Differences

This shows you the differences between two versions of the page.

--- networking:linux:postfix_smarthost [2016/05/20 11:30]
gcooper
+++ networking:linux:postfix_smarthost [2021/11/30 08:01] (current)
gcooper
@@ Line 18: / Line 18: @@
   * Blacklisted IP address
   * Etc.
+You need a package installed (CentOS, Ubuntu):
+<file>
+yum install cyrus-sasl-plain
+</file>
+<file>
+apt install libsasl2-modules
+</file>
 You can copy and paste the following into an editor, then adjust the $SMTPHOST and $USERPASS variables for your needs. Then, as root, paste it to the command line:
@@ Line 43: / Line 53: @@
 postconf -e 'smtp_sasl_security_options ='
-/etc/init.d/postfix reload
+systemctl restart postfix
 </file>
@@ Line 61: / Line 71: @@
 <file>
-yum install cyrus-sasl-plain
+yum install cyrus-sasl-plain cyrus-sasl-ntlm
 </file>
@@ Line 73: / Line 83: @@
 <file>
-SMTPHOST=your.mailserver.domain:587
+#smtp.isp.com       username:password
+<fqdn_of_mail_svr>:587  <username>:<password>
 </file>
@@ Line 84: / Line 95: @@
 <file>
 postconf -e 'smtp_use_tls=yes'
-/etc/init.d/postfix reload
+postfix reload
 </file>
@@ Line 91: / Line 102: @@
 **Envelope-From**: http://serverfault.com/questions/533912/how-do-i-change-the-envelope-from-in-postfix
-Some servers require the ''envelope-from'' header to be a valid user in order to accept mail via authenticated SMTP.
+<note warning>Some mail servers require the ''envelope-from'' header to be a **valid sender** in order to accept mail via authenticated SMTP.  Many servers also require that the **authentication user must match the sender address**.</note>
 <file>
@@ Line 102: / Line 113: @@
 <file>
-# Use the empty regexp to map *any* address to the desired envelope sender.
+# Use the empty regex '//' to map *any* address to the desired envelope sender.
-// pbx@zonadentalgroup.com
+// validsender@yourdomain.tld
 </file>
@@ Line 110: / Line 121: @@
 postconf -e "canonical_classes = envelope_sender"
 postconf -e "canonical_maps = regexp:/etc/postfix/canonical"
+postfix reload
+</file>
+===== FreePBX Distro =====
+:!: Includes **SMTP authentication**, **TLS**, **envelope-from** and **trusted CAs**
+  - **Copy** to a text editor
+  - **Edit** for your needs
+  - **Paste** into FreePBX Distro CLI as ''root''
+:!: This package must be installed on older FreePBX Distro installations:
+<file>
+yum install cyrus-sasl-plain
+</file>
+Copy, edit, then paste in the CLI:
+<file>
+FILE=/etc/postfix/password
+# Your valid mail server - colon and port number optional
+SMTPHOST=yoursmtphost.yourdomain.tld:587
+# SMTP auth credentials - username may have @
+USERPASS=yoursmtpusername:yoursmtpuserpassword
+CANONICAL=/etc/postfix/canonical
+# Must be a valid authorized sender e-mail address in your domain
+SENDER=validsender@yourdomain.tld
+# Trusted CAs aren't configured by default?!
+CAFILE=/etc/ssl/certs/ca-bundle.trust.crt
+# This will overwrite any existing contents
+cat << EOF > $FILE
+#smtp.isp.com       username:password
+$SMTPHOST  $USERPASS
+EOF
+chown root:root $FILE
+chmod 0600 $FILE
+postmap hash:$FILE
+postconf -e "relayhost = $SMTPHOST"
+postconf -e 'smtp_sasl_auth_enable = yes'
+postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/password'
+postconf -e 'smtp_sasl_security_options ='
+postconf -e 'smtp_use_tls=yes'
+# This will overwrite any existing contents
+cat << EOF > $CANONICAL
+# Use the empty regex to map *any* address to the desired envelope sender (a valid sender).
+// $SENDER
+EOF
+postmap $CANONICAL
+postconf -e "canonical_classes = envelope_sender"
+postconf -e "canonical_maps = regexp:$CANONICAL"
+# Configure trusted CAs
+postconf -e "smtp_tls_CAfile = $CAFILE"
 postfix reload
 </file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools