From 158f54e4370facee486d8c885d07cab93158b940 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" <wking@drexel.edu> Date: Tue, 15 Nov 2011 19:48:25 -0500 Subject: [PATCH] Add Postfix post. --- posts/Postfix.mdwn | 70 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 posts/Postfix.mdwn diff --git a/posts/Postfix.mdwn b/posts/Postfix.mdwn new file mode 100644 index 0000000..8407ce2 --- /dev/null +++ b/posts/Postfix.mdwn @@ -0,0 +1,70 @@ +I spent some time today configuring [Postfix][] so I could send mail +from home via [[SMTPS|STMP]]. Verizon, our ISP, blocks port 25 to +external domains, forcing all outgoing mail through their +`outgoing.verizon.net` exchange server. In order to accept mail, they +also require you authenticate with your Verizon username and password, +so I wanted to use an encrypted connection. + +For the purpose of this example, our Verizon username is `jdoe`, our +Verizon password is `YOURPASS`, you're running a local Postfix server +on `mail.example.com` for your site at `example.com`, and `12345` is a +free local port. + + # cat /etc/postfix/main.cf + myhostname = mail.example.com + relayhost = [127.0.0.1]:12345 + smtp_sasl_auth_enable = yes + smtp_sasl_password_maps = hash:/etc/postfix/saslpass + sender_canonical_maps = hash:/etc/postfix/sender_canonical + # cat /etc/postfix/saslpass + [127.0.0.1]:12345 jdoe@verizon.net:YOURPASS + # postmap /etc/postfix/saslpass + # cat /etc/postfix/sender_canonical + root@mail.example.com jdoe@example.com + root@example.com jdoe@example.com + root@localhost jdoe@example.com + jdoe@mail.example.com jdoe@example.com + jdoe@localhost jdoe@example.com + # postmap /etc/postfix/sender_canonical + # cat /etc/stunnel/stunnel.conf + [smtp-tls-wrapper] + accept = 12345 + client = yes + connect = outgoing.verizon.net:465 + # /etc/init.d/stunnel restart + # postfix reload + +Test with: + + $ echo 'testing 1 2' | sendmail you@somewhere.com + +Here's what's going on: + +* You hand an outgoing message to your local Postfix, which decides to + send it via port `12345` on your localhost (`127.0.0.1`) (`relayhost`). +* Stunnel picks up the connection from Postfix, encrypts everything, + and forwards the connection to port 465 on `outgoing.verizon.net` + (`stunnel.conf`). +* Postfix identifies itself as `mail.example.com` (`myhostname`), and + authenticates using your Verizon credentials (`smtp_sasl_â¦`). +* Because Verizon is picky about the `From` addresses it will accept, + we use `sender_canonical` to map addresses to something simple that + we've tested. + +And that's it :p. If you're curious, there's more detail about all +the Postfix config options in the [postconf][] man page, and there's +good SASL information in the [SASL_README][]. + +There's also a [blog post by Tim White][TW] which I found useful. +Because Verizon lacks [STARTTLS][] support, his approach didn't work +for me out of the box. + +[Postfix]: http://www.postfix.org/ +[postconf]: http://www.postfix.org/postconf.5.html +[SASL_README]: http://www.postfix.org/SASL_README.html +[TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/ +[STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS + +[[!tag tags/linux]] +[[!tag tags/tools]] +[[!tag tags/web]] -- 2.26.2