At my company we've had a longstanding problem of not being able to send email from devices outside of our internal network and any specific IP address that we open the relay to. As it turns out, SASL has never been set up. I need to set up SASL ASAP but none of the guides I've found seem to work. This is the latest guide I tried: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL I did everything on here minus the last part because it's on the same server. Also, instead of submission inet n - - - - smtpd I did: 127.0.0.1:1025 inet n - - - - smtpd After all is done, however, I'm unable to send any mail. Thunderbird just says sending message but doesn't send and I don't even get an error. I end up having to disable SASL again before I can send mail. Dovecot version 2.0.9 Postfix version 2.6.6 CentOS 6 I have Postfix, Dovecot, and ASSP on the same server. Thanks everyone. -- This email was Virus checked by Astaro Security Gateway. http://www.sophos.com
On 10/21/2014 8:40 AM, Brian <bstringfellow at bobcad.com> wrote:> Also, instead of > submission inet n - - - - smtpd > I did: > 127.0.0.1:1025 inet n - - - - smtpd > > After all is done, however, I'm unable to send any mail.No surprise there. You *must* use the submission port if you want it to work. Not sure why you thought otherwise.
Am 21.10.2014 um 14:40 schrieb Brian:> At my company we've had a longstanding problem of not being able to send > email from devices outside of our internal network and any specific IP > address that we open the relay to. As it turns out, SASL has never been > set up. I need to set up SASL ASAP but none of the guides I've found > seem to work. > This is the latest guide I tried: > http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > I did everything on here minus the last part because it's on the same > server.don't pretend - "postconf -n" and "dovecot -n" # dovecot service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } # postfix smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth> Also, instead of > submission inet n - - - - smtpd > I did: > 127.0.0.1:1025 inet n - - - - smtpdthat is complete nonsense * 1025 is not a standard port * the port only listens on localhost * no way to connect from outside> After all is done, however, I'm unable to send any mail. Thunderbird > just says sending message but doesn't send and I don't even get an > error. I end up having to disable SASL again before I can send mail.because most likely 1025 is not opened in the firewall and even if since you misconfigured the server it could not connect> Dovecot version 2.0.9 > Postfix version 2.6.6 > CentOS 6 > I have Postfix, Dovecot, and ASSP on the same server-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20141021/f29cd9e9/attachment.sig>
On 2014-10-21 07:40, Brian wrote:> At my company we've had a longstanding problem of not being able to > send email from devices outside of our internal network and any > specific IP address that we open the relay to. As it turns out, SASL > has never been set up. I need to set up SASL ASAP but none of the > guides I've found seem to work.I recommend reading over these guides and doing outside research to fill in any blanks: * https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql * https://workaround.org/ispmail * http://wiki2.dovecot.org/Authentication/PasswordSchemes They walk you through setting up SASL for Postfix which uses Dovecot for auth. Dovecot in turn uses a MySQL database that you put together, but Dovecot supports many other auth sources such as LDAP that might be more relevant to your setup. It's worth mentioning (although you probably already know this) to double-check any recommendations you find in guides against official docs when it comes to security practices. For example, one guide recommends using the MD5 hashing algorithm (without a salt) to store passwords. I'm (very) far from being a security expert, but I recommend you research an alternative hashing scheme if you're setting up an auth source from scratch.