It is assumed that following has been configured:
First install the following:
apt-get install libsasl2-modules apt-get install sasl2-bin
Create a file /etc/postfix/sasl/smtpd.conf:
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: plain login
Add an user to sasldb2
saslpasswd2 -c -u domain user sasldblistusers2
Postfix needs /etc/sasldb2 in his chroot environment. One solution is to change init script to copy sasldb2 at startup.
In /usr/lib/postfix/configure-instance.sh, add etc/sasldb2 in the variable FILES :
FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/host.conf etc/nsswitch.conf etc/nss_mdns.config etc/sasldb2"
Edit Postfix configuration:
Type the following at the terminal:
postconf -e 'smtpd_sasl_local_domain = $myhostname' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous'
Restart (reloading is not enough) postfix:
service postfix restart systemctl daemon-reload
Edit /etc/postfix/main.cf
Ensure that mynetworks includes the Primary mail Server's IP address: such as 82.68.17.190/32
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, localhost, 82.68.17.190/32, 185.195.232.168/32, 185.195.232.148/32
Also check:
mydestination should include the domain that this relay Server will be servicing. Such as: flakie.org etc
mydestination = $myhostname, flakie.org, localhost, localhost.localdomain, localhost
smtpd_recipient_restrictions should be added or set as below:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
relay_domains should be added as below:
relay_domains = $mydestination
Save /etc/postfix/main.cf
Edit /etc/postfix/master.cf
Ensure the line: “50070 inet n - y - - smtpd”is added. It allows smtpd traffic on port 50070. This will be the communication between the primary email Server and the relay Server.
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== 50070 inet n - y - - smtpd
Add the following underneath the line above:
submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Add the following underneath the line above:
smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Save /etc/postfix/master.cf
Edit /etc/postfix/main.cf
Ensure the following is added underneath mydestination. This is the IP of the relay Server and the port expressed in the master.cf file.
relayhost = 212.71.234.106:50070
Add the following at the bottom of the file:
# outbound relay configurations smtpd_sasl_auth_enable = yes smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_security_options = noanonymous smtpd_tls_security_level = may header_size_limit = 4096000
Save /etc/postfix/main.cf
Create the following file:
/etc/postfix/sasl_passwd
Enter the following to the top line of the file:
[212.71.234.106]:50070 root:compu1er
The above is the IP of the relay Server along with the port. Additionally add the username and password as created in the 3rd of the relay tasks
Save the file.
Finally type the following command:
postmap /etc/postfix/sasl_passwd
The above creates a database-like file so postfix can read it