[vox-tech] Postfix + SMTP-AUTH: 1, Me: 0
p at dirac.org
p at dirac.org
Sat Dec 16 16:18:37 PST 2006
Hi all,
I've read that verizon.net blocks all outgoing mail that doesn't carry a
"verizon.net" address. Most of what I read came from marginally technical
Windows and Mac users, and it's unclear if this means the "From" header
(what the recipient sees) or the "mail from:" SMTP header, which the
recipient doesn't see.
I just read that this policy quietly went away, so I decided to perform an
experiment:
p at satan$ telnet outgoing.verizon.net 25
Trying 206.46.232.12...
Connected to outgoing.verizon.net.
Escape character is '^]'.
220 vms044pub.verizon.net -- Server ESMTP (Sun Java System Messaging Server
6.2-6.01 (built Apr 3 2006))
helo dirac.org
250 vms044pub.verizon.net OK, [71.249.112.20].
mail from: p at dirac.org
550 5.7.1 Authentication Required
help
214-2.3.0 Available commands:
214-2.3.0
214-2.3.0 DATA, EHLO, EXPN, HELO, HELP, MAIL FROM
214-2.3.0 NOOP, QUIT, RCPT TO, RSET, SAML FROM
214-2.3.0 SEND FROM, SOML FROM, TICK, TURN
214-2.3.0 VERB, VRFY, XADR, XSTA, XCIR, ETRN
214-2.3.0 XGEN, LHLO, AUTH
214 2.3.0
quit
221 2.3.0 Bye received. Goodbye.
Connection closed by foreign host.
I had no idea what "AUTH" was, so I Googled. I think I have a better idea
now, but I need some help setting it up.
I found the "Postfix SASL Howto" at http://www.postfix.org/SASL_README.html.
Currently going through it step by step. It appears I need something that
implements SASL, a method to add security to older connection based
protocols that don't have sufficient security. SMTP is one of them.
1. Going through the howto, it appears that the "Cyrus" implementation is
what I want to use. So I installed:
cyrus-common-2.2
cyrus-doc-2.2
cyrus-imapd-2.2
2. Next, I added the following lines to /etc/postfix/main.cf:
relayhost = [outgoing.verizon.net]
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
3. Next, it looks like I need to tell Cyrus how to perform authentication.
It looks like there are 3 methods of authentication:
a. Unix password database. But I'm trying to authenticate myself to
Verizon.net's SMTP server, so I'm *assuming* that they want my
Verizon username/password. I suppose I could add a user/password
to /etc/shadow that's the same as my Verizon login, but this
method didn't seem appropriate.
b. Using the saslauthd daemon which can use PAM. However, since I'm
only going to be using this for outgoing mail, I don't want a
running daemon just for this purpose.
c. Cyrus's own password database. This seems like the right choice.
The howto says I need to set:
pwcheck_method: auxprop
in /usr/local/lib/sasl2/smtpd.conf. However, the file doesn't exist.
After hunting around, I found /etc/imapd.conf owned by cyrus-common-2.2,
and there's two items that look promising:
sasl_pwcheck_method: auxprop
# sasl_auxprop_plugin: sasldb
Not an exact match, but it's close. The docs say that by default "all
plugins are tried, which is probably not what you want". At this point,
I just want it to work and I'll finetune later. But I don't see any
plugins in /usr/lib/sasl2 that identify themselves for SMTP
authentication. I'll figure this out later.
So it looks like the default options are good for me.
4. Next I'm supposed to populate the Cyrus database with:
saslpasswd2 -c -u `postconf -h myhostname` MY_VERIZON_USERNAME
which I did.
I restarted postfix, and sent an email. It bounced shortly after:
<psalzman at lifshitz.ucdavis.edu>: host outgoing.verizon.net[206.46.232.12]
said: 550 5.7.1 Authentication Required (in reply to MAIL FROM command)
So here I am. Angry. Frustrated. Not even sure if any of this is really
remotely correct. It's ... absolutely bizarre that getting ESMTP to just
"work" can be this difficult.
Help?
Pretty please?
Pete
More information about the vox-tech
mailing list