netbsd, postfix, relaying and sasl

One more thing I don’t do often enough to remember, setting up SASL-based email relaying to pobox.com:

1. stop the existing postfix: /etc/rc.d/postfix stop

2. update the POSTFIX.options += sasl tls

3. install mail/postfix from pkgsrc: cd mail/postfix && make install

4. update the postfix configuration: /usr/pkg/sbin/post

5. update /etc/rc.d.conf/postfix

6. Postfix installs security/cyrus-sasl as a dependency, but doesn’t include any authentication methods, so install:
   *# security/cy2-plain
   Strictly speaking you can stop installing here but I also include two more in case I later want to authenticate to some other service:
   *# security/cy2-crammd5
   *# security/cy2-digestmd5

7. Add the following to the /usr/pkg/etc/postfix/main.cf: relayhost = [smtp.pobox.com]:26 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/pkg/etc/postfix/smtp_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_loglevel = 1 smtp_tls_security_level = encrypt

8. Create the file /usr/pkg/etc/postfix/smtp_passwd:
   [smtp.pobox.com]:26 username``pobox.com:S0M3pa$SW0r>

9. Create the map for postfix:
   /usr/pkg/sbin/postmap hash:smtp_passwd

See http://www.postfix.org/SASL_README.html and http://pobox.com/help/article/name/postfix for reference. Also think about Dovecot’s SASL, http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL