Dear Interwebs: Secure SMTP Relay Wanted
I'm looking for a basic SMTP relay which supports SMTP AUTH, TLS, supports the sendmail interface, and has a local mail queue, so that I can send mail from my laptop in Evolution (to localhost, or calls sendmail) and the shell (calling sendmail) when online or offline.
I need SMTP AUTH and TLS, which means nbsmtp, masqmail, and nullmailer are out. I want a local queue for when I'm not online which means esmtp, ssmtp, msmtp, and nullmailer are out (I'm not convinced that msmtp's queue scripts are reliable enough). Surely there must be a simple SMTP relay which will reliably manage a queue if the mail cannot be sent! If not, does anyone know of a good guide to configuring Postfix or Exim to do this?
Posted by Berto at Sun Mar 30 15:54:34 2008:
Both Exim and Postfix are easy to configure. If you're using Debian (and I guess that Ubuntu too) you have a configuration script for Exim (with Debconf) very easy to use.
Posted by lennart at Sun Mar 30 15:59:19 2008:
postfix is what you are looking for. Settings this up is a matter of writing a configuration file of maybe 10 lines.
Posted by Wouter Bolsterlee at Sun Mar 30 16:05:23 2008:
Nullmailer does support SMTP auth and can be configured to try several SMTP servers in a specified order (e.g. home SMTP, work SMTP, backup SMTP with AUTH). This works wonderfully for me, even if I'm not only (mail is kept in a queue which is run when a network interface comes up). So, your description does not seem quite right. You're right about the TLS part, afaik nullmailer does not support this.
Posted by Wouter Bolsterlee at Sun Mar 30 16:15:43 2008:
Posted by Dan Nicholson at Sun Mar 30 17:53:39 2008:
Postfix is definitely the way to go. There are tons of HOWTOs around including on the Postfix site:
http://www.postfix.org/docs.html
If you really want to dive into Postfix, I'd suggest getting the excellent Book of Postfix.
http://www.postfix-book.com/
Posted by Ross at Sun Mar 30 18:01:11 2008:
http://www.postfix.org/docs.html
If you really want to dive into Postfix, I'd suggest getting the excellent Book of Postfix.
http://www.postfix-book.com/
The point is I'd prefer not to dive into a book, I want something which takes two minutes to install. :)
Posted by Thouters at Sun Mar 30 18:13:03 2008:
I use a combination of xinetd and a
ssh tunnel to my home router for this, I wrote things down at
http://www.thouters.be/OpenWRTTunnel
Posted by Dan at Sun Mar 30 20:49:43 2008:
ssh tunnel to my home router for this, I wrote things down at
http://www.thouters.be/OpenWRTTunnel
Postfix is an excellent SMTP system but it does have lots of buttons. I would have a play with the defer_transports option.
http://www.postfix.org/rate.html#postponing
D.
Posted by HUb at Sun Mar 30 22:45:44 2008:
http://www.postfix.org/rate.html#postponing
D.
Postfix. and it has excellent documentation.
As for the 2minutes install leave that to the security holes.
Posted by Marius Gedminas at Sun Mar 30 23:46:19 2008:
As for the 2minutes install leave that to the security holes.
2-minute Postfix configuration guide to have your laptop queue emails when offline and then flush them to a trusted SMTP server using TLS and SMTP authentication.
Set up postfix normally, first (sudo apt-get install postfix, "internet site" will mostly do the right thing)
Edit /etc/postfix/main.cf:
relayhost = MAILSERVER
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_tls_enforce_peername = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
Create /etc/postfix/smtp_auth:
MAILSERVER USERNAME:PASSWORD
Then run
sudo chmod 600 /etc/postfix/smtp_auth
sudo postmap /etc/postfix/smtp_auth
sudo postfix reload
and it's done.
Posted by Rudd-O at Mon Mar 31 00:30:06 2008:
Set up postfix normally, first (sudo apt-get install postfix, "internet site" will mostly do the right thing)
Edit /etc/postfix/main.cf:
relayhost = MAILSERVER
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_tls_enforce_peername = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
Create /etc/postfix/smtp_auth:
MAILSERVER USERNAME:PASSWORD
Then run
sudo chmod 600 /etc/postfix/smtp_auth
sudo postmap /etc/postfix/smtp_auth
sudo postfix reload
and it's done.
Postfix.
on the client machine (your local mail queue)
relayhost = your-tls-mailserver.com.net.org.edu
smtp_tls_security_level = may
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
Of course you need to create /etc/postfix/sasl_passwd and postmap it as well:
your-tls-mailserver.com.net.org.edu useraccountonserver:passwordoftheaccount
That should do enough to configure postfix as a mailserver-relay-dependent SASL/TLS client.
Posted by Zakaria at Wed Apr 2 07:50:11 2008:
on the client machine (your local mail queue)
relayhost = your-tls-mailserver.com.net.org.edu
smtp_tls_security_level = may
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
Of course you need to create /etc/postfix/sasl_passwd and postmap it as well:
your-tls-mailserver.com.net.org.edu useraccountonserver:passwordoftheaccount
That should do enough to configure postfix as a mailserver-relay-dependent SASL/TLS client.
Dear Ross,
Do you know this post and other posts got syndicated in GNOME News http://planet.gnome.org/news/ ?
I know that you're a news-worthy person, but could you somehow restrict the syndication to some GNOME related posting?
Thanks
Posted by Ross at Wed Apr 2 08:50:21 2008:
Do you know this post and other posts got syndicated in GNOME News http://planet.gnome.org/news/ ?
I know that you're a news-worthy person, but could you somehow restrict the syndication to some GNOME related posting?
Thanks
