Versions Compared

Old Version 11

changes.mady.by.user Thomas Tornevall

Saved on

compared with

New Version 12

changes.mady.by.user Thomas Tornevall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a document copied fromĀ https://www.tornevalls.se/2019/08/12/the-postfix-maildir-guide/

...

Clients that does not support SMTP authentication via imap or pop

This text is written in october 2020 after ripping my hair of my head off for a while. What I did not think of, during the first round of installation, was that there will be non standard clients that won't do a pop/smtp-auth before entering the SMTP out. For example, Postfix, straight out of the box - where you want to relay from postfix to postfix via an authenticated user. With the solution above, there might happen things that you do not want. The error message below for example, is quite common but very much unanswered in different kinds of forums. Most of the posts are relating their problems to dovecot, cyrus and different kind of solutions that in the end seem to be database driven. This is not bad, it's just a little bit stupid since you suddenly rely your systems on yet another point of failure: The database. And the more crap you implement, the harder it will be to find the failing point.

No Format
warning: SASL authentication failure: unable to canonify user and get auxprops

...

https://serverfault.com/questions/409828/cant-get-sasl-auxprop-sasldb-working-with-postfix-ubuntu-12-04
https://annvix.com/enabling_sasl_in_postfix

Greylisting

Preventing spam can be very exhausting. There is a suggested method on stopping spam by greylisting. You can read a longer description of how to set up greylisting for your system on the link below.

https://www.howtoforge.com/greylisting_postfix_postgrey

Installing

Run: apt install postgrey and service postgrey start

No Format
apt install postgrey
service postgrey start

If you have been following the above instructions, your main.cf probably looks like this:

No Format
smtpd_recipient_restrictions = permit_mx_backup, permit_auth_destination, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf

Update this row to:

No Format
smtpd_recipient_restrictions = permit_mx_backup, permit_auth_destination, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, check_policy_service inet:127.0.0.1:10023

Then, reload postfix.

Are we done?

I'm not entirely sure actually. I may have missed something. If someone is actually interested in this post and see that something won't work it may be cause by the fact that I missed that part. I also have a separate configuration (based on this big one) to make sure that relaying actually works out of the box. If you find anything, feel free to contact me and notify me about it...