This writeup illustrates how you can enable secure roaming access to an smtp server while simultaneously adding a further layer of security to your postfix mail server. Not 100% guaranteed to keep thieves at bay but very effective.
It works on the principle that if you have an account on the server you are authorized to relay from that server. So if you can authenticate your self to the pop daemon you’re allowed to send mails using the smtp server running on the same server. Otherwise not!
Assumes you’re using Dovecot for pop3/imap access and Postfix for the MTA
-
Download the source for pop-before-smtp
cd /home/imtiaz/src/
wget http://nchc.dl.sourceforge.net/sourceforge/popbsmtp/pop-before-smtp-1.41.tar.gz
tar -zxf pop-before-smtp-1.41.tar.gz
-
setup some required Perl modules
perl -MCPAN -e shell;
install Bundle::CPAN
install Time::HiRes File::Tail Net::Netmask Date::Parse DB_File
-
Move around the files
cd /home/imtiaz/src/pop-before-smtp-1.41
cp pop-before-smtp.init /etc/rc.d/init.d/pop-before-smtp
cp pop-before-smtp /usr/sbin/
cp pop-before-smtp-conf.pl /etc
Edit the /etc/pop-before-smtp-conf.pl file to customize it for your system.
# Set the log file we will watch for pop3d/imapd records.
$file_tail{‘name’} = ‘/var/log/maillog’;
set the pattern to what you have on your system (HINT: setup dovecot to log to /var/log/maillog and then enable it)
/usr/sbin/pop-before-smtp –dumpconfig
/usr/sbin/pop-before-smtp –debug –nowrite –reprocess
chkconfig pop-before-smtp on
/etc/init.d/pop-before-smtp start
ls -l /etc/postfix/pop* —>this will show you the db being created
-
Add these two lines to your postfix config
check_client_access=hash:/etc/postfix/pop-before-smtp
smtpd_recipient_restrictions = permit_mynetworks,reject_non_fqdn_recipient, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination
restart postfix by running postfix reload
N’joi
-
If you need help setting up pop-before-smtp on your server to allow remote SMTP in a secure manner to road warriors and hosting clients please contact us.