Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.
Date: 2007nov30, 2011feb9 Keywords: RFC2476, RFC4409, Postfix, submission, MSA Q. How do I give valid offsite users a way to use my SMTP service? A. You want an MSA (Mail Submission Agent). A Mail Submission Agent uses good old SMTP but runs on a different port and is very strict who it accepts mail from. You'll still need your existing SMTP service to receive mail. Here's how I set up an MSA with Postfix on Fedora. Add this to /etc/postfix/main.cf:submission_recipient_restrictions=check_sender_access hash:/etc/postfix/sender_access,reject (Only people on that list can use the service ... if they login)orsubmission_recipient_restrictions = permit_sasl_authenticated, reject (Anybody who logs in can use the service)Uncomment and modify these lines in /etc/postfix/master.cf:submission inet n - n - - submission -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=$submission_recipient_restrictionsOn the first line I changed "smtpd" to "submission" this is because I wanted a different program noted in the log. So in the shell make a link to create that program:cd /usr/libexec/postfix ln -s smtpd submissionYou'll need to open port 587 in your firewall. Run system-config-security-level and add submission:tcp or directly edit /etc/sysconfig/iptables Update! If you are already using Dovecot (like me) you can use it for SASL which is nicer. Since its using SASL we need to install it:dnf install cyrus-sasl-plainThis will pull in some prerequisites. Unfortunately there is another daemon that must be running. Configure it by making setting /etc/sysconfig/saslauthd to read:MECH=shadowEnable it:chkconfig --level 2345 saslauthd onStart it:systemctl start saslauthdRestart Postfix:systemctl restart postfixSet your mail client (eg Thunderbird) to use:Port: 587 TLS: yes A userid and passwordwhen sending. If you have a "domain name mismatch" and use Thunderbird try this extension: https://addons.mozilla.org/en-US/thunderbird/addon/2131 How it works http://en.wikipedia.org/wiki/SMTP_Authentication
Add a commentSign in to add a comment