Friday, February 20, 2015
linux administration - tips, notes and projects
On one of my local Ubuntu workstations at home, I sometimes have the need to send mail out using mailutils/mailx inside of scripts or on the command line. I also don’t necessarily want/need to set up an entire mail server on my workstation. In addition, Verizon FiOS doesn’t take too kindly to this for purposes of preventing malicious activity, SPAM, etc. They actually block outbound connections on the default SMTP port (25).
If you’re using Ubuntu 14.04 LTS, it comes with Postfix by default. If you’re using a different version or flavor, chances are you’ve got Sendmail or Exim installed. These instructions assume you’ve uninstalled whatever MTA came with your system, and that you want to use Postfix (far superior to its counterparts in my eyes).
First, it’s easiest to install postfix and Cyrus SASL packages from your operating system’s repository. If you’re compiling from source, be sure to make Postfix with the -DUSE_SASL_AUTH flag for SASL support and -DUSE_TLS for TLS support.
# apt-get install postfix libsasl2-2 -y
In Ubuntu/Debian/Mint, the SASL package is called libsasl2-2
In CentOS/RHEL/Fedora, the SASL packages are called cyrus-sasl and cyrus-sasl-plain
Next, edit the main Postfix configuration file @ /etc/postfix/main.cf to include the following:
# Set this to your server's fully qualified domain name.
# If you don't have a internet domain name,
# use the default or your email addy's domain - it'll keep
# postfix from generating warnings all the time in the logs
mydomain = local.domain
myhostname = host.local.domain
# Set this to your email provider's smtp server.
# A lot of ISP's (ie. Verizon) block the default port 25
# to prevent spamming. So in this case we'll use port 587.
relayhost = your.smtp.host:587
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
# optional: necessary if email provider uses load balancing and
# forwards emails to another smtp server
# for delivery (ie: smtp.yahoo.com --> smtp.phx.1.yahoo.com)
smtp_cname_overrides_servername = no
# optional: necessary if email provider
# requires passwords sent in clear text
smtp_sasl_security_options = noanonymous
Note: Your remote SMTP host must be configured to listen on the alternate port you specify in relayhost=
Next, you need to configure authentication with SASL, so edit /etc/postfix/sasl_passwd and provide the credentials in this format:
Note: The host and port must match identically to relayhost= in main.cf
Generate a postfix .db file from the previous file
# postmap hash:/etc/postfix/sasl_passwd
For security, you’ll want to make sure the sasl_passwd and sasl_passwd.db files are not readable:
# chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
That’s it, restart the postfix service and test sending email.
# service postfix restart
# echo testing | mail email@example.com
If you did everything correctly, you’ll see your local host connect to the remote host and send the message. If something went wrong, you’ll want to start digging through logs to figure out why.
Leave a Reply