--- /dev/null
+I spent some time today configuring [Postfix][] so I could send mail
+from home via [[SMTPS|STMP]]. Verizon, our ISP, blocks port 25 to
+external domains, forcing all outgoing mail through their
+`outgoing.verizon.net` exchange server. In order to accept mail, they
+also require you authenticate with your Verizon username and password,
+so I wanted to use an encrypted connection.
+
+For the purpose of this example, our Verizon username is `jdoe`, our
+Verizon password is `YOURPASS`, you're running a local Postfix server
+on `mail.example.com` for your site at `example.com`, and `12345` is a
+free local port.
+
+ # cat /etc/postfix/main.cf
+ myhostname = mail.example.com
+ relayhost = [127.0.0.1]:12345
+ smtp_sasl_auth_enable = yes
+ smtp_sasl_password_maps = hash:/etc/postfix/saslpass
+ sender_canonical_maps = hash:/etc/postfix/sender_canonical
+ # cat /etc/postfix/saslpass
+ [127.0.0.1]:12345 jdoe@verizon.net:YOURPASS
+ # postmap /etc/postfix/saslpass
+ # cat /etc/postfix/sender_canonical
+ root@mail.example.com jdoe@example.com
+ root@example.com jdoe@example.com
+ root@localhost jdoe@example.com
+ jdoe@mail.example.com jdoe@example.com
+ jdoe@localhost jdoe@example.com
+ # postmap /etc/postfix/sender_canonical
+ # cat /etc/stunnel/stunnel.conf
+ [smtp-tls-wrapper]
+ accept = 12345
+ client = yes
+ connect = outgoing.verizon.net:465
+ # /etc/init.d/stunnel restart
+ # postfix reload
+
+Test with:
+
+ $ echo 'testing 1 2' | sendmail you@somewhere.com
+
+Here's what's going on:
+
+* You hand an outgoing message to your local Postfix, which decides to
+ send it via port `12345` on your localhost (`127.0.0.1`) (`relayhost`).
+* Stunnel picks up the connection from Postfix, encrypts everything,
+ and forwards the connection to port 465 on `outgoing.verizon.net`
+ (`stunnel.conf`).
+* Postfix identifies itself as `mail.example.com` (`myhostname`), and
+ authenticates using your Verizon credentials (`smtp_sasl_…`).
+* Because Verizon is picky about the `From` addresses it will accept,
+ we use `sender_canonical` to map addresses to something simple that
+ we've tested.
+
+And that's it :p. If you're curious, there's more detail about all
+the Postfix config options in the [postconf][] man page, and there's
+good SASL information in the [SASL_README][].
+
+There's also a [blog post by Tim White][TW] which I found useful.
+Because Verizon lacks [STARTTLS][] support, his approach didn't work
+for me out of the box.
+
+[Postfix]: http://www.postfix.org/
+[postconf]: http://www.postfix.org/postconf.5.html
+[SASL_README]: http://www.postfix.org/SASL_README.html
+[TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/
+[STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS
+
+[[!tag tags/linux]]
+[[!tag tags/tools]]
+[[!tag tags/web]]
projects / blog.git / commitdiff