[x]Blackmoor Vituperative

Saturday, 2009-01-31

Postfix and Comcast

Filed under: Linux,Security — bblackmoor @ 12:36

I got a fun email today from Comcast (my ISP), saying they are blocking port 25, the port on which SMTP sends email, as a measure to fight spam. Isn’t that a kick in the pants? Of course, the only time I send email from home is when mortshire.org sends me reports. However, that is important, so I needed to find a way for mortshire to send me email with Comcast’s blessing. Thanks to Patrick Ben Koetter and Chris Fay, I have done just that.

1. In /etc/postfix/main.cf I added or changed these lines:

myhostname = annwn.mortshire.org
mydomain = mortshire.org
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

2. I create a file /etc/postfix/sasl_passwd with the contents:

[smtp.comcast.net]:587 userid:password

where userid and password are my comcast.net username and password.

3. Next, I changed the ownership and permissions on the sasl_passwd file to protect it from unauthorized access.

sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd

4. Finally, I created a database file from the contents of the sasl_passwd file:

sudo postmap hash:/etc/postfix/sasl_passwd

There we go: postfix now uses the Comcast mail gateway, and operates on port 587 rather than 25 (because spammers would never be able to do that, right? Yeeeeaaaahhhhhh…).

(Note: this is Postfix 2.5.5 under Fedora 10.)