Date: 2007nov30
Keywords: RFC2476, RFC4409, Postfix, submission, MSA
Q. How do I give valid offsite users a way to use my SMTP service?
A. You want an MSA (Mail Submission Agent).
A Mail Submission Agent uses good old SMTP but runs on a different port
and is very strict who it accepts mail from. You'll still need your
existing SMTP service to receive mail.
Here's how I set up an MSA with Postfix on Fedora.
Add this to /etc/postfix/main.cf:
submission_recipient_restrictions=check_sender_access hash:/etc/postfix/sender_access,reject
(Only people on that list can use the service ... if they login)
or
submission_recipient_restrictions = permit_sasl_authenticated, reject
(Anybody who logs in can use the service)
Uncomment and modify these lines in /etc/postfix/master.cf:
submission inet n - n - - submission
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
On the first line I changed "smtpd" to "submission" this is because
I wanted a different program noted in the log. So in the shell
make a link to create that program:
ln -s /usr/libexec/postfix/smtpd /usr/libexec/postfix/submission
Since its using SASL we need to install it:
yum install cyrus-sasl-plain
This will pull in some prerequisites.
Unfortunately there is another daemon that must be running.
Configure it by making setting /etc/sysconfig/saslauthd to read:
MECH=shadow
Enable it:
chkconfig --level 2345 saslauthd on
Start it:
service saslauthd start
Restart Postfix:
service postfix restart
Set your mail client (eg Thunderbird) to use:
Port: 587
TLS: yes
A userid and password
when sending.
If you have a "domain name mismatch" and use Thunderbird try this extension:
https://addons.mozilla.org/en-US/thunderbird/addon/2131
Add a comment
Sign in to add a comment