Configuring Postfix to work with BT Yahoo
back
I have been having some painful problems with configuring my Linux box to use BT Yahoo's mail server as the MTA (Mail Transport Agent), so thought I might share the steps here. There are other articles on the net which cover the various aspects of Postfix configuration in more details, but still, you have to do a lot of experimentation in order to get everything working. This means having to send out a lot of test mail and use a separate mailbox from a different provider to test if the mail works. My goals are:
- setup BT Yahoo as the mail relay host for all external mails. This step is made more complex due to the fact that these days you have to authenticate yourself against the smtp gateway at Yahoo.
- use my Linux box as the mail Gateway for all internal mails. This means you can send mails around the intranet without having to even quote the Fully Qualified Domain Name (FQDN) e.g. myserver instead of myserver.mydomain.com
I have condensed it down to the steps necessary, and have taken out any explanations etc on the options, as these can be found elsewhere with much more details.
Why is this necessary, you might ask ? Most Linux boxes have a built-in smtp capability and should work out of the box. This is true. However, unless your Linux server has a static IP address which resolves to a domain which can be reserve looked up, you will have problems sending mail to certain organisations which hide behind the Messagelab filter. This filter is rather dumb in that it assumes any mail not coming from a reputable smtp gateway is a sp@m. It will therefore unconditionally block them. So if you ever wondered why the mail sent by your newly configured Linux box never reached your friends, then you should consider configuring the smtp relay for all external mails to ensure they can be delivered. The second reason is security. Most ISP provided smtp gateway require authentication these days before it will let you carry on. By default, your Linux box will not have authentication switched on, so you will need to either switch on authentication, or use the smtp gateway's authentication service, to ensure if your intranet is compromised, your Linux box will not be used as a sp@m gateway (which will get you blacklisted for sure).
Let's assume you want to configure your Linux box called jovian.mygalaxy.intranet to do perform the above tasks, and a second backup server called neptune.mygalaxy.intranet. Here are the steps:
Step 1. Configure the relay host
In the directory /etc/postfix on the machine jovian, there is a main.cf file and another called main.cf.default. The former is the one used by Postfix, the latter is the lookup guide for all the possible settings you can have, so you can copy from this file and paste into the first for any additional option you require, without running the risk of incorrectly spelling it. Add or edit the following lines (if they are commented, uncomment them and then edit. These lines will be scattered over main.cf, so make sure you first search for them):
myhostname = jovian.mygalaxy.intranet
mydomain = mygalaxy.intranet
inet_interfaces = $myhostname, localhost
# configure the local transport in the /etc/postfix/transport file so that local mails do not
# get forwarded to the relay host
transport_maps = hash:/etc/postfix/transport
# this is the relay host for external mails. The host name MUST be enclosed in square brackets,
# otherwise postfix insists on looking up the MX record of the relay host. This could cause your
# mail delivery to fail if the MX record is not correctly configured (believe me, it did happen !)
relayhost = [mail.btyahoo.co.uk]
# switch on authentication
smtp_sasl_auth_enable = yes
# the user name and password are stored
# in /etc/postfix/sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# force authentication
smtp_sasl_security_options = noanonymous
# be courteous ! (optional)
smtp_helo_name = Galaxy.net
# identify yourself (optional)
smtpd_banner = Galaxy Mail
The rest of the file should be left alone, unless you want to customise something else to your own preference.
Step 2. Configure the local transport file
Edit the /etc/postfix/transport file on jovian (or create one if it does not exist) to include the following lines:
# you need a space character between the name and the colon
jovian :
# you need a space character between the name and the colon
jovian.mygalaxy.intranet :
# 192.168.0.2 is the IP address for neptune
neptune smtp:192.168.0.2
neptune.mygalaxy.intranet smtp:192.168.0.2
On neptune, do the same thing, but switch the names and IP address around:
# you need a space character between the name and the colon
neptune :
# you need a space character between the name and the colon
neptune.mygalaxy.intranet :
# 192.168.0.1 is the IP address for jovian
jovian smtp:192.168.0.1
jovian.mygalaxy.intranet smtp:192.168.0.1
Then run the following command
postmap /etc/postfix/transport
which will create a hash database file called /etc/postfix/transport.db
Step 3. Create the SASL password file
Edit or create the /etc/postfix/sasl_password file to contain the following entry:
# remember to enclose your relay host name in square brackets, like in the main.cf file above
# Your user name to the relay host is joe, and the password is blog
[mail.btyahoo.co.uk] joe:blog
Then run the command:
postmap /etc/postfix/sasl_password
to create the hash database /etc/postfix/sasl_password.db
Step 4. Reload the changes
Run the command
/etc/init.d/postfix reload
This is all you need to do. Send some test mail to internal and external accounts to test the new setup. Also, the procedure should be identical for any smtp gateway on any provider, not just BT Yahoo.
Diagnostics
If it all goes pear-shaped with your smtp relay host, you can try to connect directly with this server to verify the details. Before that make sure you convert your user name and password into Base-64 encoded strings and keep it handy for when the server prompts you (also in base-64).
$ echo "joe" | mimencode
am9lCg==
$ echo "blog" | mimencode
YmxvZwo=
Now try the command below, the lines in red are what you will type in when prompted. The base-64 user name and password can be pasted from above
$ telnet mail.btyahoo.co.uk 25
Trying 199.198.197.192...
Connected to mail.btyahoo.co.uk (199.198.197.192).
Escape character is '^]'.
220 smtp.btyahoo.co.uk ESMTP
EHLO
250-smtp.btyahoo.co.uk
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
auth login
334 VXNlcm5hbWU6
am9lCg==
334 UGFzc3dvcmQ6
YmxvZwo=
535 authorization OK
QUIT
Look up MX record of a host
Sometimes you need to check the MX record of the smtp relay gateway to ensure it is correctly configured. The command to use is dig. Check to make sure the lines in the ANSWER SECTION contain the MX record and the name looks OK.
$ dig -t mx mail.btyahoo.co.uk
; <<>> DiG 9.2.3rc2 <<>> -t mx mail.btyahoo.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54842
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.btyahoo.co.uk. IN MX
;; ANSWER SECTION:
mail.btyahoo.co.uk. 3600 IN MX 10 stargate.btinternet.com.
mail.btyahoo.co.uk. 3600 IN MX 20 moongate.btinternet.com.
;; Query time: 16 msec
;; SERVER: 194.72.9.55#53(194.72.9.55)
;; WHEN: Tue Jul 25 00:35:31 2006
;; MSG SIZE rcvd: 100
back
There is a mistake in your echo command.
For the authentication to work, you need to use "echo -n 'username' | mimencode".
Otherwise the trailing newline confuses the bt mailserver. |
|
by Malcolm Parsons at 22 May 2007 13:40:55
|
| Hey, thanks for the guide. This is great. |
|
by Jane Newell at 30 May 2007 20:38:40
|
Spot on. got me sorted out OK, but...
you have sasl_passwd in 1 part of the file and
sasl_password in another. |
|
by jason at 25 Feb 2008 15:53:28
|
|
