Postfix // SASL

DOVECOT SASL SOCKET

see the Dovecot guide –> SASL socket section

POSTFIX

make sure you’ve enabled a valid certificate and a decent TLS setup already

then enable submissions implicit ssl/tls (not starttls). it’s better to hard-code the port number here, slackware still did not switch from smtps to submissions

vi /etc/postfix/master.cf

465   inet n       -       n       -       -       smtpd
    -o syslog_name=postfix/sasl
    -o smtpd_tls_auth_only=yes
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_sasl_path=private/auth
    -o smtpd_sasl_type=dovecot
    -o smtpd_sasl_security_options=noanonymous,noplaintext
    -o smtpd_sasl_tls_security_options=noanonymous
    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_helo_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=permit_sasl_authenticated,reject
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    #-o broken_sasl_auth_clients=yes

there is NO NEED to add permit_sasl_authenticated, in main.cf

however, and in case you want to dedicate a host for that, you could otherwise simply define those options into the main configuration

vi /etc/postfix/main.cf

#
# SASL DEDICATED HOST
#
syslog_name = postfix/submissions
smtpd_tls_auth_only = yes
smtpd_tls_wrappermode = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
#broken_sasl_auth_clients = yes

ACCEPTANCE

apply and check

postfix reload
netstat -an -f inet | grep LISTEN

and remotely

openssl s_client -connect xc.nethence.com:465

RESOURCES

Postfix SASL Howto http://www.postfix.org/SASL_README.html

Enable SMTPS Port 465 in Postfix SMTP Server For Email Submission https://www.linuxbabe.com/mail-server/enable-smtps-port-465-postfix

Postfix smtps and submission confusion https://serverfault.com/questions/605715/postfix-smtps-and-submission-confusion

Enable SMTPS service (SMTP over SSL, port 465) https://docs.iredmail.org/enable.smtps.html

TRASH

submission starttls

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_helo_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

HOME | GUIDES | BENCHMARKS | html