> > > I actually don't have a mynetworks statement in main.cf at all and I
> > > send from squirrelmail all over the place.
> > >
> > > I won't be able to specify a single IP for my laptop. Can I allow
> > > authenticated users to send?
> >
> > You connect to squirrelmail from many different IPs via HTTP, but
> > squirrelmain only calls SMTP from the localhost IP, 127.0.0.1. So add
> > the default mynetworks back in if you want Squirrelmail to be able to
> > send at all. And quit trying out poorly thought out security tricks in
> > Postfix if you don't know what you're doing.
>
> I haven't removed the mynetworks statement. It was never there.
> Could it be somewhere other than main.cf and master.cf? Maybe
> 127.0.0.1 is the default. I can send from squirrelmail just fine as
> always. Admittedly "all over the place" was a bad choice of words.
>
> > Once that is fixed you can start looking at why you can't authenticate.
> > I'm going to guess that you haven't bothered to setup smtp
> > authentication via sasl yet.
>
> I didn't realize I wasn't authenticating. I'm working on sasl now.
Got it! Thanks a lot for everyone's help. I'm running
courier-imapd-ssl, postfix, and saslauthd. With the following config
everything should be encrypted between my laptop and the server:
/etc/postfix/main.cf:
[snip]
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_policy_service inet:127.0.0.1:10030
reject_unauth_destination,
permit
virtual_alias_maps = hash:/etc/postfix/virtual
message_size_limit = 20480000
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
/etc/postfix/master.cf:
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
/etc/sasl2/smtpd.conf:
mech_list: PLAIN LOGIN
pwcheck_method:saslauthd
- Grant
--
gentoo-user@lists.gentoo.org mailing list
