Sunday, October 4, 2009

Sending mail from outside your network

After having set up a mail server for the company I work at (I'm a technician at a SEO, PPC and web marketing company) we quickly came across a problem. One of our employees tried to send a mail through our server from outside our network, which resulted in an error.

The first problem I figured was because pretty much all ISPs in Sweden block port 25 (SMTP). It was quickly solved by routing incoming port 587 to internal port 25 on our server. Yup, it solved the problem. But only the first problem, because after we could actually connect to the server from outside the network we got another problem. An authentication problem. Duh, I should've known.

It's supposed to block attempts to spam through our server from outside but I never considered the possibility that it'll block legitimate mail as well. What I had to do was obviously set up some kind of authentication, and the way to do it is SASL. I use Dovecot on the server, so Dovecot SASL is what I'll be using in this guide. If you followed my guide to Postfix+Dovecot your server should be compiled with support for it already.

First of all we need to enable it in Postfix. To do that simply add the following lines to your Postfix configuration (main.cf) some place appropriate:
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

You will also want to add permit_sasl_authenticated somewhere in the "smtpd_recipient_restrictions" list.

Next up is Dovecot, so open up your dovecot.conf. You can start by adding "login" to the mechanisms row, so it'll look like this:
mechanisms = plain login

After that change the client path row to:
path = /var/spool/postfix/private/auth
I also changed both user and group to postfix instead of dovecot.

That should be all you need to do to enable SASL for your mail server, now all that's left is to test it. Run the following four commands to completely stop and start the mail server:
postfix stop
pkill -9 dovecot
postfix start
dovecot

To test the SASL authentication the first thing we have to do is to base64-encode our username and password so we can send it to the server. Normally the mail client does this, but since we're telneting we have to do it ourselves. Run the following command in the terminal:
perl -MMIME::Base64 -e 'print encode_base64("\000user\@domain.tld\000password")'
AHVzZXJAZG9tYWluLnRsZABwYXNzd29yZA==
The string of random characters it returned is the base64-encoded version of "\0user@domain.tld\0password."

Now let's try authenticating ourselves when sending a mail through telnet!
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.domain.tld ESMTP Postfix

AUTH PLAIN AHVzZXJAZG9tYWluLnRsZABwYXNzd29yZA==
235 2.7.0 Authentication successful
From here on send a mail as usual, with "MAIL FROM", "RCPT TO" and "DATA."

That's all there was to it - now you, like me and my company's employees, should be able to send mail from outside the local network. ;)

9 comments:

  1. I like it very much. Its so interesting. Its a very useful article. I like the way you explain the things. Keep posting. Thanks


    SEO Services

    ReplyDelete
  2. Direct Mail Marketing can provide benefits because you will be gathering information from your current customers and potential customers. This will help you to better understand your best customers.

    auto auctions

    ReplyDelete
  3. Hi , can I read more about Sending mail from outside your network ? Are there any links ? Thanks medicalnegligenceadvisors.co.uk

    Claim Against A Doctor For Negligence

    ReplyDelete
  4. Now its a regular task all over the world.Every day we can send many information about different subject one place to another place.

    Paris Apartments

    ReplyDelete
  5. That was a great post i have found.Its really interesting topic and its also have a lots of information and learn able things.So, i definitely shared this topic to some of my friends.
    IR35 Accountants

    ReplyDelete
  6. The post is written in very a good manner and it entails many useful information for me. I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post.
    Forex Day Trading

    ReplyDelete
  7. I just want to thank you for sharing your information on web applications and your website or blog, this is a simple, but good article I have ever seen, I like it, I learned something today! Thanks!
    Play Backgammon iPad

    ReplyDelete
  8. Thanks more comprehensive articles. One that can easily and comprehensively understood by the audience. I must say that the writer did it! Its straightforward and honest deliver made a huge impact amongst its readers. Clearly, its unparalleled presentation and mastery is something that we must celebrate and proud
    Gin Rummy For iPad

    ReplyDelete
  9. Right when they decide to become a resident is a perfect time to ask for a review. They're happy with their decision…excited…maybe even a little anxious. Ask them if they would be willing to leave a review of the community to capture the moment for them. Again asking them in person is best, but the email template above can easily be customized for the situation. http://suportdirecotry.podomatic.com/entry/2016-07-02T05_09_18-07_00

    ReplyDelete