So after installing cyrus-sasl, postfix and dovecot all I needed to do was:

Edit /etc/postfix/main.cf  – At the end of your configuration add:

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Don’t forget that postfix by default runs in it’s own chroot jail, so the smptd_sasl_path above is relative to the postfix root. So in my case on CentOS 5 that equates to “/var/spool/postfix/private/auth”

Now go on and edit your /etc/dovecot.conf file.  Find the lines

userdb passwd {
}

Then add this immediately below it

socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}

Now all you need to do is restart postfix, dovecot and (re)start saslauthd

/etc/init.d/postfix restart
/etc/init.d/dovecot restart
/etc/init.d/saslauthd restart

If you now telnet to your mail server on port 25, and use EHLO you should be able to see the following

ehlo me
250-your.server.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

My next posting will include details on how to extend this to include the use of TLS

In part my hand has been forced, after offering to host a website for my brother in law (alias overlap). So aspart of the reorganization I decided to take a look into qmail. The fact that we use it within the ASF too, means that I will hopefully be better able to help with that should the need arise.

Here’s hoping all goes well.

All my mail goes via a 3rd party filtering system (for now) so I won’t lose any mail it might just mean a slightly longer delay than usual.

Sadly some flaming idiot in Poland, has been sending out emails claiming to be me.
I have looked at the message headers for a few of them, they all came from different servers, different providers.

Now, I wonder if there is an MTA addon that checks the message headers as they come in, especially if the message looks like an NDR, and if the message didn’t originate from one of my known IPs (SPF records perhaps) then reject the message, or pass it to SpamAssassin, or the likes. Any ideas?
[1] NDR – Non-Delivery Report

Following on from Rich’s post about grey-listing I ran off to the website and downloaded a copy of greyfix.

I quickly installed it, and setup postfix. I immediately noticed a difference in /var/log/mail I now receive about 20 spam messages a day, rather than over 900 a day. What an improvement.

Like Rich, I had been looking at grey listing but caved in when trying to set it up. This is so easy I’m sure most anyone could get it working. My only change from the default install is to lower the retry time from 3480 secs (58 minutes) to a lower threshold. As of yet I am still to receive a mail from an IPV6 host so I am not too worried about that limitation just yet.