Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use Postfix with authentication and encryption UNIX
Running your own mail server from home is great, but when you are on the road you have to switch to whatever ISP you are using. The trouble is that several large ISPs are testing systems which would block mail from servers which aren't authorized to send mail for a given domain.

However, if you enable SASL (for authentication) and TLS (for encryption), you can safely use your mail server from anywhere. I have written a tutorial for setting up Postfix with SASL and TLS on panther (although I assume that you already have server certificates and know how to set up Postfix in general).
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[6,436 views]  

Use Postfix with authentication and encryption | 12 comments | Create New Account
Click here to return to the 'Use Postfix with authentication and encryption' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use Postfix with authentication and encryption
Authored by: aamann on Mar 16, '04 12:38:24PM
I guess I prefer the "lazy" method;-)
Postfix Enabler allows you to enable this for you without having to download & install additional components - all the required items are already installed with Panther...

[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: w4lna on Mar 17, '04 04:06:38PM

Be careful with Postfix Enabler, it did some things that I didn't expect. At least it does save your previous files in a /etc/postfix/.original directory.

Anyone have an idea why Repair Permissions in the Disk Utility sets the owner of the directories in /var/spool/postfix to UID 27 in Panther? I haven't seen this reported anywhere else...



[ Reply to This | # ]
postfix permissions
Authored by: sjk on Mar 19, '04 09:06:41AM
I've never seen Repair Disk Permissions report any /var/spool/postfix changes so I'm not sure why it happens on your system, but its subdirectories need to be set up correctly or Postfix won't run properly (if at all). Comments in the /etc/postfix/post-install script say:
set-permissions
Set all file/directory ownerships and permissions according to the contents of $config_directory/postfix-files, using the mail_owner and setgid_group parameter settings from the command line, process environment or from the installed main.cf file. Implies create-missing.

This is required when installing Postfix from a pre-built package or when changing the mail_owner or setgid_group installation parameter settings after Postfix is already installed.
On my working system:
% egrep '^(mail_owner|setgid_group)' /etc/postfix/main.cf
mail_owner = postfix
setgid_group = postdrop

% ls -l /var/spool/postfix
total 0
drwx------  18 postfix  wheel     612 17 Dec 22:00 active
drwx------   6 postfix  wheel     204 16 Mar 13:49 bounce
drwx------   2 postfix  wheel      68 25 Sep 20:25 corrupt
drwx------   3 postfix  wheel     102  8 Feb 19:26 defer
drwx------   3 postfix  wheel     102  8 Feb 19:26 deferred
drwx------   2 postfix  wheel      68 25 Sep 20:25 flush
drwx------   2 postfix  wheel      68 25 Sep 20:25 hold
drwx------  18 postfix  wheel     612 18 Mar 18:06 incoming
drwx-wx---   2 postfix  postdrop   68 18 Mar 11:00 maildrop
drwxr-xr-x  11 root     wheel     374  8 Feb 19:26 pid
drwx------  18 postfix  wheel     612 15 Mar 15:31 private
drwx--x---   7 postfix  postdrop  238 15 Mar 15:31 public


[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: aamann on Mar 16, '04 12:41:29PM

... one more thing - "you can safely use your own mail server from anywhere" assumes that your ISP does not block port 25 so that you actually can access your mail server from abroad - another way is setting up a SSH tunnel to your mail server and then accessing your mail server through the tunnel. Using SSH also makes encryption redundant.



[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: Mike Brady on Mar 19, '04 08:20:35AM

Could you give us an example of how to do that?



[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: Andrea on Mar 17, '04 06:49:42AM
I'm particular interested in this topic, and I hope you can enlight me. I've an iBook with postfix enalbled. Depending on the ISP I use some of my emails are rejected and I receive a message like this:

			The Postfix program

<fink-devel@lists.sourceforge.net>: host mail.sourceforge.net[66.35.250.206]
    said: 550-rejected because your SMTP server, 151.26.169.56, is in the DULS
    RBL. See 550 http://mail-abuse.org/referred.html for more information. (in
    reply to RCPT TO command)
Reporting-MTA: dns; ibook.homeunix.org
Arrival-Date: Sun, 29 Feb 2004 09:37:02 +0100 (CET)

Final-Recipient: rfc822; fink-devel@lists.sourceforge.net
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host mail.sourceforge.net[66.35.250.206] said:
    550-rejected because your SMTP server, 151.26.169.56, is in the DULS RBL.
    See 550 http://mail-abuse.org/referred.html for more information. (in reply
    to RCPT TO command)
Can I solve my problem enabling SASL? Thanks, Andrea.

[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: elemental on Mar 17, '04 09:57:48AM

The problem you are experiencing is that many ISPs deny mail sent directly from dynamic IP address space (dialups, many DSL ranges, most cable modems). This is called "direct-to-mx" mailing and it's commonly done by spammers to get around their ISP's outgoing mail restrictions. It also blocks mail from home users' Windows machines with spam-relay proxies installed (eg, Sobig, etc).

The solution is to smarthost your mail through your ISP's SMTP server. I don't know how to do it in Postfix, but look for "smarthost" or something along the lines of "forward outgoing mail to this server for delivery".



[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: aamann on Mar 17, '04 01:02:54PM

"Postfix Enabler" has a text field in the setup pane allowing you to enter a smart host - works for me sending mail to any address I want...



[ Reply to This | # ]
Postfix and Smarthost
Authored by: jablko on Apr 29, '04 10:02:39PM

Yeah ... I must use a smarthost to send to some domains. I use "relayhost = domain.name" or "relayhost = [host.name]" in "/etc/postfix/main.cf"... See "http://www.postfix.org/postconf.5.html#relayhost"



[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: Gigacorpse on Mar 18, '04 10:00:26AM

Postfix would be fine for me if freaking Apple Mail could use standard Unix mail spools. Of course, I could just run an IMAP server on my PowerMac but I haven't been able to find a compiled binary of an IMAP server that is Panther compatable.



[ Reply to This | # ]
Use Postfix with authentication and encryption
Authored by: logo on Mar 19, '04 03:53:46AM
Check out this hint:

Access local mail via Mail.app

is this the solution to your question?

[ Reply to This | # ]
UW-IMAP
Authored by: sjk on Mar 19, '04 08:35:02AM
Or see Using WU-IMAP with SSL and xinetd revisited for info about doing that.

[ Reply to This | # ]