ยง2024-05-01
Next, you should enable SMTP-AUTH, which allows a client to identify itself through the authentication mechanism SASL. Transport Layer Security (TLS) should be used to encrypt the authentication process. Once authenticated, the server will allow the client to relay mail.
Enter the following edits as they are.
alexlai@h2Jammy:~$ sudo cp -v /etc/postfix/main.cf /etc/postfix/main.cf.before-smtp-auth
[sudo] password for alexlai:
'/etc/postfix/main.cf' -> '/etc/postfix/main.cf.before-smtp-auth'
sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth'
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
Then configure Postfix to provide TLS encryption for both incoming and outgoing mail.
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
alexlai@h2Jammy:~$ diff /etc/postfix/main.cf.before-smtp-auth /etc/postfix/main.cf
25c25
< smtpd_sasl_auth_enable = no
---
> smtpd_sasl_auth_enable = yes
33c33
< smtpd_tls_security_level=may
---
> smtpd_tls_security_level = may
36c36
< smtp_tls_security_level=may
---
> smtp_tls_security_level = may
58a59,67
> smtp_tls_note_starttls_offer = yes
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
alexlai@h2Jammy:~$ sudo systemctl restart postfix
alexlai@h2Jammy:~$ sudo systemctl restart dovecot