I use postfix with smtp auth and receipient validation against dbmail
with sasl.
All user passwords must be in format crypt!!
1. Recieve mail for only those that have a userid or alias
2. SMTP AUTH with either his userid ([EMAIL PROTECTED]) or any of his
aliases ([EMAIL PROTECTED])
3. User can only send email as himself or one of his aliases.
4. Other users can not send email with a source of one of my domain
names (sender_access map) - [EMAIL PROTECTED] to [EMAIL PROTECTED] is ok
once authenticated. This helps stop those pesky spams of yourself
sending yourself the spam.
Here's a quick how to:
/etc/postfix/main.cf:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unknown_sender_domain,
permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo_access,
reject_unauth_destination,
smtpd_sender_restrictions =
permit_mynetworks,
check_helo_access hash:/etc/postfix/helo_access,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated,
reject_sender_login_mismatch,
reject_unknown_sender_domain,
check_sender_access
hash:/etc/postfix/sender_access
# FOR SMTP AUTH CHECKS - NEED BOTH SO WE CAN CHECK BOTH TABLES
smtpd_sender_login_maps = mysql:/etc/postfix/dbmail_sender_login.cf,
mysql:/etc/postfix/dbmail_sender_login_alias.cf
# RECIPIENT CHECKS - NEED BOTH SO WE CAN CHECK BOTH TABLES
local_recipient_maps = mysql:/etc/postfix/dbmail_rcpt.cf,
mysql:/etc/postfix/dbmail_rcpt_alias.cf
cat /etc/postfix/sender_access
mydomainname.com 553 Not logged in. Use smtp auth to send email.
* OK
(don't forget to run postmap sender_access)
cat /etc/postfix/dbmail_rcpt.cf
# Look for a user that matches to receipient of the email
user = dbmail
password = dbmail
dbname = dbmail
hosts = localhost
#postfix 2.2.X version only
query = SELECT userid FROM dbmail_users WHERE userid='%s'
cat /etc/postfix/dbmail_rcpt_alias.cf
# Look for an alias that matches to receipient of the email
user = dbmail
password = dbmail
dbname = dbmail
hosts = localhost
#postfix 2.2.X version only
query = SELECT alias FROM dbmail_aliases WHERE alias='%s'
cat /etc/postfix/dbmail_sender_login.cf
#SMTP AUTH - check if the user exists
user = dbmail
password = dbmail
dbname = dbmail
hosts = localhost
#postfix 2.2.X version only
query = SELECT userid FROM dbmail_users WHERE userid='%s'
cat /etc/postfix/dbmail_sender_login_alias.cf
# SMTP AUTH - check if the alias exists
user = dbmail
password = dbmail
dbname = dbmail
hosts = localhost
#postfix 2.2.X version only
query = SELECT userid FROM dbmail_users JOIN dbmail_aliases ON
(dbmail_aliases.deliver_to=dbmail_users.user_idnr) WHERE
dbmail_aliases.alias='%s'
cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
allowanonymouslogin: no
allowplaintext: yes
mech_list: PLAIN LOGIN
srp_mda: md5
password_format: crypt
sql_engine: mysql
sql_hostnames: localhost
sql_user: dbmail
sql_passwd: dbmail
sql_database: dbmail
sql_verbose: yes
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '[EMAIL PROTECTED]'
Remeber to follow all of the instructions on getting postfix working
with dbmail first along with sasl2- then apply the changes above. Not
everything may be applicable to you.
-Jon
Tom Allison wrote:
On 11/14/2006, "Leander Koornneef" <[EMAIL PROTECTED]> wrote:
Hi Tom,
You should realise that "dbmail user" != "email address"
It's not ugly, it's just the (perfectly sane) way dbmail works :-)
Doing this "your way" would severely limit the flexibility of dbmail.
Well, one thing you could do is use Postfix' recipient_canonical_maps
to rewrite [EMAIL PROTECTED] to [EMAIL PROTECTED]:
Thanks to all who replied. I think it's this canonical maps that makes
the most sense to me. Also, I should probably change my usernames from
fred to [EMAIL PROTECTED] If I understand things correctly -- with this
then allow me to use recipient validation in the postfix database tables?
And is this the right direction to go in for AUTH-SMTP?
This is actually pretty good because I'm really forcing myself to learn
more about email and databases -- both of which seem pretty useful...
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
