How to Activate the SMTP-Authentication on Other Mail Servers (Postfix)
Support knowledgebase (rsimai_slox_smtp_auth)
Applies to
Openexchangeserver: Version 4
Situation
You want to activate SMTP-AUTH to allow the authentication of Openexchange Server as client on another mail server.
This description focuses on the Openexchange Server, but it should also work with the standard distribution in the
cases where Postfix is used as an MTA.
A description for Sendmail is available in the article "SMTP-AUTH Client with Sendmail" (http://sdb.suse.de/en/sdb/html/sendmail_smtp_auth.html)
Why SMTP-AUTH
Many providers only accept e-mail messages via SMTP from clients that have previously authenticated on
the server. The reason is that dial-in connections make it very difficult to control who has sent what to whom.
The increasing presence of SPAM makes it necessary to verify whether the user is
authorized or not. 'pop before smtp' is often used for this purpose. It works by enabling the sender to use the provider's SMTP
server during a given period of time only after an (authenticated) POP retrieval. The problem arises mostly when your mail
server is only temporarily connected to the Internet, i.e. without a dedicated line or a static IP address.
Requirement
Postfix has been installed and configured on your system. Your ISP has provided you with an access login and password that can
be used for the SMTP authentication on the server. Attention: This is not a matter of course. Please ask your ISP if you are
able to use SMTP-AUTH.
Procedure
- Make sure that the following entries are available in
/etc/postfix/main.cf
or insert them if necessary:
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
Check your spelling: 'smtp' and 'smtpd' are not the same!
- Create the file
/etc/postfix/saslpasswd
with the following content:
destination.host.de username:password
destination.host.de
is usually the relay host you use. With these entries,
you instruct Postfix to deliver via SMTP-AUTH all the messages transmitted through the defined host
whenever possible. Other transport routes will be handled as hitherto.
- Finally, generate the new map and reload the configuration:
postmap /etc/postfix/saslpasswd
rcpostfix reload
Potential Problems
- Your ISP does not support SMTP-AUTH
You can test the host with a telnet to port 25:
me@work:~>telnet smtpserver.provider.de 25
220 smtpserver.provider.de Mailservice ready
EHLO mein.mailserver.de
...
250-AUTH PLAIN LOGIN
...
If the output includes this line, the provider's mail server supports SMTP-AUTH with the mentioned procedure
(PLAIN, LOGIN in this case).
- Wrong password/login in
/etc/postfix/saslpasswd
, or postmap
not executed after a change
If this is the case, you should find an entry similar to the following in /var/log/mail
:
...Authentication failed: SASL authentication failed...
Check /etc/postfix/saslpasswd
, execute postmap
, or ask the provider for the data.
- The SMTP server does not send any RFC-compliant banner
According to some customers, the connection to some mail systems (such as Imail/Ipswitch) might present some problems.
The contacted mail server does not send any RFC-compliant banner (the expression ESMTP must be written between two
blanks) and thus Postfix sends no EHLO, which is necessary for SMTP-AUTH. As a workaround, you can insert the line
smtp_always_send_ehlo = yes
in /etc/postfix/main.cf
(see /etc/postfix/sample-smtp.cf
) to prompt Postfix to always try an EHLO
before using a normal HELO.
- The provider verifies if the sender e-mail address matches the login name for the SMTP-AUTH
In spite of SMTP-AUTH, some providers do not allow the e-mail delivery from a 'wrong' sender. Thus, this relay
host cannot be used with a mail server in a reliable way, since you depend on the server being used by various
senders. In this case, contact your provider to look for a solution.
Keywords: OPENEXCHANGE SERVER, SLOX, POSTFIX, SMTP, AUTH, SASL
Categories:
SuSE Linux IMAP Server
Feedback welcome: Send Mail to srsimai@suse.de (Please give the following subject: SDB-rsimai_slox_smtp_auth
)
SDB-rsimai_slox_smtp_auth, Copyright SuSE Linux AG, Nürnberg, Germany
- Version: 06. Dec 2002
SuSE Linux AG - Last generated: 06. Dec 2002 by ip (sdb_gen 1.40.0)