Sunday, April 24, 2016

Postfix SMTP authentication update

The lovely Carol's blog got hacked, so I updated the password on our ISP account. Mostly this was a matter of changing the passwords on mail clients (Mail.app, thunderbird) but that didn't do it for cron(8)-driven commands that sent mail; for that I needed to update the passwords in old-school files. So now I'm telling you about it, where one of you is my future self :)

On the Mac Mini, the file is sasl_passwd, which I updated using vi(1). After that I had to root around a bit to find out how to update the map, which turned out to be quite simple, once I knew how.

bash-3.2# postmap hash:sasl_passwd
bash-3.2# ls -ot|head
total 440
-rw-------  1 root  16384 Apr 24 10:05 sasl_passwd.db
-rw-------  1 root    XXX Apr 24 10:01 sasl_passwd
-rw-r--r--  2 root  27097 Nov  1 14:32 main.cf
-rw-r--r--  2 root  27097 Nov  1 14:32 main.cf+sasl
-rw-r--r--  1 root  26615 Sep  9  2014 main.cf~orig
-rw-r--r--  1 root     44 Sep  9  2014 custom_header_checks
-rw-r--r--  1 root  26147 Sep  9  2014 main.cf.default
-rw-r--r--  1 root   7443 Sep  9  2014 master.cf
-rw-r--r--  1 root   7443 Sep  9  2014 master.cf.default
bash-3.2# exit
The hint came from http://www.postfix.org/SASL_README.html, particularly this:
  • Use the postmap command whenever you change the /etc/postfix/sasl_passwd file.

And on Debian Wheezy

For some reason the layout is a bit different.
root@p64:/etc/postfix# cd sasl
root@p64:/etc/postfix/sasl# postmap hash:passwd
root@p64:/etc/postfix/sasl# ls -ot
total 16
-rw------- 1 root 12288 Apr 24 10:09 passwd.db
-rw------- 1 root   XXX Apr 24 10:09 passwd
root@p64:/etc/postfix/sasl# exit
collin@p64:~$ echo how about this from p64? | mail -s well? MY.OTHER@EMAIL.ADDRESS
The message was received at my other email address, and I didn't get a bounce.

So apparently I got all this done in under ten minutes. How often does that happen??

No comments: