l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2006 Dec 16 22:32

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Postfix + SMTP-AUTH: 1, Me: 0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Postfix + SMTP-AUTH: 1, Me: 0



Hi all,

I've read that verizon.net blocks all outgoing mail that doesn't carry a
"verizon.net" address.  Most of what I read came from marginally technical
Windows and Mac users, and it's unclear if this means the "From" header
(what the recipient sees) or the "mail from:" SMTP header, which the
recipient doesn't see.

I just read that this policy quietly went away, so I decided to perform an
experiment:


   p@satan$ telnet outgoing.verizon.net 25
   Trying 206.46.232.12...
   Connected to outgoing.verizon.net.
   Escape character is '^]'.
   220 vms044pub.verizon.net -- Server ESMTP (Sun Java System Messaging Server
   6.2-6.01 (built Apr  3 2006))
   helo dirac.org
   250 vms044pub.verizon.net OK, [71.249.112.20].
   mail from: p@dirac.org
   550 5.7.1 Authentication Required
   help
   214-2.3.0 Available commands:
   214-2.3.0 
   214-2.3.0 DATA, EHLO, EXPN, HELO, HELP, MAIL FROM
   214-2.3.0 NOOP, QUIT, RCPT TO, RSET, SAML FROM
   214-2.3.0 SEND FROM, SOML FROM, TICK, TURN
   214-2.3.0 VERB, VRFY, XADR, XSTA, XCIR, ETRN
   214-2.3.0 XGEN, LHLO, AUTH
   214 2.3.0
   quit
   221 2.3.0 Bye received. Goodbye.
   Connection closed by foreign host.


I had no idea what "AUTH" was, so I Googled.  I think I have a better idea
now, but I need some help setting it up.

I found the "Postfix SASL Howto" at http://www.postfix.org/SASL_README.html.
Currently going through it step by step.  It appears I need something that
implements SASL, a method to add security to older connection based
protocols that don't have sufficient security.  SMTP is one of them.

1. Going through the howto, it appears that the "Cyrus" implementation is
   what I want to use.  So I installed:

   cyrus-common-2.2
   cyrus-doc-2.2
   cyrus-imapd-2.2

2. Next, I added the following lines to /etc/postfix/main.cf:

   relayhost = [outgoing.verizon.net]
   smtpd_sasl_auth_enable = yes
   smtpd_sasl_authenticated_header = no

3. Next, it looks like I need to tell Cyrus how to perform authentication.
   It looks like there are 3 methods of authentication:

   a. Unix password database.  But I'm trying to authenticate myself to
      Verizon.net's SMTP server, so I'm *assuming* that they want my
      Verizon username/password.  I suppose I could add a user/password
      to /etc/shadow that's the same as my Verizon login, but this
      method didn't seem appropriate.

   b. Using the saslauthd daemon which can use PAM.  However, since I'm
      only going to be using this for outgoing mail, I don't want a
      running daemon just for this purpose.

   c. Cyrus's own password database.  This seems like the right choice.

   The howto says I need to set:

      pwcheck_method: auxprop

   in /usr/local/lib/sasl2/smtpd.conf.  However, the file doesn't exist.
   After hunting around, I found /etc/imapd.conf owned by cyrus-common-2.2,
   and there's two items that look promising:

      sasl_pwcheck_method: auxprop
      # sasl_auxprop_plugin: sasldb

   Not an exact match, but it's close.  The docs say that by default "all
   plugins are tried, which is probably not what you want".  At this point,
   I just want it to work and I'll finetune later.  But I don't see any
   plugins in /usr/lib/sasl2 that identify themselves for SMTP
   authentication.  I'll figure this out later.

   So it looks like the default options are good for me.

4. Next I'm supposed to populate the Cyrus database with:

      saslpasswd2 -c -u `postconf -h myhostname` MY_VERIZON_USERNAME

   which I did.



I restarted postfix, and sent an email.  It bounced shortly after:

   <psalzman@lifshitz.ucdavis.edu>: host outgoing.verizon.net[206.46.232.12]
   said: 550 5.7.1 Authentication Required (in reply to MAIL FROM command)


So here I am.  Angry.  Frustrated.  Not even sure if any of this is really
remotely correct.  It's ... absolutely bizarre that getting ESMTP to just
"work" can be this difficult.

Help?

Pretty please?

Pete
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!