[lug] "Simple" mail MTA setup?

Jeremy Hinegardner jeremy at hinegardner.org
Sat Jan 6 02:17:30 MST 2007 

On Fri, Jan 05, 2007 at 08:43:07AM -0700, Phil Rasch wrote:
> I have been watching with interest the questions and advice the blug
> have been giving to D. Stimits. It is great to see people willing to
> help each other and the amount of expertise within the group.
> 
> Maybe somebody can help me with a vaguely related project.
> 
> I want to configure an MTA that does the following:
> 
> 1) accepts mail only from localhost
> 2) forwards the mail on to an smtp server which I will call the
>    smarthost for the rest of this email.
> 3) uses SSL or TLS to encrypt the transactions
> 7) supports queueing of mail

All of these should be handled by the null-client configuration from
Postfix
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client

Forcing SSL/TLS with a particular site is done with smtp_tls_policy_map

> 4) can supply a password and username to the smarthost for verification.

For postfix I believe this is done via SASL and the configuration
parameters are smtp_sasl_auth_enable and smtp_sasl_password_maps 
http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable

> 5) DOES NOT INDICATE THE IP NUMBER THAT THE MAIL ORIGINATES FROM IN
>    THE HEADER BUT IDENTIFIES IT AS ORIGINATING FROM THE SMARTHOST.

This will have to be done at the smarthost.  With postfix
configuration I believe this is done with the masquerade_domains
parameter

http://www.postfix.org/rewrite.html#masquerade

> 6) is fully configured in 5 minutes

Uh, probably unreasonable :-)

So, for a quick configuration that I have no idea if it works or not,
assuming your laptop is laptop.example.com and your relay host is
mail.example.com and you control the relay host configuration:

laptop.example.com:/etc/postfix/main.cf
   # use null client configuration and add the following
   smtp_sasl_auth_eanble = yes
   smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwords
   smtp_tls_policy_map = hash:/etc/postfix/tls_policy

laptop.example.com:/etc/postfix/sasl_passwords
    mail.example.com    user:password

laptop.example.com:/etc/postfix/tls_policy
    mail.example.com    encrypt

mail.example.com:/etc/postfix/main.cf
    # normal configuration you use + the following
    masquerade_doamins = example.com
    masquerade_classes = envelope_sender, envelope_recipient,
                         header_sender, header_recipient


You may want to look at a LAN to UUCP gateway for postfix.  Have your
laptop send email vi uucp to the postfix server at the smarthost.  I
don't know how this will affect the Received from headers as I have
never done this, but it could be an option to look at.

http://www.postfix.org/UUCP_README.html

enjoy,

-jeremy


-- 
========================================================================
 Jeremy Hinegardner                              jeremy at hinegardner.org

More information about the LUG mailing list