Postfix Cyrus Web cyradm HOWTO

SMTP Authentication with SASL and PAM

Put the following in your

/etc/postfix/main.cf

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

You also need to create the file

/usr/local/lib/sasl2/smtpd.conf

with the

following contents:

pwcheck_method: saslauthd

The next step is to tell postfix how to find the saslauthd socket:

mv /var/run/sasl2 /var/run/sasl2 old

ln  s /var/run/saslauthd /var/run/sasl2

6.3. Fighting against SPAM

This section describes how to implement a basic SPAM protection setup with

postfix. It does not use any external software like spamassassin, etc.

Postfix has some built in filters that allow you to stop obvious SPAM attempts. In

particular these are:

smtpd_helo_required = yes

This switch in

main.cf

means that SMTP clients connecting to your mail server

must give a  helo  when connecting.

smtpd_recipient_restrictions

This option in

main.cf

lets you define different rules on the handling the

acceptance of mail. The following example simply rejects all invalid sender and

recipient data. Additionally it defines how to lookup known spammers from

online blacklists.

smtpd_recipient_restrictions =

reject_invalid_hostname,

reject_non_fqdn_hostname,

reject_non_fqdn_sender,

reject_non_fqdn_recipient,

reject_unknown_sender_domain,

26