I have a server on a LAN that need to send emails. Of course, this server has access to the internet through NAT, but for emails it is a bit more difficult : nowadays, email servers are checking many things when receiving emails : reverse, ‘from’ field, etc. and you may not have access to this kind of tuning for the internet IP address used with your NAT. So I needed to configure a relayhost, with direct access to the internet, that would accept my incoming email and relay it through normal channels. But I don’t want this server to be an open relay, so I have to setup authentication between them.
Configuration on Postfix is quite easy :
relayhost = my.relayhost.com:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yes smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
Now, let’s create file /etc/postfix/sasl_passwd :
Create the hash for this file :
$ postmap /etc/postfix/sasl_passwd
Then restart Postfix and let’s try if everything is working :
postfix/qmgr: 62A2D16012B: from=<root@xxxxx>, size=438, nrcpt=1 (queue active) postfix/smtp: warning: SASL authentication failure: No worthy mechs found postfix/smtp: 62A2D16012B: to=<email@example.com>, relay=my.relayhost.com[X.X.X.X]:587, delay=10, delays=10/0.04/0.04/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server my.relayhost.com[X.X.X.X]: no mechanism available)
Damn, there is an authentication error it seems. I double check my password … No, it is not the issue. Let’s focus on the error message :
no mechanism available
So, it seems Postfix did not find any auth mechanism suitable. I know my relayhost is using PLAIN SASL auth … Maybe I’m missing some libs :
$ rpm -qa |fgrep sasl cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64 cyrus-sasl-2.1.23-15.el6_6.2.x86_64
Here, I need lib cyrus-sasl-plain ! Let’s install and retry :
$ yum install -y cyrus-sasl-plain $ /etc/init.d/postfix restart $ postqueue -f
postfix/smtp: F297016012E: to=<firstname.lastname@example.org>, relay=my.relayhost.com[X.X.X.X]:587, delay=0.35, delays=0.01/0.04/0.28/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as EDF5C449D)
And voilà ! It works !