|
Guides All Guides and HOWTO's. |
|
Thread Tools | Display Modes |
|
|||
Working Configuration for Openbsd 4.0 - Postfix - SASL - TLS
Some old stuff..
Might be helpful to some one.. OS: OpenBSD 4.0 MTA: Postfix w/sasl Imap: Dovecot packages installed (via ports) Code:
cyrus-sasl-2.1.21p2 RFC 2222 SASL (Simple Authentication and Security Layer) dovecot-1.0.rc15 compact IMAP/POP3 server expat-2.0.0 XML 1.0 parser written in C gettext-0.14.5p1 GNU gettext help2man-1.29 GNU help2man libiconv-1.9.2p3 character set conversion library libltdl-1.5.22p1 GNU libtool system independent dlopen wrapper libtool-1.5.22p0 generic shared library support script logsentry-1.1.1p2 logfile auditing tool metaauto-0.5 wrapper for gnu auto* pcre-6.4p1 perl-compatible regular expression library postfix-2.3.2-sasl2 fast, secure sendmail replacement wget-1.10.2p0 retrieve files from the web via HTTP, HTTPS and FTP Code:
TCP_OPTIONS = "flags S/SA keep state" pass in log on $ext_if inet proto tcp from any to any port smtp \ $TCP_OPTIONS pass in log on $ext_if inet proto tcp from any to any port imaps \ $TCP_OPTIONS pass in log on $ext_if inet proto tcp from any to any port 465 \ $TCP_OPTIONS with SASL. After much googling I found many answers, but none that fit my situation. I found some of the answers here but after much trial and error I narrowed it down.. Pls comment/correct where necessary.. Much Thanks.. rk. Scenario: I connect to the DoveCot Imap Server remotely via ssl/tls connection using a ThunderBird client. I also want to send mail "from" the remote email server via ssl. I installed and configured Postfix with the following (additional) SASL/TLS options: main.cf (note: the dovecot.pem were generated from the dovecot script after modifying /etc/ssl/dovecot-openssl.cnf) Code:
# TLS additions smtpd_use_tls = yes smtpd_tls_cert_file = /etc/ssl/dovecotcert.pem smtpd_tls_key_file = /etc/ssl/private/dovecot.pem smtpd_tls_loglevel = 1 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination # Authentication with SASL broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $mydomain Code:
smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject Code:
smtps 465/tcp #smtp protocol over TLS/SSL Code:
saslpasswd2 -c -u <domain-name>.com -a smtpauth <username> I had to copy the sasldb2.db to /var/spool/postfix/etc/sasldb2.db and chown it _postfix. Granted when I add another use I have to manually add them via the saslpasswd2 command.. but since there are only going to be a few users that is not an issue.. It now works..!!! Wooot... Lessons learned: Postfix is chrooted under OpenBSD. I was chasing this errror: warning: SASL authentication failure: no user in db among other SASL errors.. finally postconf -n Code:
alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /etc/postfix daemon_directory = /usr/local/libexec/postfix debug_peer_level = 2 html_directory = /usr/local/share/doc/postfix/html inet_interfaces = $myhostname, localhost mail_owner = _postfix mailq_path = /usr/local/sbin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = <my-domain>.com myhostname = bsdbox.<my-domain>.com mynetworks = 192.168.0.0/16, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/local/sbin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix/readme sample_directory = /etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = _postdrop smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_tls_cert_file = /etc/ssl/dovecotcert.pem smtpd_tls_key_file = /etc/ssl/private/dovecot.pem smtpd_tls_loglevel = 1 smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 Note: the smtpd.conf you may have found in your searching is not needed in OpenBSD. rk |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
[ OpenBSD 4.5 ] apm -C not working | wraith0x2b | OpenBSD Installation and Upgrading | 17 | 6th May 2009 09:03 AM |
WindowMaker 0.92.0p7 (OpenBSD 4.4/i386 Packages) configuration issue. | xixobrax | OpenBSD General | 1 | 3rd May 2009 04:04 PM |
Problem with Postfix and Sasl auth | unixbsd | OpenBSD General | 1 | 27th April 2009 03:26 AM |
Working around cheap SOHO routers under OpenBSD | BSDfan666 | Guides | 1 | 23rd November 2008 07:44 PM |
Postfix, SASL w/ LDAP | kronic | OpenBSD General | 2 | 19th June 2008 06:49 AM |