Currently i'm using e.f.a. for inbound email towards the exchange server, this works great.
But i would like to use E.F.A. for outgoing email from my exchange server to, how can i configure E.F.A as relay and i don't want to fill in any smart host address in E.F.A configuration. Also can i use it with basic authentication in exchange and lastly can restrict it from which wan ip is allowed to use it?
E.F.A as relay for external exchange server
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: E.F.A as relay for external exchange server
Yeah, you wouldn't use a smart host on eFa, instead you would establish eFa as a outbound relay.
EFA-Configure Option 8) Mail Settings --> Option 1) Outbound Mail Relay
Authentication does take a a little manual labor currently. Here's some tips to get you started.
1) You should use SUBMISSION on port 587. This requires setting up Postfix properly for this.
2) You need an authentication mechanism (SASL). Again, postfix must be set up properly for this.
3) You need to create a user for SASL Authentication.
The best document for this is the Postfix SASL HowTo http://www.postfix.org/SASL_README.html, which covers these topics.
Lastly, you need to configure IP tables to allow connections to port TCP port 587. This is the perfect opportunity to create a rule that allows connections just from the Exchange server.
EFA-Configure Option 8) Mail Settings --> Option 1) Outbound Mail Relay
Authentication does take a a little manual labor currently. Here's some tips to get you started.
1) You should use SUBMISSION on port 587. This requires setting up Postfix properly for this.
2) You need an authentication mechanism (SASL). Again, postfix must be set up properly for this.
3) You need to create a user for SASL Authentication.
The best document for this is the Postfix SASL HowTo http://www.postfix.org/SASL_README.html, which covers these topics.
Lastly, you need to configure IP tables to allow connections to port TCP port 587. This is the perfect opportunity to create a rule that allows connections just from the Exchange server.
Re: E.F.A as relay for external exchange server
what i get now is PAM auth error.
Rundown what i did:
EFA-Configure Option 8) Spam Settings --> Option 1) Outbound Mail Relay
should be:
Option 8 is - Mail Settings --> 1 ) Outbound Mail Relay ,
the only new thing i can configure there is Hosts. I'm not sure what i meant by Hosts. What host is it expecting for me to fill in? The domain name of the relay or the domain name of the server sending the mail?
i've enabled: You should use SUBMISSION on port 587
by editing: /etc/postfix/master.cf
and uncommenting:
#submission inet n - n - - smtpd
so that it looks like this:
submission inet n - n - - smtpd
and rebooted
2) You need an authentication mechanism (SASL). Again, postfix must be set up properly for this.
i've tried doing this by following the readme, there's alot of stuff i don't think i needed in that readme , like dovecot etc..
i kinda started from: Enabling SASL authentication in the Postfix SMTP server
Alot of the settings mentioned in the readme where already there..
3) You need to create a user for SASL Authentication.
i did this too, for any newbie user, like me, here are some commands: http://blog.scottlowe.org/2006/03/01/cr ... ail-relay/
testsaslauthd -u user -p pass fails for me also with the -s smtp flag
in the log/messages it give a PAM error
Is there anything i should check
Rundown what i did:
EFA-Configure Option 8) Spam Settings --> Option 1) Outbound Mail Relay
should be:
Option 8 is - Mail Settings --> 1 ) Outbound Mail Relay ,
the only new thing i can configure there is Hosts. I'm not sure what i meant by Hosts. What host is it expecting for me to fill in? The domain name of the relay or the domain name of the server sending the mail?
i've enabled: You should use SUBMISSION on port 587
by editing: /etc/postfix/master.cf
and uncommenting:
#submission inet n - n - - smtpd
so that it looks like this:
submission inet n - n - - smtpd
and rebooted
2) You need an authentication mechanism (SASL). Again, postfix must be set up properly for this.
i've tried doing this by following the readme, there's alot of stuff i don't think i needed in that readme , like dovecot etc..
i kinda started from: Enabling SASL authentication in the Postfix SMTP server
Alot of the settings mentioned in the readme where already there..
3) You need to create a user for SASL Authentication.
i did this too, for any newbie user, like me, here are some commands: http://blog.scottlowe.org/2006/03/01/cr ... ail-relay/
testsaslauthd -u user -p pass fails for me also with the -s smtp flag
in the log/messages it give a PAM error
Is there anything i should check
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: E.F.A as relay for external exchange server
Looks like you made good progress.
It sounds like the PAM authentication mechanism is enabled but probably shouldn't be.
What do you have in /etc/sasl2/smtpd.conf ?
Also, if you started it like this
Kill it and start it using init.
It sounds like the PAM authentication mechanism is enabled but probably shouldn't be.
What do you have in /etc/sasl2/smtpd.conf ?
Also, if you started it like this
Code: Select all
saslauthd -a pam
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: E.F.A as relay for external exchange server
You put the name or ip of your Exchange server here.The only new thing i can configure there is Hosts. I'm not sure what i meant by Hosts. What host is it expecting for me to fill in? The domain name of the relay or the domain name of the server sending the mail?
Re: E.F.A as relay for external exchange server
i got alot futher now, it was indeed starting with Pam, i was looking in the init.d where there was shadow but there is actually i different file what really starts the whole thing.
testsaslauthd now works. The IpTables i got working too , i can make a connection using putty. Though i'm still not getting it to work with thunderbird .I'm using thunderbird to test out the smtp before changing stuff in the exchange.
Tunderbird prompts me with password to login, but then saying it's not correct. I'm unsure where to look for logs where it goes wrong now..
testsaslauthd now works. The IpTables i got working too , i can make a connection using putty. Though i'm still not getting it to work with thunderbird .I'm using thunderbird to test out the smtp before changing stuff in the exchange.
Tunderbird prompts me with password to login, but then saying it's not correct. I'm unsure where to look for logs where it goes wrong now..
Re: E.F.A as relay for external exchange server
I've testsaslauth -u user -p password
0: OK Success
but when using the smtp server i'm getting:
Jul 27 15:32:20 continue sendemail[3548]: ERROR => Received: 535 5.7.8 Error: authentication failed: authentication failure
What am i missing in the config?
0: OK Success
but when using the smtp server i'm getting:
Jul 27 15:32:20 continue sendemail[3548]: ERROR => Received: 535 5.7.8 Error: authentication failed: authentication failure
What am i missing in the config?
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: E.F.A as relay for external exchange server
Is postfix's main.cf configured to use the sasl authentication mechanism?