... | ... | @@ -119,6 +119,77 @@ This is how dgoulet configured his client: |
|
|
user dgoulet
|
|
|
passwordeval pass mail/dgoulet@torproject.org
|
|
|
|
|
|
### Postfix client configuration
|
|
|
|
|
|
If you run Postfix as your local Mail Transport Agent (MTA), you'll
|
|
|
need to do something special to route your emails through the
|
|
|
submission server.
|
|
|
|
|
|
First, set the following configuration in `main.cf`, by running the
|
|
|
following commands:
|
|
|
|
|
|
postconf -e smtp_sasl_auth_enable=yes
|
|
|
postconf -e smtp_sasl_password_maps=hash:/etc/postfix/sasl/passwd
|
|
|
postconf -e smtp_sasl_security_options=
|
|
|
postconf -e relayhost=submission.torproject.org:587
|
|
|
postconf -e smtp_tls_security_level=encrypt
|
|
|
postfix reload
|
|
|
|
|
|
The `/etc/postfix/sasl/passwd` file holds `hostname user:pass`
|
|
|
configurations, one per line:
|
|
|
|
|
|
touch /etc/postfix/sasl/passwd
|
|
|
chown root:root /etc/postfix/sasl/passwd && chmod 600 /etc/postfix/sasl/passwd
|
|
|
echo "submission.torproject.org user:pass" >> /etc/postfix/sasl/passwd
|
|
|
|
|
|
Then rehash that map:
|
|
|
|
|
|
postmap /etc/postfix/sasl/passwd
|
|
|
|
|
|
Note that this method stores your plain text password on disk. Make
|
|
|
sure permissions on the file are limited and that you use full disk
|
|
|
encryption.
|
|
|
|
|
|
`may` can be used as a `security_level` if we are going to send mail
|
|
|
to other hosts which may not support security, but make sure that
|
|
|
mails are encrypted when talking to the `relayhost`, for example
|
|
|
through a `smtp_tls_policy_maps`.
|
|
|
|
|
|
If you want to use Tor's submission server *only* for mail sent from a
|
|
|
`@torproject.org` address, you'll need an [extra step](http://www.postfix.org/SASL_README.html#client_sasl_sender). This should
|
|
|
be in `main.cf`:
|
|
|
|
|
|
postconf -e smtp_sender_dependent_authentication=yes
|
|
|
postconf -e sender_dependent_relayhost_maps=hash:/etc/postfix/sender_relay
|
|
|
|
|
|
Then in the `/etc/postfix/sender_relay` file:
|
|
|
|
|
|
# Per-sender provider; see also /etc/postfix/sasl_passwd.
|
|
|
anarcat@torproject.org [submission.torproject.org]
|
|
|
|
|
|
Then rehash that map as well:
|
|
|
|
|
|
postmap /etc/postfix/sender_relay
|
|
|
|
|
|
Make sure you do *not* change the `relahost` (above), or reset it to
|
|
|
its previous value. If you have changed your [`default_transport`](http://www.postfix.org/postconf.5.html#default_transport),
|
|
|
you'll also need a [`sender_dependent_default_transport_maps`](http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps) as
|
|
|
well:
|
|
|
|
|
|
postconf -e sender_dependent_transport_maps=hash:/etc/postfix/sender_transport
|
|
|
|
|
|
With `/etc/postfix/sender_transport` looking like:
|
|
|
|
|
|
anarcat@torproject.org smtp:
|
|
|
|
|
|
For debugging, you can make SMTP client sessions verbose in Postfix:
|
|
|
|
|
|
smtp unix - - - - - smtp -v
|
|
|
|
|
|
`smtp_sasl_mechanism_filter` is also very handy for debugging. For
|
|
|
example, you can try to force the authentication mechanism to
|
|
|
`cram-md5` this way.
|
|
|
|
|
|
## Pager playbook
|
|
|
|
|
|
No pager playbook has been built yet. See the [Monitoring and
|
... | ... | |