SMTP Authentication using Dovecot

 

Sometimes we got complain from our clients that they cannot send mails using OutLook form different ISP/Network. To avoid this kind of inconvenience we can configure TLS authentication from server. 

Step: 1

vim /etc/dovecot/conf.d/10-master.conf [Edit / Add the following Lines]

  # Postfix smtp-auth

  unix_listener /var/spool/postfix/private/auth {

    mode = 0666

    user = postfix

    group = postfix

  }

 

 

Step: 2

 

Now come to postfix directory and edit main.cf file like following

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
########## Enable TLS ########
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
######################################
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 

#Authentication from dovecot

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_helo_required = yes

smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated

 

 

 

Step 3: 
Now we need to enable the required SMTP port. Generally we see many providers do not allow default SMTP port 25 and SMTPS port 465. I usually suggest SMTP Submission port 587 in this cases. But keep in mind do not disable default SMTP port 25 from your server. It is required to SMTP communication between server to server.

SMTP Port 25 disable  and Enable 

To enable port 587, edit the file /etc/postfix/master.cf

vim /etc/postfix/master.cf

and remove the # in front of the line:

#submission inet n – n – – smtpd

so that it looks like this:

submission inet n – n – – smtpd

and restart postfix:

/etc/init.d/postfix restart

​

Step: 4 

Now check all the necessary ports are listening in your server.

#netstat –nat | grep LISTEN

And check for the ports 25 (SMTP), 587 (SMTP Submission), 143 (IMAP), 110 (POP3)

 

 

Step: 5

Modify the outlook email client configuration of users like below image.

You are done.

 

 

 

Dovecot Configuration with postfix MTA

We know there are some changes in new dovecot version. Let’s see how to configure new dovecot to work with postfix.

In new Dovecot package the single configuration file [dovecot.conf] has been divided in several files and stored in “/etc/dovecot/conf.d/” directory.

To get it work with postfix [without SMTP Authentication] we need to do the following.

File name: /etc/dovecot/conf.d/10-auth.conf

Unhash and Modify: disable_plaintext_auth = no

File name: /etc/dovecot/conf.d/10-mail.conf

Unhash and modify:    mail_location = mbox:~/mail:INBOX=/var/mail/%u [If you are using mailbox]

                                        mail_location = maildir:~/Maildir [If you are using Maildir]

                                        mail_privileged_group = mail

Now restart the dovecot service.

If you configure your postfix with SMTP authentication below changes are required.

File name: /etc/postfix/main.cf

Add / Modify:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes

Dovecot Configuration with above modification:

File Name: /etc/dovecot/conf.d/10-master.conf

service auth {
# Postfix smtp-auth
        unix_listener /var/spool/postfix/private/auth {
        mode = 0666
        user = postfix
        group = postfix
  }

Restart dovecot service.

Problem: DNS overwritten automatically in Ubuntu / Debian Server

Sometimes when we work with Ubuntu server we may face DNS resolve problem. If we check resolv.conf file we can see below status.

more /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

Ohh!! That means if I entry my DNS in this file and save it will be OVERWRITTEN!! So?? How to solve this?? No tension its simple…

Just edit below file instead resolv.conf

vim /etc/resolvconf/resolv.conf.d/base

nameserver 8.8.8.8

nameserver 4.2.2.1

[Save and Exit]

Restart Service

/etc/init.d/resolvconf restart

Now check resolv.conf file and you will see this.

more /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 8.8.8.8

nameserver 4.2.2.1