Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 2. Deploying and configuring a Postfix SMTP server
As a system administrator, you can configure your email infrastructure by using a mail transport agent (MTA), such as Postfix, to transport email messages between hosts by using the SMTP protocol. Postfix is a server-side application for routing and delivering mail. You can use Postfix to set up a local mail server, create a null-client mail relay, use a Postfix server as a destination for multiple domains, or choose an LDAP directory instead of files for lookups.
			The postfix package provides multiple configuration files in the /etc/postfix/ directory.
		
To configure your email infrastructure, use the following configuration files:
- 
					main.cf: contains the global configuration of Postfix.
- 
					master.cf: specifies Postfix interaction with various processes to accomplish mail delivery.
- 
					access: specifies access rules, for example hosts that are allowed to connect to Postfix.
- 
					transport: maps email addresses to relay hosts.
- 
					aliases: contains a configurable list required by the mail protocol that describes user ID aliases. Note that you can find this file in the/etc/directory.
The key features of Postfix:
- Security features to protect against common email related threats
- Customization options, including support for virtual domains and aliases
2.1. Installing and configuring a Postfix SMTP server
You can configure your Postfix SMTP server to receive, store, and deliver email messages. If the mail server package is not selected during the system installation, Postfix will not be available by default. Perform the following steps to install Postfix:
Prerequisites
- You have the root access.
- Register your system
Procedure
- Remove the Sendmail utility: - dnf remove sendmail - # dnf remove sendmail- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Install Postfix: - dnf install postfix - # dnf install postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To configure Postfix, edit the - /etc/postfix/main.cffile and make the following changes:- By default, Postfix receives emails only on the - loopbackinterface. To configure Postfix to listen on specific interfaces, update the- inet_interfacesparameter to the IP addresses of these interfaces:- inet_interfaces = 127.0.0.1/32, [::1]/128, 192.0.2.1, [2001:db8:1::1] - inet_interfaces = 127.0.0.1/32, [::1]/128, 192.0.2.1, [2001:db8:1::1]- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - To configure Postfix to listen on all interfaces, set: - inet_interfaces = all - inet_interfaces = all- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- If you want that Postfix uses a different hostname than the fully-qualified domain name (FQDN) that is returned by the - gethostname()function, add the- myhostnameparameter:- myhostname = smtp.example.com - myhostname = smtp.example.com- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - For example, Postfix adds this hostname to header of emails it processes. 
- If the domain name differs from the one in the - myhostnameparameter, add the- mydomainparameter:- mydomain = example.com - mydomain = example.com- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Add the - myoriginparameter and set it to the value of- mydomain:- myorigin = $mydomain - myorigin = $mydomain- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - With this setting, Postfix uses the domain name as origin for locally posted mails instead of the hostname. 
- Add the - mynetworksparameter, and define the IP ranges of trusted networks that are allowed to send mails:- mynetworks = 127.0.0.1/32, [::1]/128, 192.0.2.1/24, [2001:db8:1::1]/64 - mynetworks = 127.0.0.1/32, [::1]/128, 192.0.2.1/24, [2001:db8:1::1]/64- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - If clients from not trustworthy networks, such as the internet, should be able to send mails through this server, you must configure relay restrictions in a later step. 
 
- Verify if the Postfix configuration in the - main.cffile is correct:- postfix check - # postfix check- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Enable the - postfixservice to start at boot and start it:- systemctl enable --now postfix - # systemctl enable --now postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Allow the SMTP traffic through firewall and reload the firewall rules: - firewall-cmd --permanent --add-service smtp firewall-cmd --reload - # firewall-cmd --permanent --add-service smtp # firewall-cmd --reload- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Verify that the - postfixservice is running:- systemctl status postfix - # systemctl status postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Optional: Restart the - postfixservice, if the output is stopped, waiting, or the service is not running:- systemctl restart postfix - # systemctl restart postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: Reload the - postfixservice after changing any options in the configuration files in the- /etc/postfix/directory to apply those changes:- systemctl reload postfix - # systemctl reload postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Verify the email communication between local users on your system: - echo "This is a test message" | mail -s <subject> <user@mydomain.com> - # echo "This is a test message" | mail -s <subject> <user@mydomain.com>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To verify that your mail server does not relay emails from external IP ranges to foreign domains, follow the below mentioned procedure: - 
								Log in to a client which is not within the subnets that you defined in mynetworks.
- Configure the client to use your mail server.
- 
								Try to send an email to an email address that is not under the domain you specified in mydomainon your mail server. For example, try to send an email tonon-existing-user@redhat.com.
- Check the - /var/log/maillogfile:- 554 Relay access denied - the server is not going to relay. 250 OK or similar - the server is going to relay. - 554 Relay access denied - the server is not going to relay. 250 OK or similar - the server is going to relay.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- 
								Log in to a client which is not within the subnets that you defined in 
Troubleshooting
- 
						In case of errors, check the /var/log/maillogfile.
2.2. Customizing TLS settings of a Postfix server
To make your email traffic encrypted and therefore more secure, you can configure Postfix to use a certificate from a trusted certificate authority (CA) instead of the self-signed certificate and customize the Transport Layer Security (TLS) security settings. By default, the TLS encryption protocol is enabled in the Postfix server. The basic Postfix TLS configuration contains self-signed certificates for inbound SMTP and the opportunistic TLS for outbound SMTP.
Prerequisites
- You have the root access.
- 
						You have the postfixpackage installed on your server.
- You have a certificate signed by a trusted certificate authority (CA) and a private key.
- You have copied the following files to the Postfix server: - 
								The server certificate: /etc/pki/tls/certs/postfix.pem
- 
								The private key: /etc/pki/tls/private/postfix.key
 
- 
								The server certificate: 
- If the FIPS mode is enabled, clients must either support the Extended Master Secret (EMS) extension or use TLS 1.3. TLS 1.2 connections without EMS fail. For more information, see the Red Hat Knowledgebase solution TLS extension "Extended Master Secret" enforced.
Procedure
- Set the path to the certificate and private key files on the server where Postfix is running by adding the following lines to the - /etc/postfix/main.cffile:- smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_key_file = /etc/pki/tls/private/postfix.key - smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_key_file = /etc/pki/tls/private/postfix.key- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Restrict the incoming SMTP connections to authenticated users only by editing the - /etc/postfix/main.cffile:- smtpd_tls_auth_only = yes - smtpd_tls_auth_only = yes- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Reload the - postfixservice to apply the changes:- systemctl reload postfix - # systemctl reload postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Configure your client to use TLS encryption and send an email. Note- To get additional information about Postfix client TLS activity, increase the log level from - 0to- 1by changing the following line in the- /etc/postfix/main.cf:- smtp_tls_loglevel = 1 - smtp_tls_loglevel = 1- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
2.3. Configuring Postfix to forward all emails to a mail relay
If you want to forward all email to a mail relay, you can configure Postfix server as a null client. In this configuration Postfix only forwards mail to a different mail server and is not capable of receiving mail.
Prerequisites
- You have the root access.
- 
						You have the postfixpackage installed on your server.
- You have the IP address or hostname of the relay host to which you want to forward emails.
Procedure
- To prevent Postfix from accepting any local email delivery and making it a null client, edit the - /etc/postfix/main.cffile and make the following changes:- Configure Postfix to forward all email by setting the - mydestinationparameter equal to an empty value:- mydestination = - mydestination =- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - In this configuration the Postfix server is not a destination for any email and acts as a null client. 
- Specify the mail relay server that receives the email from your null client: - relayhost = [<ip_address_or_hostname>] - relayhost = [<ip_address_or_hostname>]- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The relay host is responsible for the mail delivery. Enclose - <ip_address_or_hostname>in square brackets.
- Configure the Postfix mail server to listen only on the loopback interface for emails to deliver: - inet_interfaces = loopback-only - inet_interfaces = loopback-only- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- If you want Postfix to rewrite the sender domain of all outgoing emails to the company domain of your relay mail server, set: - myorigin = relay.example.com - myorigin = relay.example.com- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To disable the local mail delivery, add the following directive at the end of the configuration file: - local_transport = error: local delivery disabled - local_transport = error: local delivery disabled- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Add the - mynetworksparameter so that Postfix forwards email from the local system originating from the 127.0.0.0/8 IPv4 network and the [::1]/128 IPv6 network to the mail relay server:- mynetworks = 127.0.0.0/8, [::1]/128 - mynetworks = 127.0.0.0/8, [::1]/128- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Verify if the Postfix configuration in the - main.cffile is correct:- postfix check - # postfix check- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Restart the - postfixservice to apply the changes:- systemctl restart postfix - # systemctl restart postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Verify that the email communication is forwarded to the mail relay: - echo "This is a test message" | mail -s <subject> <user@example.com> - # echo "This is a test message" | mail -s <subject> <user@example.com>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Troubleshooting
- 
						In case of errors, check the /var/log/maillogfile.
2.4. Configuring Postfix as a destination for multiple domains
You can configure Postfix as a mail server that can receive emails for multiple domains. In this configuration, Postfix acts as the final destination for emails sent to addresses within the specified domains. You can configure the following:
- Set up multiple email addresses that point to the same email destination
- Route incoming email for multiple domains to the same Postfix server
Prerequisites
- You have the root access.
- You have configured a Postfix server.
Procedure
- In the - /etc/postfix/virtualvirtual alias file, specify the email addresses for each domain. Add each email address on a new line:- <info@example.com> <user22@example.net> <sales@example.com> <user11@example.org> - <info@example.com> <user22@example.net> <sales@example.com> <user11@example.org>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - In this example, Postfix redirects all emails sent to info@example.com to user22@example.net and email sent to sales@example.com to user11@example.org. 
- Create a hash file for the virtual alias map: - postmap /etc/postfix/virtual - # postmap /etc/postfix/virtual- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - This command creates the - /etc/postfix/virtual.dbfile. Note that you must always re-run this command after you update the- /etc/postfix/virtualfile.
- In the Postfix - /etc/postfix/main.cfconfiguration file, add the- virtual_alias_mapsparameter and point it to the hash file:- virtual_alias_maps = hash:/etc/postfix/virtual - virtual_alias_maps = hash:/etc/postfix/virtual- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Reload the - postfixservice to apply the changes:- systemctl reload postfix - # systemctl reload postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Test the configuration by sending an email to one of the virtual email addresses.
Troubleshooting
- 
						In case of errors, check the /var/log/maillogfile.
2.5. Using an LDAP directory as a lookup table
If you use a Lightweight Directory Access Protocol (LDAP) server to store accounts, domains or aliases, you can configure Postfix to use the LDAP server as a lookup table. By using LDAP instead of files for lookups enables you to have a central database.
Prerequisites
- You have the root access.
- 
						You have the postfixpackage installed on your server.
- You have an LDAP server with the required schema and user credentials.
- 
						You have the postfix-ldapplugin installed on the server running Postfix.
Procedure
- Configure the LDAP lookup parameters by creating a - /etc/postfix/ldap-aliases.cffile with the following content:- Specify the hostname of the LDAP server: - server_host = ldap.example.com - server_host = ldap.example.com- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Specify the base domain name for the LDAP search: - search_base = dc=example,dc=com - search_base = dc=example,dc=com- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
								Optional: Customize the LDAP search filter and attributes based on your requirements. The filter for searching the directory defaults to query_filter = mailacceptinggeneralid=%s.
 
- Enable the LDAP source as a lookup table in the - /etc/postfix/main.cfconfiguration file by adding the following content:- virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf - virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Verify the LDAP configuration by running the - postmapcommand, which checks for any syntax errors or connectivity issues:- postmap -q @example.com ldap:/etc/postfix/ldap-aliases.cf - # postmap -q @example.com ldap:/etc/postfix/ldap-aliases.cf- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Reload the - postfixservice to apply the changes:- systemctl reload postfix - # systemctl reload postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- 
						Send a test email to verify that the LDAP lookup works correctly. Check the mail logs in /var/log/maillogfor any errors.
2.6. Configuring Postfix as an outgoing mail server to relay for authenticated users
You can configure Postfix to relay mail for authenticated users. In this scenario, you allow users to authenticate themselves and use their email address to send mail through your SMTP server by configuring Postfix as an outgoing mail server with SMTP authentication, TLS encryption, and sender address restrictions.
Prerequisites
- You have the root access.
- You have configured a Postfix server.
Procedure
- To configure Postfix as an outgoing mail server, edit the - /etc/postfix/main.cffile and add the following:- Enable SMTP authentication: - smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes - smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Disable access without TLS: - smtpd_tls_auth_only = yes - smtpd_tls_auth_only = yes- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Allow mail relaying only for authenticated users: - smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination - smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: Restrict users to use their own email address only as a sender: - smtpd_sender_restrictions = reject_sender_login_mismatch - smtpd_sender_restrictions = reject_sender_login_mismatch- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Reload the - postfixservice to apply the changes:- systemctl reload postfix - # systemctl reload postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Authenticate in your SMTP client that supports TLS and SASL. Send an test email to verify that the SMTP authentication works correctly.
2.7. Delivering email from Postfix to Dovecot running on the same host
You can configure Postfix to deliver incoming mail to Dovecot on the same host by using LMTP over a UNIX socket. This socket enables direct communication between Postfix and Dovecot on the local machine.
Prerequisites
- You have the root access.
- You have configured a Postfix server.
- You have configured a Dovecot server, see Configuring and maintaining a Dovecot IMAP and POP3 server.
- You have configured the LMTP socket on your Dovecot server, see Configuring an LMTP socket and LMTPS listener.
Procedure
- Configure Postfix to use the LMTP protocol and the UNIX domain socket for delivering mail to Dovecot in the - /etc/postfix/main.cffile:- If you want to use virtual mailboxes, add the following content: - virtual_transport = lmtp:unix:/var/run/dovecot/lmtp - virtual_transport = lmtp:unix:/var/run/dovecot/lmtp- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- If you want to use non-virtual mailboxes, add the following content: - mailbox_transport = lmtp:unix:/var/run/dovecot/lmtp - mailbox_transport = lmtp:unix:/var/run/dovecot/lmtp- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Reload - postfixto apply the changes:- systemctl reload postfix - # systemctl reload postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- 
						Send an test email to verify that the LMTP socket works correctly. Check the mail logs in /var/log/maillogfor any errors.
2.8. Delivering email from Postfix to Dovecot running on a different host
				You can establish a secure connection between Postfix mail server and the Dovecot delivery agent over the network. To do so, configure the LMTP service to use network socket for delivering mail between mail servers. By default, the LMTP protocol is not encrypted. However, if you configured TLS encryption, Dovecot uses the same settings automatically for the LMTP service. SMTP servers can then connect to it by using the STARTTLS command over LMTP.
			
Prerequisites
- You have the root access.
- You have configured a Postfix server.
- You have configured a Dovecot server, see Configuring and maintaining a Dovecot IMAP and POP3 server.
- You have configured the LMTP socket on your Dovecot server, see Configuring an LMTP socket and LMTPS listener.
Procedure
- Configure Postfix to use the LMTP protocol and the INET domain socket for delivering mail to Dovecot in the - /etc/postfix/main.cffile by adding the following content:- mailbox_transport = lmtp:inet:<dovecot_host>:<port> - mailbox_transport = lmtp:inet:<dovecot_host>:<port>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - <dovecot_host>with the IP address or hostname of the Dovecot server and- <port>with the port number of the LMTP service.
- Reload the - postfixservice to apply the changes:- systemctl reload postfix - # systemctl reload postfix- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Send an test email to an address hosted by the remote Dovecot server and check the Dovecot logs to ensure that the mail was successfully delivered.
2.9. Securing the Postfix service
Postfix is a mail transfer agent (MTA) that uses the Simple Mail Transfer Protocol (SMTP) to deliver electronic messages between other MTAs and to email clients or delivery agents. Although MTAs can encrypt traffic between one another, they might not do so by default. You can also mitigate risks to various attacks by changing setting to more secure values.
2.9.2. Postfix configuration options for limiting DoS attacks
					An attacker can flood the server with traffic, or send information that triggers a crash, causing a denial of service (DoS) attack. You can configure your system to reduce the risk of such attacks by setting limits in the /etc/postfix/main.cf file. You can change the value of the existing directives or you can add new directives with custom values in the <directive> = <value> format.
				
Use the following list of directives for limiting a DoS attack:
- smtpd_client_connection_rate_limit
- 
								Limits the maximum number of connection attempts any client can make to this service per time unit. The default value is 0, which means a client can make as many connections per time unit as Postfix can accept. By default, the directive excludes clients in trusted networks.
- anvil_rate_time_unit
- 
								Defines a time unit to calculate the rate limit. The default value is 60seconds.
- smtpd_client_event_limit_exceptions
- Excludes clients from the connection and rate limit commands. By default, the directive excludes clients in trusted networks.
- smtpd_client_message_rate_limit
- Defines the maximum number of message deliveries from client to request per time unit (regardless of whether or not Postfix actually accepts those messages).
- default_process_limit
- 
								Defines the default maximum number of Postfix child processes that provide a given service. You can ignore this rule for specific services in the master.cffile. By default, the value is100.
- queue_minfree
- 
								Defines the minimum amount of free space required to receive mail in the queue file system. The directive is currently used by the Postfix SMTP server to decide if it accepts any mail at all. By default, the Postfix SMTP server rejects MAIL FROMcommands when the amount of free space is less than 1.5 times themessage_size_limit. To specify a higher minimum free space limit, specify aqueue_minfreevalue that is at least 1.5 times themessage_size_limit. By default, thequeue_minfreevalue is0.
- header_size_limit
- 
								Defines the maximum amount of memory in bytes for storing a message header. If a header is large, it discards the excess header. By default, the value is 102400bytes.
- message_size_limit
- 
								Defines the maximum size of a message including the envelope information in bytes. By default, the value is 10240000bytes.
2.9.3. Configuring Postfix to use SASL
Postfix supports Simple Authentication and Security Layer (SASL) based SMTP Authentication (AUTH). SMTP AUTH is an extension of the Simple Mail Transfer Protocol. Currently, the Postfix SMTP server supports the SASL implementations in the following ways:
- Dovecot SASL
- The Postfix SMTP server can communicate with the Dovecot SASL implementation by using either a UNIX-domain socket or a TCP socket. Use this method if Postfix and Dovecot applications are running on separate machines.
- Cyrus SASL
- When enabled, SMTP clients must authenticate with the SMTP server by using an authentication method supported and accepted by both the server and the client.
Prerequisites
- 
							The dovecotpackage is installed on the system
Procedure
- Set up Dovecot: - Include the following lines in the - /etc/dovecot/conf.d/10-master.conffile:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The previous example uses UNIX-domain sockets for communication between Postfix and Dovecot. The example also assumes default Postfix SMTP server settings, which include the mail queue located in the - /var/spool/postfix/directory, and the application running under the- postfixuser and group.
- Optional: Set up Dovecot to listen for Postfix authentication requests through TCP: - service auth { inet_listener { port = <port_number> } }- service auth { inet_listener { port = <port_number> } }- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Specify the method that the email client uses to authenticate with Dovecot by editing the - auth_mechanismsparameter in- /etc/dovecot/conf.d/10-auth.conffile:- auth_mechanisms = plain login - auth_mechanisms = plain login- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The - auth_mechanismsparameter supports different plain text and non-plain text authentication methods.
 
- Set up Postfix by modifying the - /etc/postfix/main.cffile:- Enable SMTP Authentication on the Postfix SMTP server: - smtpd_sasl_auth_enable = yes - smtpd_sasl_auth_enable = yes- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Enable the use of Dovecot SASL implementation for SMTP Authentication: - smtpd_sasl_type = dovecot - smtpd_sasl_type = dovecot- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Provide the authentication path relative to the Postfix queue directory. Note that the use of a relative path ensures that the configuration works regardless of whether the Postfix server runs in - chrootor not:- smtpd_sasl_path = private/auth - smtpd_sasl_path = private/auth- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - This step uses UNIX-domain sockets for communication between Postfix and Dovecot. - To configure Postfix to look for Dovecot on a different machine in case you use TCP sockets for communication, use configuration values similar to the following: - smtpd_sasl_path = inet: <IP_address> : <port_number> - smtpd_sasl_path = inet: <IP_address> : <port_number>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - In the previous example, replace the - <IP_address>with the IP address of the Dovecot machine and- <port_number>with the port number specified in Dovecot’s- /etc/dovecot/conf.d/10-master.conffile.
- Specify SASL mechanisms that the Postfix SMTP server makes available to clients. Note that you can specify different mechanisms for encrypted and unencrypted sessions. - smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous - smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The previous directives specify that during unencrypted sessions, no anonymous authentication is allowed and no mechanisms that transmit unencrypted user names or passwords are allowed. For encrypted sessions that use TLS, only non-anonymous authentication mechanisms are allowed.