Hi Jacky, in postfix/main.cf you typically set something like
smtpd_sasl_auth_enable=yes smtpd_sasl_type=cyrus smtpd_sasl_exceptions_networks=$mynetworks smtpd_sasl_security_options=noanonymous smtpd_sasl_authenticated_header=yes broken_sasl_auth_clients=yes smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_recipient_restrictions might already exist in main.cf and in that case has to be extended postfix can verify login/passwords via sasl but it does not store these credentials, so you need to install saslauthd and add user/pass there or use a dovecot instance that already authenticates users for pop/imap. http://www.postfix.org/SASL_README.html https://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL Best regards Gerald > Am 09.01.2019 um 10:15 schrieb Jacky <ja...@jesstech.com>: > > Hi, > > Anyone know how to enable this SMTP AUTH feature with Postfix? > > Regards, > > Jacky > > > On 7/4/2018 3:40 AM, Paul Hecker wrote: >> Hi, >> >>> On 6. Apr 2018, at 18:58, Odhiambo Washington <odhia...@gmail.com> wrote: >>> >>> Hi Paul, >>> >>> Care to share your config (even OFFLIST) that has successfully integrated >>> Dovecot Submission service with Exim?? >> here the steps I have done to integrate Dovecot submission in Exim: >> >> - Create and set the acl_smtp_mailauth ACL: >> >> acl_smtp_mailauth = acl_check_mailauth >> >> acl_check_mailauth: >> accept >> hosts = <; 127.0.0.1 ; ::1 >> condition = ${if eq{$interface_port}{10025}} >> log_message = Will accept MAIL AUTH parameter for >> $authenticated_sender >> deny >> >> >> - add a deny fo all connections to 10025 without MAIL AUTH parameter in >> acl_smtp_mail ACL: >> >> deny >> condition = ${if eq{$interface_port}{10025}} >> condition = ${if eq{$authenticated_sender}{}} >> message = All connections on port $interface_port need MAIL AUTH >> sender >> >> - in Dovecot, add the following submission parameters >> >> submission_relay_port = 10025 >> submission_relay_ssl = starttls >> submission_relay_ssl_verify = no >> >> All the remaining parts of the Dovecot config is the default for submission >> protocol/service, copied either from the sources (default config) or from >> here: >> >> https://wiki.dovecot.org/Submission >> >> Feel free is you have any further questions. >> >> Regards, >> Paul >> >> >>> I use Exim+Dovecot (Exim4U) and wouldn't mind exploring this. >>> >>> Thanks in advance. >>> >>> >>> On 6 April 2018 at 19:15, Paul Hecker <p...@iwascoding.com> wrote: >>> Hi, >>> >>> Thanks you very much. This did the trick! >>> >>>> On 6. Apr 2018, at 15:56, Stephan Bosch <step...@rename-it.nl> wrote: >>>> >>>> >>>> >>>> Op 6-4-2018 om 13:52 schreef Paul Hecker: >>>>> Hi, >>>>> >>>>> Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain) >>>>> authentication to the SMTP server using submission. Reason why I need it >>>>> is sender spoofing (do not want my employees to send messages in behalf >>>>> of me). >>>>> >>>>> In exim I can disable sender spoofing with the authenticated user. When >>>>> sending through dovecot, exim either does not accept the email (need >>>>> auth) or relay every sender address (because relaying from localhost). >>>>> >>>>> Am I missing a setting or do I need any additional field in the (MySQL) >>>>> user_query/password_query to forward the password? >>>>> >>>>> You can find my config here: >>>>> >>>>> https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8 >>>> That would be possible using the following SMTP AUTH feature: >>>> >>>> https://tools.ietf.org/html/rfc4954#section-5 >>>> >>>> Which is apparently supported by Exim: >>>> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthparamail >>>> This requires explicit configuration, so it will not work out of the box. >>> Here is what I did: >>> >>> I had to add the acl_smtp_mailauth to only allow this on a certain port. >>> Then I had to duplicate my code for sender spoofing for authenticated users >>> and change the $authenticated_id -> $authenticated_sender. >>> >>> Besides that, I must use TLS (in my case STARTTLS) so that Dovecot actually >>> sends the MAIL AUTH parameter. >>> >>>> The Dovecot Submission service should support this too. It sends an AUTH >>>> parameter with the MAIL command (currently only then the username is a >>>> valid SMTP address). However, I must say, I haven't tested this recently. >>> I can confirm that it works (only with TLS with my current configuration, >>> see above). >>> >>>> I can try this in a few days. Feel free to experiment with this yourself. >>>> >>>> Regards, >>>> >>>> Stephan. >>> Thanks again, >>> Paul >>> >>> >>> >>> >>> -- >>> Best regards, >>> Odhiambo WASHINGTON, >>> Nairobi,KE >>> +254 7 3200 0004/+254 7 2274 3223 >>> "Oh, the cruft."