E.F.A as relay for external exchange server

Questions and answers about how to do stuff
Post Reply
wieb
Posts: 6
Joined: 19 Jul 2017 22:05

E.F.A as relay for external exchange server

Post by wieb » 19 Jul 2017 22:09

Currently i'm using e.f.a. for inbound email towards the exchange server, this works great.

But i would like to use E.F.A. for outgoing email from my exchange server to, how can i configure E.F.A as relay and i don't want to fill in any smart host address in E.F.A configuration. Also can i use it with basic authentication in exchange and lastly can restrict it from which wan ip is allowed to use it?

User avatar
shawniverson
Posts: 3379
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: E.F.A as relay for external exchange server

Post by shawniverson » 20 Jul 2017 20:50

Yeah, you wouldn't use a smart host on eFa, instead you would establish eFa as a outbound relay.

EFA-Configure Option 8) Mail Settings --> Option 1) Outbound Mail Relay

Authentication does take a a little manual labor currently. Here's some tips to get you started.

1) You should use SUBMISSION on port 587. This requires setting up Postfix properly for this.

2) You need an authentication mechanism (SASL). Again, postfix must be set up properly for this.

3) You need to create a user for SASL Authentication.

The best document for this is the Postfix SASL HowTo http://www.postfix.org/SASL_README.html, which covers these topics.

Lastly, you need to configure IP tables to allow connections to port TCP port 587. This is the perfect opportunity to create a rule that allows connections just from the Exchange server.

wieb
Posts: 6
Joined: 19 Jul 2017 22:05

Re: E.F.A as relay for external exchange server

Post by wieb » 22 Jul 2017 23:32

what i get now is PAM auth error.

Rundown what i did:

EFA-Configure Option 8) Spam Settings --> Option 1) Outbound Mail Relay
should be:
Option 8 is - Mail Settings --> 1 ) Outbound Mail Relay ,
the only new thing i can configure there is Hosts. I'm not sure what i meant by Hosts. What host is it expecting for me to fill in? The domain name of the relay or the domain name of the server sending the mail?

i've enabled: You should use SUBMISSION on port 587
by editing: /etc/postfix/master.cf
and uncommenting:
#submission inet n - n - - smtpd
so that it looks like this:
submission inet n - n - - smtpd

and rebooted

2) You need an authentication mechanism (SASL). Again, postfix must be set up properly for this.
i've tried doing this by following the readme, there's alot of stuff i don't think i needed in that readme , like dovecot etc..

i kinda started from: Enabling SASL authentication in the Postfix SMTP server
Alot of the settings mentioned in the readme where already there..

3) You need to create a user for SASL Authentication.
i did this too, for any newbie user, like me, here are some commands: http://blog.scottlowe.org/2006/03/01/cr ... ail-relay/

testsaslauthd -u user -p pass fails for me also with the -s smtp flag

in the log/messages it give a PAM error

Is there anything i should check

User avatar
shawniverson
Posts: 3379
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: E.F.A as relay for external exchange server

Post by shawniverson » 23 Jul 2017 08:36

Looks like you made good progress.

It sounds like the PAM authentication mechanism is enabled but probably shouldn't be.

What do you have in /etc/sasl2/smtpd.conf ?

Also, if you started it like this

Code: Select all

saslauthd -a pam
Kill it and start it using init.

User avatar
shawniverson
Posts: 3379
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: E.F.A as relay for external exchange server

Post by shawniverson » 23 Jul 2017 12:22

The only new thing i can configure there is Hosts. I'm not sure what i meant by Hosts. What host is it expecting for me to fill in? The domain name of the relay or the domain name of the server sending the mail?
You put the name or ip of your Exchange server here.

wieb
Posts: 6
Joined: 19 Jul 2017 22:05

Re: E.F.A as relay for external exchange server

Post by wieb » 23 Jul 2017 22:06

i got alot futher now, it was indeed starting with Pam, i was looking in the init.d where there was shadow but there is actually i different file what really starts the whole thing.

testsaslauthd now works. The IpTables i got working too , i can make a connection using putty. Though i'm still not getting it to work with thunderbird .I'm using thunderbird to test out the smtp before changing stuff in the exchange.

Tunderbird prompts me with password to login, but then saying it's not correct. I'm unsure where to look for logs where it goes wrong now..

wieb
Posts: 6
Joined: 19 Jul 2017 22:05

Re: E.F.A as relay for external exchange server

Post by wieb » 27 Jul 2017 13:32

I've testsaslauth -u user -p password
0: OK Success

but when using the smtp server i'm getting:
Jul 27 15:32:20 continue sendemail[3548]: ERROR => Received: 535 5.7.8 Error: authentication failed: authentication failure

What am i missing in the config?

User avatar
shawniverson
Posts: 3379
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: E.F.A as relay for external exchange server

Post by shawniverson » 30 Jul 2017 08:15

Is postfix's main.cf configured to use the sasl authentication mechanism?

Post Reply