Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Configuration: Postfix SMTP authentication and Dovecot SASL

Postfix SMTP authentication and Dovecot SASL

  • /etc/postfix/master.cf
  smtp      inet  n       -       -       -       -       smtpd
  submission inet n       -       -       -       -       smtpd
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject

  smtps     inet  n       -       -       -       -       smtpd
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  • /etc/postfix/main.cf
# SASL settings
smtpd_sasl_authenticated_header = yes

# Use Dovecot's SASL interface.
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_relay_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
  • /etc/dovecot/conf.d/10-master.conf
  service auth {
    # ...
    
    # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    }
    # ...
  }

fwolfst commented Mar 27, 2016

I struggle. Doesnt this allow any unauthenticated client to create mail to me@mydomain with the sender you@mydomain?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment