket for connect to SMTP server. QA need to DISABLE SMTP EHLO support and we try to drop the EHLO request package by iptables tool. But it only see the callhome have panding Send-Q number 19. After try search the EHLO support with SMTP server and know the postfix have option can do that.

# vi /etc/postfix/mail.cf
smtp_never_send_ehlo = yes
smtp_always_send_ehlo = no

 

Read more

How to migrate Raspberry Pi 5 OS from micro SD to NVME m.2 SSD

首先我買了Raspberry Pi CM5後來買了Raspberry Pi CM5 I/O board來當個人電腦使用,系統是安裝在256GB SD卡上運行的很好。用久了在開啟較肥的程式像Web Browser或LiberOffice會有慢半拍的反應,而有了升級NVME m.2 SSD念頭。 因為Raspberry Pi 5支援的最快PCIe gen3 x 4就不去考慮快的Gen4 or Gen5 m.2 SSD。找了ADATA出的 LEGEND 710入門級的產品,會利用HMB(Host Memory Buffer)來加速I/O速度,因為是Raspberry Pi OS kernel會認不得而無法正常使用 事先在SD卡的/boot/firmware/cmdline.txt 加入 kernel command line參數如下,然後重開機m.

By Phillips Hsieh

How to document Home Lab and Network

運維機房和跨域的網路,會遇到各式需求與問題,用對工具才能分析問題,個人覺得最重要的是使用能處理問題的工具。 推薦目前想學和正在使用的平台與軟體,協助將公司/家用機房文件化 佈告欄任務管理 Focalboard 白板可管理任務指派 網路架構文件編寫 netbox 精細管理網路設備與連接線路 IP 資源管理 phpipam 專注網路IP分配 邏輯塊文件編寫 draw.io 視覺化概念圖 機房設備管理 ITDB 管理設備生命週期與使用者

By Phillips Hsieh

如何在Raspberry Pi4上安裝Proxmox for ARM64

第一步 準備好Raspberry Pi 4 / CM4 4GB RAM,這裡要留意CM4如果是買有內建eMMC storage會限制不能使用SD卡開機而限制本地空間容量,如果沒有NAS外接空間或使用USB開機的話,建議買CM4 Lite插上大容量SD卡 第二步 去Armbian官網下載最小化Debian bookworm image https://www.armbian.com/rpi4b/ Armbian 25.2.2 Bookworm Minimal / IOT 然後寫入SD/USB開機碟,寫入方法參考官方文件 https://github.com/raspberrypi/usbboot/blob/master/Readme.md Note: 官方提供的預先設定系統方法,可以在Armbian初次啟動自動化完成系統設定。連結在此 https://docs.armbian.com/User-Guide_Autoconfig/

By Phillips Hsieh

世界越快心越慢

在晚飯後的休息時間,我特別享受在客廳瀏灠youtube上各樣各式創作者的影音作品。很大不同於傳統媒體,節目多是針對大多數族群喜好挑選的,在youtube上我會依心情看無腦的動畫、一些旅拍記錄、新聞時事談論。 尤其在看了大量的Youtube的分享後,我真的感受到會限制我的是我的無知,特別是那些我想都沒想過的實際應用,在學習後大大幫助到我的生活和工作層面。 休息在家時,我喜歡想一些沒做過的菜,動手去設計生活和工作上的解決方案,自己是真的很難閒著沒事做。 如創作文章,陪養新的習慣都能感覺到成長的喜悅,是不同於吃喝玩樂的快樂的。 創作不去限制固定的形式,文字是創作、影像聲音也是創作,記錄生活也是創作,我想留下的就是創造—》實現—》回憶,這樣子的循環過程,在留下的足跡面看到自己一路上的成長、失敗、絕望、重新再來。 雖然大部份的時候去做這些創作也不明白有什麼特別的意義,但不去做也不會留下什麼,所以呀不如反事都去試試看,也許能有不一樣的水花也許有意想不到的結果,投資自己永遠不會是失敗的決定,不是嗎?先問問自己再開始計畫下一步,未來沒人說得準。 像最近看youtube仍大一群人在為DOS開

By Phillips Hsieh