Postfix + SASL notes
These are my spastic notes on setting up a private (NOT secure) postfix to do SMTP SASL Auth. Linux linux 2.2.19pre17 #1 Tue Mar 13 22:37:59 EST 2001 i686 unknown gcc version 2.95.2 20000220 (Debian GNU/Linux) cyrus-sasl-1.5.27 ./configure --prefix=/usr/local/cyrus-sasl-1.5.27 --enable-login --disable-krb4 --disable-gssapi --disable-anon --with-pwcheck=/usr/local/cyrus-sasl-1.5.27/shared postfix-1.1.3 edit these lines in Makefile CC = gcc $(WARN) -DUSE_SASL_AUTH -L/usr/lib -I/usr/include -lsasl EXPORT = AUXLIBS= CCARGS=-DUSE_SASL_AUTH -L/usr/lib -I/usr/include -lsasl OPT=-O DEBUG=-g make and make install postfix. Should run the postfix-install script which interactively asks for file locations. I'm put EVERYTHING in /usr/local/postfix. Even the mail queue, since I hope to use mail folders instead of spool files. Here is my postfix config file. linux:/etc/postfix# cat main.cf queue_directory = /usr/local/postfix/queue mail_spool_directory = /var/spool/mail command_directory = /usr/local/postfix/sbin daemon_directory = /usr/local/postfix/libexec mail_owner = postfix default_privs = nobody setgid_group = postdrop myhostname = mail.specialtyimports.com mydestination = $myhostname, specialtyimports.com mail_spool_directory = /var/spool/mail command_directory = /usr/local/postfix/sbin daemon_directory = /usr/local/postfix/libexec local_destination_concurrency_limit = 2 default_destination_concurrency_limit = 5 sendmail_path = /usr/local/postfix/bin/sendmail mailq_path = /usr/local/postfix/bin/mailq manpage_directory = /usr/local/postfix/man sample_directory = /etc/postfix readme_directory = no # These items were added to prevent open relay smtpd_sasl_auth_enable = yes smtpd_delay_reject = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes linux:/etc/postfix# This sets up a mail server that is happy to recieve mail for any local user, will send mail from authenticated users, and spools to a mail spool file. The SASL rules at the end restricts usage to authenticated users and redundantly adds the caveat that all relays must be authenticated. Note that the only authentication I allow is plain text. I find most mailers don't have MD5 encryption or anything else for that matter, but I haven't played with it. If you find an encryption that you can use with common mail clients (outlook, outlook express, netscape) then by all means please let me know. Then I strap a pop3 daemon on top and boom mail server for someone. These aren't IMAP people. So, I'm not using mail folders yet. Although, I do a version of it at home. To change delivery to mail folders instead of mail spool files all you have to do is put a '/' at the end of the mail spool path and I think that there is a symbol that you can use for homedirectory. Someday I'll put SASL, SSL, HTTP, IMAP, and POP3 together.