Hello. I am trying to setup a postfix server for my network. However, I have a few configuration issues:

1) My ISP blocks all port 25 connections to servers other than it's own SMTP server. How can I configure postfix to pass ALL mail right on to my SMTP server's?

2) How can I configure security? I want two layers

2a) All computers on my network (a specific local IP range), should be automatically granted access.

2b) Remote computers should be required to AUTH.

Thank you!

Cody

For question 1, a few relevant entries from /etc/postfix/main.cf:
myhostname = osprey.hogchain.net
mydomain = hogchain.net
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
relayhost = [mail.bellsouth.net]

Someone else will have to answer question 2 and its subparts.

This is exactly what I'm looking for. The only problem that I forgot about with that, is that I need to authenticate with my ISP's SMTP server... how can I do that?

Cody

Well, that's what gets it working with me and my ISP. Unfortunately, it only works for outbound mail. My ISP (Bellsouth) blocks inbound port 25 to anything other than his own mail servers, so any mail directed to my little mail server in my house never makes it to me, even though it's an IP address the ISP owns. Not much I can do about it except whine to him. And I did. :-)

Before I realized he was blocking port 25, I set about configuring Postfix for SMTP AUTH, but gave up when I realized it wasn't going to do me any good. Google for Postfix SMTP AUTH... You'll find some helpful stuff.

One thing that might help... My ISP doesn't require SMTP AUTH if mail is coming from my Postfix server located on his IP address. Your's might not either. Try telnetting to port 25 on your ISP's mail server to check if his server asks for authentication. Just enter "EHLO" at the invisible prompt. Here's what my ISP's mail server says (and you can see it doesn't advertise AUTH).

[root@osprey bin]# telnet mail.bellsouth.net 25
Trying 205.152.59.17...
Connected to mail.bellsouth.net.
Escape character is '^]'.
220 ibm61aec.bellsouth.net ESMTP server ready Sun, 16 Apr 2006 22:24:20 -0400
EHLO <<<--------- I entered this command
250-ibm61aec.bellsouth.net
250-HELP
250-PIPELINING
250-DSN
250-8BITMIME
250 SIZE 26214400
quit <<<--------- I entered this command
221 ibm61aec.bellsouth.net ESMTP server closing connection
Connection closed by foreign host.

I have the same type of problem...my ISP just started blocking outbound port 25 and now my server cannot send anymore e-mails...i tried using the metod mentioned by jcliburn but without much luck as my isps smtp server does in fact recquire AUTH

does anyone here know a workaround to supply the user/pass auth info to postfix?

tnx

googled around adn found this

Postfix SMTP AUTH support for relayhost

Tonight I changed my relayhost for my outgoing home mail server to one that requires me to use SMTP AUTH so I needed to modify my main.cf on the outgoing server as follows.

Added the following settings to /etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Create /etc/postfix/sasl_passwd as follows:
my.mail.relay.net username:password

Because the password is in cleartext make it root only:
# chown root:root /etc/postfix/sasl_passwd && chmod 600 /etc/postfix/sasl_passwd

Create the hash file:
# postmap /etc/postfix/sasl_passwd

Make the hash file world readable:
# chmod 644 /etc/postfix/sasl_passwd

Reload the Postfix config:
# /etc/init.d/postfix reload



tnx to http://ben.franske.com/blogs/bensbits.php/2005/09/06/postfix_smtp_auth_support_for_relayhost

works like a charm :)

I have followed those instructions and still am having problems. I am wondering if it is related to the fact that my username has an @ in it... any ways I can get around this, in case this is the problem?

Also, I see my ISP is using this:

250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME

Is the method described above for PLAIN and LOGIN?

Cody

I have followed those instructions and still am having problems. I am wondering if it is related to the fact that my username has an @ in it... any ways I can get around this, in case this is the problem?

Cody


i have the same thing (my username is the entire email adress prety much...user@adress.com) but it worked fine for me

did you hash the file? and what does the mailog display after u done this?

I did hash the file. I have this setup as the instructions above outline, but my maillog still shows that it is trying to connect to the mailserver of the destination e-mail address.

Cody

make sure you have set the

relayhost = ENTERYOUR.YOUR.RELAY.SERVER

in your main.cf postfix file

I had to enclose my relayhost in square brackets, otherwise it wouldn't work.

Such as:

relayhost = [smtp.myisp.com]

?

Cody

Yes, that's correct.

try it without enclosing them with []

I tried it without, and this is the error I'm getting:


Apr 17 20:31:55 thor postfix/smtp[15092]: 954B521804D: to=<me@mac.com>, relay=none, delay=1, status=deferred (Host or domain name not found. Name service error for name=smtp.sbc.mail.yahoo4.akadns.net type=MX: Host not found, try again)
Apr 17 20:31:55 thor dovecot: imap-login: Login: user=<cdehaan>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured


My "relay host" is smtp.sbcglobal.yahoo.com, but it doesn't appear to even be connecting to that server.

Cody

And, using the ['s didn't seem to change the situation.

I'm getting this error using the []'s:

Apr 17 20:34:25 thor postfix/smtp[15187]: 0C23F21804D: to=<me@mac.com>, relay=smtp.sbc.mail.yahoo4.akadns.net[68.142.229.41], delay=0, status=bounced (host smtp.sbc.mail.yahoo4.akadns.net[68.142.229.41] said: 530 authentication required - for help go to http://help.yahoo.com/help/us/sbc/dsl/mail/pop/pop-11.html (in reply to MAIL FROM command))

try telneting to ur host's smtp

telnet://ADRESS:PORT

does that work?

Not a problem:


imac:~ Cody$ telnet smtp.sbcglobal.yahoo.com 25
Trying 68.142.229.41...
Connected to smtp-sbc.mail.yahoo.com.
Escape character is '^]'.
220 smtp109.sbc.mail.re2.yahoo.com ESMTP
EHLO
250-smtp109.sbc.mail.re2.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME


It just seems that, despite me specifying the SMTP server, it isn't actually connecting there. Maybe it's not supposed to, I'm not really sure.

Cody

Well, I figured it out.

I both used brackets, and I used the error message to my advantage (makes sense, huh?)

I instead used

relayhost = [smtp.sbc.mail.yahoo4.akadns.net]

And reflected sasl_passwd to those changes. Works like a charm :)

NOW I have to set up postfix to do #s 2 and 3 of my original question. Any help here? I may start a new thread for those, as this thread more deals with the first issue.