All smtpd sasl, individual user email, to be relayed through individual GMail accounts (smtp sasl)

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

All smtpd sasl, individual user email, to be relayed through individual GMail accounts (smtp sasl)

Radio Tron
Hi,
I needed some help, hope you guys can advise. I've been told to implement something like this:
<users>---smtpd sasl---<myserver>----smtp sasl----<smtp.gmail.com>--<delivery to internet>

The users authenticate with "myserver" via smtpd-cyrus-sasl and the PAM-saslauthd interface. When a user gives "myserver" mail, ALL his mail is supposed to be relayed through GMail using his sasl GMail passwords which is stored in a plain text file. I got to do this for all users. Also, user mail destined for someone@myserver should go directly to myserver without touching GMail because myserver is a local domain.

Is it possible to do this using Postfix?? How? I read the following docs:
http://souptonuts.sourceforge.net/postfix_tutorial.html
and  am going through the other docs and the Postfix Definitive Guide, but I haven't been able to figure out a solution. Please help, I'll be glad to provide any other relevant details.

Reply | Threaded
Open this post in threaded view
|

Re: All smtpd sasl, individual user email, to be relayed through individual GMail accounts (smtp sasl)

Mihira Fernando
On Saturday 07 June 2008 09:47:45 Radio Tron wrote:

> Hi,
> I needed some help, hope you guys can advise. I've been told to implement
> something like this: <users>---smtpd sasl---<myserver>----smtp
> sasl----<smtp.gmail.com>--<delivery to internet>
>
> The users authenticate with "myserver" via smtpd-cyrus-sasl and the
> PAM-saslauthd interface. When a user gives "myserver" mail, ALL his mail is
> supposed to be relayed through GMail using his sasl GMail passwords which
> is stored in a plain text file. I got to do this for all users. Also, user
> mail destined for someone@myserver should go directly to myserver without
> touching GMail because myserver is a local domain.
>
> Is it possible to do this using Postfix?? How? I read the following docs:
> http://souptonuts.sourceforge.net/postfix_tutorial.html
> and  am going through the other docs and the Postfix Definitive Guide, but
> I haven't been able to figure out a solution. Please help, I'll be glad to
> provide any other relevant details.

you will need to use the following parameters in main.cf for :
<users>--smtpd sasl----<myserver>

smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /path_to_cert_file
smtpd_tls_key_file = /path_to_key_file
smtpd_use_tls = yes

You will need to use the following parameters in main.cf for :
<myserver>----smtp sasl----<smtp.gmail.com>--<delivery to internet>

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/path/sender_dependent_password_map_file.cf
smtp_tls_security_level = may

the sender_dependent_password_map_file.cf should contain the local user and
his gmail username and password like this :

/path/sender_dependent_password_map_file.cf
localusername1 gmailusername1:gmailpassword1
localusername2 gmailusername2:gmailpassword2
localusername3 gmailusername3:gmailpassword3


Mihira.
Reply | Threaded
Open this post in threaded view
|

Re: All smtpd sasl, individual user email, to be relayed through individual GMail accounts (smtp sasl)

Radio Tron
Hello Mihira, Thank you for your kind reply! Alas, the problem remains (but I have enough to keep ppl happy for now :p).

What I am trying to do  is relay based on sasl_username (example, like so):
saslLogin1 [hidden email]:passwd relay:[smtp.gmail.com]
saslLogin2 [hidden email]:passwd relay:[frodo.garp.com]

or like so:
saslUserName = vivekTheGeniusErrr
his From address: [hidden email]
his login/pasword on Google Apps(smtp.gmail.com) would be: Login:[hidden email]
his password: sekret

and this should work for other people as well
-------------------------------------------------------------------

TLS is working. After TLS, when SASL starts, i have problems with the lookup in sender_dependent_password_map.cf (I made sure i updated the db via postmap)

My sender_dependent_password_map_file.cf has the following info:
linuxLoginID [hidden email]:pass

The log files have:
Jun  9 01:02:06 mail postfix/smtp[19260]: server features: 0x102b size 28311552
Jun  9 01:02:06 mail postfix/smtp[19260]: maps_find: smtp_sasl_passwd: [hidden email]: not found
Jun  9 01:02:06 mail postfix/smtp[19260]: match_string: mydomain.com ~? mail.mydomain.net
Jun  9 01:02:06 mail postfix/smtp[19260]: match_string: mydomain.com ~? mydomain.net
Jun  9 01:02:06 mail postfix/smtp[19260]: match_string: mydomain.com ~? localhost
Jun  9 01:02:06 mail postfix/smtp[19260]: match_string: mydomain.com ~? localhost.mydomain.net
Jun  9 01:02:06 mail postfix/smtp[19260]: match_list_match: mydomain.com: no match
Jun  9 01:02:06 mail postfix/smtp[19260]: maps_find: smtp_sasl_passwd: @mydomain.com: not found
Jun  9 01:02:06 mail postfix/smtp[19260]: mail_addr_find: [hidden email] -> (not found)
Jun  9 01:02:06 mail postfix/smtp[19260]: maps_find: smtp_sasl_passwd: smtp.gmail.com: not found
Jun  9 01:02:06 mail postfix/smtp[19260]: maps_find: smtp_sasl_passwd: [smtp.gmail.com]:587: not found
Jun  9 01:02:06 mail postfix/smtp[19260]: smtp_sasl_passwd_lookup: no auth info found (sender=`[hidden email]', host=`smtp.gmail.com')
Jun  9 01:02:06 mail postfix/smtp[19260]: > smtp.gmail.com[209.85.147.109]: MAIL FROM:<[hidden email]> SIZE=641
Jun  9 01:02:07 mail postfix/smtp[19260]: < smtp.gmail.com[209.85.147.109]: 530-5.5.1 Authentication Required. Learn more at 
--------------------------------------

However if i alter the sender_dep_pass_map file to:
[hidden email] [hidden email]:password
AND if i send with the From field set to [hidden email] it works great!

Reply | Threaded
Open this post in threaded view
|

Re: All smtpd sasl, individual user email, to be relayed through individual GMail accounts (smtp sasl)

Mihira Fernando
On Sunday 08 June 2008 19:59:38 Radio Tron wrote:

> Hello Mihira, Thank you for your kind reply! Alas, the problem remains (but
> I have enough to keep ppl happy for now :p).
>
> What I am trying to do  is relay based on sasl_username (example, like so):
>  saslLogin1 [hidden email]:passwd relay:[smtp.gmail.com]
>  saslLogin2 [hidden email]:passwd relay:[frodo.garp.com]
>
> or like so:
> saslUserName = vivekTheGeniusErrr
> his From address: [hidden email]
> his login/pasword on Google Apps(smtp.gmail.com) would be:
> Login:[hidden email] his password: sekret
>
> and this should work for other people as well
> -------------------------------------------------------------------
>
> TLS is working. After TLS, when SASL starts, i have problems with the
> lookup in sender_dependent_password_map.cf (I made sure i updated the db
> via postmap)
>
> My sender_dependent_password_map_file.cf has the following info:
> linuxLoginID [hidden email]:pass
>
> The log files have:
> Jun  9 01:02:06 mail postfix/smtp[19260]: server features: 0x102b size
> 28311552 Jun  9 01:02:06 mail postfix/smtp[19260]: maps_find:
> smtp_sasl_passwd: [hidden email]: not found Jun  9 01:02:06 mail
> postfix/smtp[19260]: match_string: mydomain.com ~? mail.mydomain.net Jun  9
> 01:02:06 mail postfix/smtp[19260]: match_string: mydomain.com ~?
> mydomain.net Jun  9 01:02:06 mail postfix/smtp[19260]: match_string:
> mydomain.com ~? localhost Jun  9 01:02:06 mail postfix/smtp[19260]:
> match_string: mydomain.com ~? localhost.mydomain.net Jun  9 01:02:06 mail
> postfix/smtp[19260]: match_list_match: mydomain.com: no match Jun  9
> 01:02:06 mail postfix/smtp[19260]: maps_find: smtp_sasl_passwd:
> @mydomain.com: not found Jun  9 01:02:06 mail postfix/smtp[19260]:
> mail_addr_find: [hidden email] -> (not found) Jun  9 01:02:06 mail
> postfix/smtp[19260]: maps_find: smtp_sasl_passwd: smtp.gmail.com: not found
> Jun  9 01:02:06 mail postfix/smtp[19260]: maps_find: smtp_sasl_passwd:
> [smtp.gmail.com]:587: not found Jun  9 01:02:06 mail postfix/smtp[19260]:
> smtp_sasl_passwd_lookup: no auth info found (sender=`[hidden email]',
> host=`smtp.gmail.com') Jun  9 01:02:06 mail postfix/smtp[19260]: >
> smtp.gmail.com[209.85.147.109]: MAIL FROM:<[hidden email]> SIZE=641 Jun
> 9 01:02:07 mail postfix/smtp[19260]: < smtp.gmail.com[209.85.147.109]:
> 530-5.5.1 Authentication Required. Learn more at
> --------------------------------------
>
> However if i alter the sender_dep_pass_map file to:
> [hidden email] [hidden email]:password
> AND if i send with the From field set to [hidden email] it works great!

post your current postconf -n output as well as your current
sender_dependent_password_map_file as well smtp_sasl_passwd file.

The above log output suggests (to me atleast) that there is some mismatch in
the entries in smtp_sasl_passwd file and other map files.

Without unaltered data (except for actual passwords)  in maps and main.cf and
logs, its hard to figure out what is going wrong.

Mihira.

PS. Send replies to list only, please.
Reply | Threaded
Open this post in threaded view
|

Re: All smtpd sasl, individual user email, to be relayed through individual GMail accounts (smtp sasl)

Wietse Venema
In reply to this post by Radio Tron
Radio Tron:
> My sender_dependent_password_map_file.cf has the following info:
> linuxLoginID [hidden email]:pass

The file is searched by SENDER address not LOGIN name.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: All smtpd sasl, individual user email, to be relayed through individual GMail accounts (smtp sasl)

Radio Tron
In reply to this post by Mihira Fernando
Thanks Wietse (The following is just in case Mihira can do it in some other way).
---------------
"post your current postconf -n output as well as your current
sender_dependent_password_map_file as well smtp_sasl_passwd file."
(The smtp_sasl_passwd file is the sender_dependent_password_map file. Don't forget I need to map based on SASL loginID.)

"Without unaltered data (except for actual passwords) in maps and main.cf"
(I'm really sorry, but I asked and they said that they don't want the domain and config details going public and since the list is linked to Google... I've altered my domain to ibm.com. I also used:
vi 1,$ s/xxxxx.com/ibm.com/g
vi 1,$ s/xxxxx.net/ibm.net/g
vi 1,$ s/XXXXX/IBM/g
to reduce the possibility of typo's. IBM.net is my local mailserver for the office and does not resolve on the internet. IBM.com works on the internet)

mail> cat /etc/postfix/sender_dependent_password_map_file.cf
vivek [hidden email]:mypassword

mail> postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
debug_peer_list = smtp.gmail.com
home_mailbox = mail/
html_directory = no
inet_interfaces = $myhostname, localhost
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 104857600
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20971520
mydestination = $myhostname, $mydomain, localhost, localhost.$mydomain
mydomain = ibm.net
myhostname = mail.ibm.net
mynetworks = 192.168.20.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = $mydestination
relayhost = [smtp.gmail.com]:587
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sender_dependent_password_map_file.cf
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options =
smtp_sasl_type = cyrus
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/IBM-cert.pem
smtp_tls_key_file = /etc/postfix/IBM-key.pem
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/IBM-cert.pem
smtpd_tls_key_file = /etc/postfix/IBM-key.pem
smtpd_tls_received_header = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550