Sunday, October 4, 2009

Sending mail from outside your network

After having set up a mail server for the company I work at (I'm a technician at a SEO, PPC and web marketing company) we quickly came across a problem. One of our employees tried to send a mail through our server from outside our network, which resulted in an error.

The first problem I figured was because pretty much all ISPs in Sweden block port 25 (SMTP). It was quickly solved by routing incoming port 587 to internal port 25 on our server. Yup, it solved the problem. But only the first problem, because after we could actually connect to the server from outside the network we got another problem. An authentication problem. Duh, I should've known.

It's supposed to block attempts to spam through our server from outside but I never considered the possibility that it'll block legitimate mail as well. What I had to do was obviously set up some kind of authentication, and the way to do it is SASL. I use Dovecot on the server, so Dovecot SASL is what I'll be using in this guide. If you followed my guide to Postfix+Dovecot your server should be compiled with support for it already.

First of all we need to enable it in Postfix. To do that simply add the following lines to your Postfix configuration ( some place appropriate:
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

You will also want to add permit_sasl_authenticated somewhere in the "smtpd_recipient_restrictions" list.

Next up is Dovecot, so open up your dovecot.conf. You can start by adding "login" to the mechanisms row, so it'll look like this:
mechanisms = plain login

After that change the client path row to:
path = /var/spool/postfix/private/auth
I also changed both user and group to postfix instead of dovecot.

That should be all you need to do to enable SASL for your mail server, now all that's left is to test it. Run the following four commands to completely stop and start the mail server:
postfix stop
pkill -9 dovecot
postfix start

To test the SASL authentication the first thing we have to do is to base64-encode our username and password so we can send it to the server. Normally the mail client does this, but since we're telneting we have to do it ourselves. Run the following command in the terminal:
perl -MMIME::Base64 -e 'print encode_base64("\000user\@domain.tld\000password")'
The string of random characters it returned is the base64-encoded version of "\0user@domain.tld\0password."

Now let's try authenticating ourselves when sending a mail through telnet!
telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 server.domain.tld ESMTP Postfix

235 2.7.0 Authentication successful
From here on send a mail as usual, with "MAIL FROM", "RCPT TO" and "DATA."

That's all there was to it - now you, like me and my company's employees, should be able to send mail from outside the local network. ;)


  1. I like it very much. Its so interesting. Its a very useful article. I like the way you explain the things. Keep posting. Thanks

    SEO Services

  2. Direct Mail Marketing can provide benefits because you will be gathering information from your current customers and potential customers. This will help you to better understand your best customers.

    auto auctions

  3. Hi , can I read more about Sending mail from outside your network ? Are there any links ? Thanks

    Claim Against A Doctor For Negligence

  4. Now its a regular task all over the world.Every day we can send many information about different subject one place to another place.

    Paris Apartments

  5. That was a great post i have found.Its really interesting topic and its also have a lots of information and learn able things.So, i definitely shared this topic to some of my friends.
    IR35 Accountants

  6. The post is written in very a good manner and it entails many useful information for me. I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post.
    Forex Day Trading

  7. I just want to thank you for sharing your information on web applications and your website or blog, this is a simple, but good article I have ever seen, I like it, I learned something today! Thanks!
    Play Backgammon iPad

  8. Thanks more comprehensive articles. One that can easily and comprehensively understood by the audience. I must say that the writer did it! Its straightforward and honest deliver made a huge impact amongst its readers. Clearly, its unparalleled presentation and mastery is something that we must celebrate and proud
    Gin Rummy For iPad

  9. Right when they decide to become a resident is a perfect time to ask for a review. They're happy with their decision…excited…maybe even a little anxious. Ask them if they would be willing to leave a review of the community to capture the moment for them. Again asking them in person is best, but the email template above can easily be customized for the situation.

  10. Inside Bets Players can place selection of|quite a lot of|a wide selection of} "inside" bets by selecting the variety of the pocket the ball will land in, or a range of pockets primarily based on their position. In the game of Roulette you are wagering that a ball spun across the observe of the roulette wheel will come to rest on a quantity or color of your alternative. A mini-window variant of our world-leading Live Roulette, this delivers the big attraction of our commonplace European Live Roulette but in a scaled-down game window measuring 200×230 pixels. Mini Live Roulette’s smaller window means multiplied income opportunity as gamers can play two or more games simultaneously. The smaller window additionally be|can be} best for including in your sportsbook, RNG games and bingo pages to cross-sell the joy of Live Casino.