SMTP authentication in Proxmox

[np-prxmx]

Hello everyone,
i'm new on PMG, after various researchesi haven't found any solution to set on proxmox the SMTP authentication. I setup my PMG to be a relay server to Office 365, but i would securize more my installation enable only smtp client auth to sent emails. How could i do this?.

Thanks in advance.
Regards

 

[Stoiko Ivanov]

PMG is meant to be run between your border and your internal mail-server - this usually is deployed without SMTP-auth.
see https://pmg.proxmox.com/pmg-docs/pm...tion_into_existing_e_mail_server_architecture

This means there is no direct support for SMTP-Auth on PMG

Some users have enabled smtp-auth and relay directly via PMG - but this means you need to adapt the postfix configuration and also create a user database see
http://www.postfix.org/SASL_README.html
for authentication with postfix and
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
for integration of the postfix configuration into PMG

I hope this helps!

 

[np-prxmx]

Hello,
thanks for your suggestion.
Just i thing that i don't understand, when i copy the files i need to rewrite them?..
from main.cf.in to main.cf?

 

[Stoiko Ivanov]

i need to rewrite them?..

no - you copy:
/var/log/pmg/templates/main.cf.in to /etc/pmg/templates/main.cf.in
(and edit it there)

I hope this helps!

 

[np-prxmx]

I have edit it, and execute pmgconfig sync --restart 1
But the modifications aren't display, do i lost something?

 

[Stoiko Ivanov]

But the modifications aren't display, do i lost something?

the modifications should end up in /etc/postfix/main.cf - else there is a different problem

 

[np-prxmx]

i've done postconf -d but the modifies aren't display.

Is there something to do more?

Thanks

 

[np-prxmx]

I only have added this:

smtp_sasl_auth_enable = yes
smtp_tls_security_level = encrypt
smtp_sasl_tls_security_options = noanonymous


smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

 

[Stoiko Ivanov]

what's the contents of '/etc/postfix/main.cf' ?

postconf -d

see `man postconf` '-d' shows the default and not the actual setting

 

[np-prxmx]

ok, i have try with postconf -n but , seems that postfix not read from file in /etc/pmg/template/main.cf.in .. which permission folder need?

Thanks

 

[Stoiko Ivanov]

the modifications should end up in /etc/postfix/main.cf - else there is a different problem

as said - do your changes end up in /etc/postfix/main.cf ?

/etc/pmg/template/main.cf.in

that should be /etc/pmg/templates (with an s at the end) - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

 

[np-prxmx]

Yes was the "s" in templates.
But also, i have problems with configuration.
i need to use authentication clients to send emails...because i would set it for printes, scanners and other third applications.

Do you have some examples of other customers that had implement this?

Thanks

 

[np-prxmx]

Hello, i've configured the postfix authentication and all.. but if i wanted to use relay only via authentication, so without "trudted network or relay domain", i got ever "relay access denied".

Where i m wrong? Is there any settings in proxmox that block my postfix config?

Thanks

 

[Stoiko Ivanov]

without "trudted network or relay domain",

edit the postfix configuration templates (master.cf.in and main.cf.in) to reflect what you want and run pmgconfig sync
afterwards restart postfix

 

[np-prxmx]

Hello, i've done.

I've insert this in main.cf.in:

'smtpd_sasl_auth_enable = yes'
'broken_sasl_auth_clients = yes'
'smtpd_sasl_security_options = noanonymous'
'smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination'

After do a pmgconfig sync --restart 1
and a postfix restart.. but if i don't insert or a trusted network or a trusted domain relay i give relay access denied.

 

[Stoiko Ivanov]

check the rendered /etc/postfix/main.cf and also check /etc/postfix/master.cf

maybe you forgot to remove the above settings in the template?

else - try enabling the verbose output of the postfix daemons (http://www.postfix.org/DEBUG_README.html) - that should give you a hint why relaying is denied

 

[np-prxmx]

in main.cf and master.cf i never modified, but i check if changes are applied and yes they are.

 

[cmurrayis]

How did you go with this? I am looking to do the same thing, Allowing external devices to send via 587 only with Auth.

 

[supinfo.caritas]

hello

is it possible to use the proxmox pasword file ?

smtp_sasl_password_maps = hash:/etc/pmg/user.conf

 

[Stoiko Ivanov]

is it possible to use the proxmox pasword file ?

no - not really - the parameter smtp_sasl_password_maps is AFAICT for outbound authentication (when postfix needs to use SMTP-AUTH for sending mails to/via other servers) - see:
http://www.postfix.org/SASL_README.html