Enabling SMTP authentication in Postfix ensures that only users with valid accounts can send email outside your network (relaying). This prevents spammers from using your SMTP server as a spam broadcast station. Here’s how to do it in Postfix.
If you are using Red Hat Enterprise Linux 5 or CentOS 5, please read Postfix SMTP Authentication and Dovecot SASL instead. It’s a lot easier to setup and you won’t have to duplicate your Dovecot authentication setup into SASL.
mech_list: PLAIN LOGIN
mynetworks = 127.0.0.0/8 smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination broken_sasl_auth_clients = yes
Sample postfix session
[root@mail ~]# telnet mail smtp
Replace mail with the name of your server. We should not use localhost since localhost is a trusted client ip address.
Trying 192.168.0.4... Connected to mail.acme.local (192.168.0.4). Escape character is '^]'. 220 mail.acme.local ESMTP Postfix ehlo host 250-mail.acme.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Note the new 250-AUTH lines.
mail from: johndoe 250 2.1.0 Ok rcpt to: email@example.com 554 5.7.1 <firstname.lastname@example.org>: Relay access denied
It works, now to check if we can send it after authenticating.
auth plain AGpvaG5kb2UAcGFzc3dvcmQ= 235 2.0.0 Authentication successful rcpt to: email@example.com 250 2.1.5 Ok quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]#
Text highlighted in green only appears in Postfix version 2.3 or higher. Postfix version 2.3 is included in Red Hat Enterprise Linux 5 or CentOS 5.
You can send to email addresses belonging to your domain without authentication. This is normal as it enables you to receive mail from the outside.
The gibberish text after AUTH PLAIN is the base64 encoded value of the user name johndoe and password password. You can generate your own base64 text using the form below.
If you encounter any problems, check the log file at /var/log/maillog.
Visit the forum to ask for help or to give a comment.