I've set up a new postfix instance which more or less duplicates an
older one. The main change (besides being newer) is that the old one
used real users with real accounts while this one uses virtual users.
Some bits work, some don't. I'm a bit confused on how to test it,
really, short of connecting with a regular email client (mutt,
thunderbird, etc.).
But I've a few questions, mostly about auth, which is what has most
changed and which I've clearly not got going correctly. (And I'm aware
that auth may be handled by dovecot and so not be appropriate to /this/
list. But I'm not yet convinced of that, so I have to ask here first.)
1. Users need to provide user + password to send (smtps) and receive
(imaps). I see where I've configured this for dovecot, which is
/etc/dovecot/passwd.db. That file contains lines like this:
j...@mobilitains.fr:{BLF-CRYPT}$2y$05$c...
I do not see how postfix knows who is allowed to connect, however. Does
postfix delegate SASL to dovecot? This is the relevant config, I think:
[T] jeff@nantes-m1:log $ postconf -n | grep -i sasl
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
reject_unknown_client_hostname,reject_unknown_sender_domain,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_invalid_hostname,reject_non_fqdn_sender
smtpd_relay_restrictions = permit_mynetworks
permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
[T] jeff@nantes-m1:log $ postconf -Mf
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
...
2. Any suggestions on how to test this (and continue testing it)?
First, about today, as in, are there good commandline tools to poke at a
postfix instance?
Second, for later, I'm aware of some very useful online web-based tools
(mxtoolbox, etc.), but I'd be quite happy to have some process run on
another host and periodically check that my MX isn't on any blackhole
lists, that the reasonably foreseeable stuff is all working correctly,
etc. I've not found that. Any suggestions?
Many thanks for any pointers.
--
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255
http://p27.eu/jeff/
http://transport-nantes.com/
