I have recently moved, and am no longer in the same building as my mail server. Changing SMTP servers for each ISP, or using webmail/ssh+mutt is tedious, so I decided to set up authenticated SMTP.

First, `apt-get install sasl2-bin`
sasl is a generic authentication program, with many options.

I decided to use a seperate password database for SMTP. Postfix is working in a chroot jail, and copying my passwd and shadow files into the jail kind of defeats the purpose. So I use a different password for SMTP.
To do this, we use saslauthd, so make sure this is starting up at boot, then create a file called "smtp.conf" under /etc/postfix/sasl with the line "pwcheck_method: saslauthd"

/etc/postfix/main.cf will need this section added:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = domain.com
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

Next, you'll need to add a user to the saslauthd database
This is done using saslpasswd2. Example:
`saslpasswd2 -c -f /var/spool/postfix/etc/sasldb2 -u domain.com username`
note you're pointing it into the postfix jail filesystem.

restart postfix to read in the changes, and set up your mail client to use the service.
All should be good.

---

Comments