Configure Postfix for SASL Authentication from Dovecot

KB ID 0000883 

Problem

I built a Postfix mail server with Dovecat on CentOS 6.4 installed last week. To read my emails I installed SquirrelMail on the same server, and surprisingly it all went well. However If I attempted to send mail from Microsoft Outlook on my laptop, or from my iPhone this happened;

The following recipient(s) cannot be reached:
      'name@domain-name.com' on 22/11/2013 22:21
Server error: '554 5.7.1 <name@domain-name.com>: Relay access denied'

Solution

In fact the only way I made any progress with this error was when I ‘briefly’ made the server an open relay. What you need to do, is grant a remote ‘user’ the right to relay mail though the server ONLY once they have authenticated. To do this you can use SASL authentication. Luckily I’d installed Dovecot, and the newer version of that will do the hard work for me.

1. Firstly make sure you are in the same boat as me, issue the following command and ensure ‘dovecot’ is available, if not you might want to update Postfix and Dovecot.

postconf -a

postconf

2. Fist you will need to add some lines to the dovecot.conf file, below I’m using nano to open and edit the file.

Allow Relay id authenticated

3. Paste the following to the end of the config file, then save and exit nano.

# Added for Dovecot to Postfix SASL SMTP Authentication
auth default {
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
mechanisms = plain login
}

postconf dovecot SASL

4. Now you need to edit the main.cf config file for Postfix, once again here I’m using nano.

edit main.cf

5. Locate the mynetworks line and ensure it is set to 127.0.0.0/8 (Note: If you have multiple servers you might want to add your servers network IP in here, I’ve only got one).

Warning: DO NOT enter 0.0.0.0/0 this will make you an open relay!

Postfix mynetworks setup

6. Paste the following onto the end of the file, then save and exit.

#Added for SASL SMTP Authentication from Dovecot to Postfix
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes

postix main.cf

To See if SASL Authentication has Started Working

7. If you telnet to your mail server you can see the ‘verbs’ you are presented with.

Without Authentication Enabled

Postfix SMTP verbs

With Authentication Enabled

250-Auth plain login

Connecting Microsoft Outlook to a Postfix Email Account

While setting up the account in Outlook, make sure that on the account, under ‘More Settings’ > Outgoing Server > Tick ‘My outgoing server (SMTP) requires authentication’ > Select ‘Use same settings as my incoming mail server’

Outlook to Postfix

 

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On