I currently have a Postfix setup on my VPS (CentOS 5.5) that allows for SMTP mail to be sent with the user being authenticated via a MySQL database. I am using Dovecot.
However, any program or script that uses 'mail' cannot send emails. I'm assuming this has to do with the settings I'm using for the Postfix configuration. I'll admit I'm a newbie when it comes to mail server administration, but I think I'm at least on the right track. From what I can tell, I probably need to allow any user on the localhost to send mails, and then everything else requires SASL authentication, if that's possible.
In a nutshell, I need local system users to be able to relay mail, and outside users are authenticated against a database using their email address and password. How would I go about setting this up in the permissions?
Here's the permissions section of the config:
# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
# tls config
# smtp_use_tls = yes
# smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# rules restrictions
# smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_$
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, re$
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
Best Answer
Make sure mynetworks includes 127.0.0.1. You may want to move permit_mynetworks to be first under all your smtpd_ settings so you never trigger authenticate locally... I'm not sure you need to do that, but it's something else to try.