projects / blog.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add Postfix post.
[blog.git] / posts / Postfix.mdwn
diff --git a/posts/Postfix.mdwn b/posts/Postfix.mdwn
new file mode 100644 (file)
index 0000000..8407ce2
--- /dev/null
+++ b/posts/Postfix.mdwn
@@ -0,0 +1,70 @@
+I spent some time today configuring [Postfix][] so I could send mail
+from home via [[SMTPS|STMP]].  Verizon, our ISP, blocks port 25 to
+external domains, forcing all outgoing mail through their
+`outgoing.verizon.net` exchange server.  In order to accept mail, they
+also require you authenticate with your Verizon username and password,
+so I wanted to use an encrypted connection.
+
+For the purpose of this example, our Verizon username is `jdoe`, our
+Verizon password is `YOURPASS`, you're running a local Postfix server
+on `mail.example.com` for your site at `example.com`, and `12345` is a
+free local port.
+
+    # cat /etc/postfix/main.cf
+    myhostname = mail.example.com
+    relayhost = [127.0.0.1]:12345
+    smtp_sasl_auth_enable = yes
+    smtp_sasl_password_maps = hash:/etc/postfix/saslpass
+    sender_canonical_maps = hash:/etc/postfix/sender_canonical
+    # cat /etc/postfix/saslpass
+    [127.0.0.1]:12345 jdoe@verizon.net:YOURPASS
+               # postmap /etc/postfix/saslpass
+               # cat /etc/postfix/sender_canonical
+               root@mail.example.com jdoe@example.com
+    root@example.com jdoe@example.com
+    root@localhost jdoe@example.com
+    jdoe@mail.example.com jdoe@example.com
+    jdoe@localhost jdoe@example.com
+               # postmap /etc/postfix/sender_canonical
+    # cat /etc/stunnel/stunnel.conf
+    [smtp-tls-wrapper]
+    accept = 12345
+    client = yes
+    connect = outgoing.verizon.net:465
+    # /etc/init.d/stunnel restart
+    # postfix reload
+
+Test with:
+
+    $ echo 'testing 1 2' | sendmail you@somewhere.com
+
+Here's what's going on:
+
+* You hand an outgoing message to your local Postfix, which decides to
+  send it via port `12345` on your localhost (`127.0.0.1`) (`relayhost`).
+* Stunnel picks up the connection from Postfix, encrypts everything,
+  and forwards the connection to port 465 on `outgoing.verizon.net`
+  (`stunnel.conf`).
+* Postfix identifies itself as `mail.example.com` (`myhostname`), and
+  authenticates using your Verizon credentials (`smtp_sasl_…`).
+* Because Verizon is picky about the `From` addresses it will accept,
+  we use `sender_canonical` to map addresses to something simple that
+  we've tested.
+
+And that's it :p.  If you're curious, there's more detail about all
+the Postfix config options in the [postconf][] man page, and there's
+good SASL information in the [SASL_README][].
+
+There's also a [blog post by Tim White][TW] which I found useful.
+Because Verizon lacks [STARTTLS][] support, his approach didn't work
+for me out of the box.
+
+[Postfix]: http://www.postfix.org/
+[postconf]: http://www.postfix.org/postconf.5.html
+[SASL_README]: http://www.postfix.org/SASL_README.html
+[TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/
+[STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS
+
+[[!tag tags/linux]]
+[[!tag tags/tools]]
+[[!tag tags/web]]
"unfolding disasters" ikiwiki blog.