Postfix and SMTP authentication.

seanbranagh · October 3, 2009, 8:17pm

I am switching from cPanel reseller hosting to a Centos 5.3 VPS on which I have installed Virtualmin GPL. With the cPanel server users were required to use the option in Outlook etc “My outgoing server requires authentication” and set it to the same as the incomming server i.e. name@domain.com and their password. With Postfix on the VPS the SMTP authentication will only work with name-domain.com despite the fact that the incomming server accepts name@domain.com as there is valid Unix users name@domain.com and name-domain.com. How can I make the SMTP server accept the Unix users name@domain.com? I really don’t want to ask all my users to start changing this setting.

molski · October 3, 2009, 10:12pm

Check out this how-to (the Postfix part), that should help you:

http://www.howtoforge.com/virtual-hosting-with-virtualmin-on-centos5.1

arjones85 · October 7, 2009, 5:33am

I spent several days figuring this issue out, so I figured I would be nice and just give you the answer as opposed to you having to dig through a 6 page how-to for a simple solution.

For IMAP and POP3 authentication, all you have to do is change the “Format for usernames that include domain” in:

Virtualmin > System Settings > Server Templates > Default Settings > Mail for Domain

to be “user@domain”.

However, Cyrus SASL, which is what handles the SMTP authentication, requires a special flag on it to handle user@domain usernames, a -r in the settings. The magical file you need to edit is /etc/sysconfig/saslauthd. At the bottom you will see the following:

Additional flags to pass to saslauthd on the command line.
See saslauthd(8) for the list of accepted flags.
FLAGS=-r

Just make your FLAGS= like mine does. This will pass the -r to the sasl authentication daemon, and your user@domain authentication will work!

Let me know if you have any other questions.

molski · October 7, 2009, 8:53am

When I install Virtualmin and when I change Virtualmin > System Settings > Server Templates > Default Settings > Mail for Domain to be “user@domain” and make some changes in Postfix (main.cf and master.cf) it also enables the user@domain login credentials, so without editing any other files.

Thanks for sharing though, I will certainly test this sometime

seanbranagh · October 7, 2009, 5:48pm

When I added the -r the problem did appear to be solved but now I am able to send email through the server without using “My outgoing server requires authentication”. Looking at the mail log the server is sending mail and doesn’t care if I provide a login or not but there is no spam showing in the mail log which is confusing as it is not asking for a smtp login?

Eric · October 7, 2009, 6:09pm

You won’t actually need to enter a password, unless you’re attempting to send an email to an address outside of your server.

If the address is local, it’s not considered relaying, that’s just local delivery, so there’s no need for authentication.

-Eric

seanbranagh · October 7, 2009, 6:13pm

I am sending to addresses outside of my server including my hotmail account and it still does not care if I supply a login or not.
Without the -r it requires a login for anything outside my server.

molski · October 7, 2009, 6:17pm

I use a script myself for installing Virtualmin with some customizations. It can be found here: http://www.molski.nl/webserverinstall.sh

The script also downloads some files form here http://www.molski.nl/files.tar.gz

When you replace my files (the files in the postfix directory and dovecot.conf) with the ones on your (CentOS) installation, you will have user@domain working for POP3/IMAP/SMTP.

Compare my files with yours and you know what made the difference

arjones85 · October 8, 2009, 1:25am

This behavior can occur if you authenticate as a POP or IMAP client before you sent the message. Your authentication will carry over to the SMTP server.

Use this form to check to make sure your mail server is not an open relay: http://www.abuse.net/relay.html

seanbranagh · October 8, 2009, 5:14pm

I have to appolozize. The reason that I thought I had an open relay was because I was testing this on a local Centos Virtualmin server and had permit_mynetworks enabled. I was testing the config on this local server before trying it on my VPS.
The -r flag does actually works perfectly.
Thanks for the link to the form, it is a good test and my server passed.
I am now ready to migrate my sites onto my Virtualmin VPS as this was the last issue to overcome.
Thanks for all the help.

JohnWolgamot · October 1, 2015, 12:13am

I installed Centos 7 and outgoing messages from Thunderbird would not send, asking for the password.

I found the saslauthd was not running. I’m not sure why it wasn’t but your mention of it here let me track down the issue.