FAQ

[CentOS] Centos 6.2 Postfix - forward through SMTP smarthost with SMTP-AUTH

Giles Coochey
Jan 10, 2012 at 5:54 pm
Hi All,

I have set up three servers in a development environment. Via CR they're
updated to Centos 6.2

It appears that these servers have postfix installed on them by default,
which unfortunately I'm not very well acquainted with.

All I want is a quick and dirty way to enable these hosts to send email
through my own SMTP host.

My (sendmail) SMTP host uses SMTP AUTH on a non-standard port and my dev
(virtual env) runs off my laptop, so a dynamic IP.

Does anyone have a quick and dirty configuration for setting up postfix
to forward all remote mail through my smarthost?

I'm guessing that I can put the hostname, the port, and the username and
password somewhere in the postfix configuration and it will just work...

Many Thanks in Advance,

Giles
reply

Search Discussions

7 responses

  • Mail Lists at Jan 10, 2012 at 7:31 pm

    On 01/10/2012 05:54 PM, Giles Coochey wrote:
    Hi All,

    I have set up three servers in a development environment. Via CR
    they're updated to Centos 6.2

    It appears that these servers have postfix installed on them by
    default, which unfortunately I'm not very well acquainted with.

    All I want is a quick and dirty way to enable these hosts to send
    email through my own SMTP host.

    My (sendmail) SMTP host uses SMTP AUTH on a non-standard port and my
    dev (virtual env) runs off my laptop, so a dynamic IP.

    Does anyone have a quick and dirty configuration for setting up
    postfix to forward all remote mail through my smarthost?

    I'm guessing that I can put the hostname, the port, and the username
    and password somewhere in the postfix configuration and it will just
    work...

    Many Thanks in Advance,

    Giles



    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    /etc/postfix

    Edit main.cf

    # The relayhost parameter specifies the default host to send mail to
    # when no entry is matched in the optional transport(5) table. When
    # no relayhost is given, mail is routed directly to the destination.
    #
    # On an intranet, specify the organizational domain name. If your
    # internal DNS uses no MX records, specify the name of the intranet
    # gateway host instead.
    #
    # In the case of SMTP, specify a domain, host, host:port, [host]:port,
    # [address] or [address]:port; the form [host] turns off MX lookups.
    #
    # If you're connected via UUCP, see also the default_transport parameter.
    #
    #relayhost = $mydomain
    #relayhost = [gateway.my.domain]
    #relayhost = uucphost
    #relayhost = [an.ip.add.ress]

    I would recommend reading up on the configurations .

    --

    Brian ----- Get the latest Fremont, OH Weather
    http://www.Fremont-OH-Weather.com
  • Giles Coochey at Jan 11, 2012 at 3:50 am

    On 11/01/2012 00:31, Mail Lists wrote:
    On 01/10/2012 05:54 PM, Giles Coochey wrote:
    Hi All,

    I have set up three servers in a development environment. Via CR
    they're updated to Centos 6.2

    It appears that these servers have postfix installed on them by
    default, which unfortunately I'm not very well acquainted with.

    All I want is a quick and dirty way to enable these hosts to send
    email through my own SMTP host.

    My (sendmail) SMTP host uses SMTP AUTH on a non-standard port and my
    dev (virtual env) runs off my laptop, so a dynamic IP.

    Does anyone have a quick and dirty configuration for setting up
    postfix to forward all remote mail through my smarthost?

    I'm guessing that I can put the hostname, the port, and the username
    and password somewhere in the postfix configuration and it will just
    work...
    /etc/postfix

    Edit main.cf



    I would recommend reading up on the configurations .
    I don't really have the enerygy to do that, thanks anyway. I'll
    uninstall postfix and use sendmail. Just thought maybe there was a quick
    way to keep the default MTA on the system.
  • John R Pierce at Jan 11, 2012 at 4:09 am

    On 01/11/12 12:50 AM, Giles Coochey wrote:
    I don't really have the enerygy to do that, thanks anyway. I'll
    uninstall postfix and use sendmail. Just thought maybe there was a
    quick way to keep the default MTA on the system.
    the first google hit on 'postfix smarthost' says to change/add the line

    relayhost = your.server.com

    to the main.cf file, and restart postfix... seems simple enough.


    this is the 2nd or third hit, it expounds on that and shows how to setup
    SASL authentication with the smarthost...
    http://www.cyberciti.biz/faq/postfix-smtp-authentication-for-mail-servers/



    --
    john r pierce N 37, W 122
    santa cruz ca mid-left coast
  • Giles Coochey at Jan 11, 2012 at 4:38 am

    On Wed, January 11, 2012 10:09, John R Pierce wrote:
    On 01/11/12 12:50 AM, Giles Coochey wrote:
    I don't really have the enerygy to do that, thanks anyway. I'll
    uninstall postfix and use sendmail. Just thought maybe there was a
    quick way to keep the default MTA on the system.
    the first google hit on 'postfix smarthost' says to change/add the line

    relayhost = your.server.com

    to the main.cf file, and restart postfix... seems simple enough.


    this is the 2nd or third hit, it expounds on that and shows how to setup
    SASL authentication with the smarthost...
    http://www.cyberciti.biz/faq/postfix-smtp-authentication-for-mail-servers/
    I forgot to mention that I had already googled. My smarthost doesn't use
    SASL, just STARTTLS - I have tried all those options to no avail.. Perhaps
    some combination of options might work... but which... I was just hoping
    someone else had done this before.
  • Benjamin Hackl at Jan 11, 2012 at 5:33 am
    Dear Giles,

    I think you're searching for this.


    $ cat /etc/postfix/main.cf
    myorigin=yourdomain.com
    relayhost=your.smarthost.com
    smtp_sasl_auth_enable=yes
    ## you probably want to limit how postfix authenticates
    # smtp_sasl_security_options=noanonymous
    # smtp_sasl_mechanism_filter=login
    smtp_sasl_password_maps=hash:/etc/postfix/relay_password
    ## if something doesn't work and you need detailed(!!) logs
    #debug_peer_list=your.smarthost.com
    #debug_peer_level=3
    smtp_use_tls=yes
    #inet_interfaces = loopback-only
    #local_transport = error: disabled
    unknown_local_recipient_reject_code = 450


    $ cat /etc/postfix/relay_password
    your.smarthost.com yourusername:yourpassword

    $ postmap /etc/postfix/relay_password
    $ service postfix reload


    You can check out the commented option in the man pages or
    http://www.postfix.org/postconf.5.html
    if you're interested later/have some spare time/if it doesn't work ;-)


    Brgds


    --
    Freundliche Gruesse/Best Regards
    Benjamin Hackl
    IT/Administration

    Media FOCUS Research Ges.m.b.H.
    Maculangasse 8, 1220 Wien Austria
    Tel: +43 1 258 97 01-295
    b.hackl at focusmr.com
  • Giles Coochey at Jan 11, 2012 at 12:36 pm

    On 11/01/2012 10:33, Benjamin Hackl wrote:
    $ cat /etc/postfix/main.cf
    myorigin=yourdomain.com
    relayhost=your.smarthost.com
    smtp_sasl_auth_enable=yes
    ## you probably want to limit how postfix authenticates
    # smtp_sasl_security_options=noanonymous
    # smtp_sasl_mechanism_filter=login
    smtp_sasl_password_maps=hash:/etc/postfix/relay_password
    ## if something doesn't work and you need detailed(!!) logs
    #debug_peer_list=your.smarthost.com
    #debug_peer_level=3
    smtp_use_tls=yes
    #inet_interfaces = loopback-only
    #local_transport = error: disabled
    unknown_local_recipient_reject_code = 450
    This is very much nearly what I got to. Note though that outbound port
    25 is blocked, but my smarthost listens on the submission port as well
    if auth is used. So my relayhost line says:

    relayhost=my.smarthost.com:587

    On my relayhost maillog I can see the connection appears, but mails are
    bounced with:

    530 5.7.0 Authentication required (in reply to MAIL FROM command)
    $ cat /etc/postfix/relay_password
    your.smarthost.com yourusername:yourpassword
    I have tried
    my.smarthost.com username:password

    and

    [my.smarthost.com]:587 username:password

    and

    my.smarthost.com:587 username:password

    With various entries in main.cf to co-incide with these... (and
    remembering to run postmap each time).

    $ postmap /etc/postfix/relay_password
    $ service postfix reload


    You can check out the commented option in the man pages or
    http://www.postfix.org/postconf.5.html
    if you're interested later/have some spare time/if it doesn't work ;-)
    The line I get in the logs on my smarthost is:

    Jan 11 18:31:35 gate sendmail[17441]: STARTTLS=server,
    relay8.29.xxx.xxx.threembb.co.uk [188.29.xxx.xxx],
    version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits%6/256

    The mail just bounces back to the sender, nothing else on the smarthost
    logs.
  • Giles Coochey at Jan 11, 2012 at 1:12 pm

    On 11/01/2012 17:36, Giles Coochey wrote:
    On 11/01/2012 10:33, Benjamin Hackl wrote:

    $ cat /etc/postfix/main.cf
    myorigin=yourdomain.com
    relayhost=your.smarthost.com
    smtp_sasl_auth_enable=yes
    ## you probably want to limit how postfix authenticates
    # smtp_sasl_security_options=noanonymous
    # smtp_sasl_mechanism_filter=login
    smtp_sasl_password_maps=hash:/etc/postfix/relay_password
    ## if something doesn't work and you need detailed(!!) logs
    #debug_peer_list=your.smarthost.com
    #debug_peer_level=3
    smtp_use_tls=yes
    #inet_interfaces = loopback-only
    #local_transport = error: disabled
    unknown_local_recipient_reject_code = 450
    I was missing:

    smtp_sasl_mechanism_filter <postconf.5.html#smtp_sasl_mechanism_filter>
    = !gssapi

    Something about GSSAPI auth meant it was tried first, failed, and failed
    permanently.

    Disabling that, and it works.

    --
    Best Regards,

    Giles Coochey
    NetSecSpec Ltd
    UK Mobile: +44 7983 877 438
    Business Email: giles.coochey at netsecspec.co.uk
    Email/MSN/Live Messenger: giles at coochey.net
    Skype: gilescoochey

Related Discussions

Discussion Navigation
viewthread | post