SMTP Authentication (SMTP Auth) provides an access control mechanism that can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers.

Configure Postfix and Dovecot

Edit dovecot 10-master.conf
1. Edit the file /etc/dovecot/conf.d/10-master.conf and make sure your service auth section has the lines below.
service auth {	
  unix_listener /var/spool/postfix/private/auth {
	mode = 0666
	user = postfix
	group = postfix
  }	
}
Edit dovecot 10-auth.conf
2. Edit the file /etc/dovecot/conf.d/10-auth.conf and update the line below.
auth_mechanisms = plain login
Edit main.cf3. Edit /etc/postfix/main.cf, find the keys below and change its values as follows or add it at the bottom of the file if the key (the word before the = sign) cannot be found.
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =  permit_mynetworks, 
    permit_sasl_authenticated, 
    reject_unauth_destination
broken_sasl_auth_clients = yes
The first line says trust only localhost, meaning only localhost can send email outside the network (relay). The last line is there to support old clients like Microsoft Outlook Express 4.0 and Microsoft Exchange 5.0 just in case someone is still using it.
 
Lines starting with # are comments. Save the file after completing your changes.
 
Install postfixdovecotsasl.te4. Configure SELinux using the commands below. Here’s the content of postfixdovecotsasl.te
wget linuxmail.info/files/rhel6/postfixdovecotsasl.te
checkmodule -M -m -o postfixdovecotsasl.mod postfixdovecotsasl.te
semodule_package -o postfixdovecotsasl.pp -m postfixdovecotsasl.mod
semodule -i postfixdovecotsasl.pp
Service Configuration5. Restart the Dovecot and Postfix service. But if you installed MailScanner, restart MailScanner instead of Postfix. Learn how to restart services here.

Test Postfix

TerminalIn a Terminal window, type in the highlighted commands below.

Sample postfix session

[root@mail ~]# telnet mail smtp

ImportantReplace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address. And make sure the domain name you specified does not resolve to 127.0.0.1 which is the IP address of localhost.

Trying 192.168.0.1...
Connected to mail.acme.local (192.168.0.1).
Escape character is '^]'.
220 mail.acme.local ESMTP Postfix
ehlo localhost
250-mail.acme.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Note the new 250-AUTH lines. See the old SMTP Telnet Test.

mail from:<johndoe>
250 2.1.0 Ok
rcpt to:<test@example.com>
554 5.7.1 <test@example.com>: Relay access denied

It works, now to check if we can send it after authenticating.

auth plain AGpvaG5kb2UAcGFzc3dvcmQ=
235 2.0.0 Authentication successful
rcpt to:<test@example.com>
250 2.1.5 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail ~]#

NoteYou can send to email addresses belonging to your domain without authentication. This is normal as it enables you to receive mail from the outside.

The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form below.








NoteIf you encounter any problems, check the log file at /var/log/maillog.

 
«« Previous: How to Setup Dovecot
 

Visit the forum to ask for help or to give a comment.

***
Posted on 7/31/2011 and last updated on 8/13/2011
Filed under CentOS 6 , Dovecot , Postfix , Red Hat Enterprise Linux 6 , SASL