Enabling postfix SMTP authentication using Dovecot


If you configure postfix in a default manner as posted in my previous posts, mail relay will be disabled. This is a security feature since you will not want people to misuse your SMTP server to send mails to people without you having any control. Spammers hand hackers will be constantly searching for mail servers on the net to use them, and send spam emails to users.

By default, your postfix SMTP severs will be able to send and receive emails within the virtuals domains hosted with your servers.

One way to control who should have access to send mail to outside hosts is based on the list of users who have mailboxes in the server (example : postfix SMTP server) itself, and who can get authenticated using the authentication mechanism used by the pop3 server, in our case the dovecot.

The way to configure it is as follows:

Edit the dovecot configuration file

  • vi /etc/dovecot/conf.d/10-master.conf
  • #Postfix smtp-auth
  • unix_listener /var/spool/postfix/private/auth {
  • mode = 0660
  • user = postfix
  • group = postfix
  • }

Edit the postfix configuration file:

  • ]# vi /etc/postfix/main.cf
  • smtpd_sasl_type = dovecot
  • smtpd_sasl_path = private/auth
  • smtpd_sasl_auth_enable = yes
  • broken_sasl_auth_clients = yes
  • smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Restart the mail services:

  • systemctl restart postfix
  • systemctl restart dovecot

Verify if the authentication by a telent session

~]# telnet localhost 25
Trying ::1…
Connected to localhost.
Escape character is ‘^]’.
220 <my hostname> ESMTP Postfix
ehlo <my hostname>
250-<my hostname>
250-SIZE 10240000

250 DSN
221 2.0.0 Bye
Connection closed by foreign host.

Note: If you are using mail clients such as squirrelMail, ensure that configuration is done on the client so that SMTP authentication mechanism is enabled there too

Be the first to comment on "Enabling postfix SMTP authentication using Dovecot"

Leave a comment