Replacing postfix with dma + auth

Leave a Comment / dma, Mail, Postfix / By

It’s a muggy Friday morning, sitting outside the cafe – it’s tolerable in the shade with a slight breeze and cold iced-latte in a glass. Dogs walking past, lots of pats.

It’s time to change most of my hosts from Postfix (my favorite MTA) to dma (in FreeBSD, no install required).

I have previously moved most of my jail hosts from Postfix to dma. A few days ago, I changed one of my jail hosts over. Today, I’m going to try the rest of the hosts.

Let’s go.

In this post:

  1. FreeBSD 14.1

The main configuration

I have seven hosts/jails to modify here. They are all using Postfix and each one relays to my email provider, and the mail goes from there.

The instructions I show are from one host, but the commands are being run on all hosts – I have connected to them via csshX.

Stop and disable the postfix service:

[11:56 cliff1 dvl ~] % sudo service postfix stop 
postfix/postfix-script: stopping the Postfix mail system
[11:56 cliff1 dvl ~] % sudo service postfix disable    
postfix disabled in /etc/rc.conf

Disable sendmail (In recent FreeBSD releases, sendmail is disabled by default):

[11:57 cliff1 dvl ~] % sudo sysrc sendmail_enable="NO"
sendmail_enable: NO -> NO
[11:57 cliff1 dvl ~] %

In my case, that was already present, but on some hosts it was not. Those host were using (something like this):

[dvl@r720-02:~] $ grep sendmail /etc/rc.conf
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

This is the dma configuration file I used:

[12:03 cliff1 dvl ~] % cat /etc/dma/dma.conf
SMARTHOST smtp.example.com
PORT 465
SECURETRANSFER

AUTHPATH /etc/dma/auth.conf

My value for SMARTHOST was obtain by running:

[12:03 cliff1 dvl ~] % postconf relayhost
relayhost = [smtp.example.com]:submission

submission was converted to a port number via:

[12:03 cliff1 dvl ~] % grep submission /etc/services
submissions	465/tcp	   #Message Submission over TLS
submission	587/tcp
submission	587/udp

Note that I’m changing from 587 to 465 – just because I’m going to rely upon SSL, versus STARTTLS (for no particular reason). Consult your email provider for what to use.

Next, I created an empty authorization file. My best practice is to create the file first, with permissions you want, then populate it.

[12:08 cliff1 dvl ~] % sudo touch /etc/dma/auth.conf
[12:08 cliff1 dvl ~] % sudo chmod 640 /etc/dma/auth.conf
[12:08 cliff1 dvl ~] % ls -l /etc/dma/auth.conf
-rw-r-----  1 root wheel 0 2024.08.02 12:08 /etc/dma/auth.conf

NOTE: later I discovered and fixed this issue:

[13:20 cliff1 dvl ~] % sudo mailq
mailq: can not open auth file `/etc/dma/auth.conf': Permission denied
[13:20 cliff1 dvl ~] % ls -l /etc/dma/auth.conf
-rw-r-----  1 root wheel 52 2024.08.02 12:15 /etc/dma/auth.conf
[13:20 cliff1 dvl ~] % sudo chgrp mail /etc/dma/auth.conf 
[13:21 cliff1 dvl ~] % sudo mailq                        
Mail queue is empty
[13:21 cliff1 dvl ~] %

This file contains something like this:

dan@example.com|smtp.example.com:my-password

I obtained the password from my existing Postfix configuration. In my case, it was found in this file:

[12:16 cliff1 dvl ~] % postconf smtp_sasl_password_maps
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd

I created the cronjob for dma:

[12:17 cliff1 dvl ~] % cat /usr/local/etc/cron.d/dma         
*/30    *       *       *       *       root    /usr/libexec/dma -q

I moved this file out of the way. I think it a legacy configuration item I created years ago.

[12:18 cliff1 dvl ~] % sudo mv /usr/local/etc/mail/mailer.conf /usr/local/etc/mail/mailer.conf.disabled
[12:19 cliff1 dvl ~] %

See my previous post for how this lingering file created a problem.

It contained:

[12:19 cliff1 dvl ~] % cat /usr/local/etc/mail/mailer.conf.disabled
#
# Execute the Postfix sendmail program, named /usr/local/sbin/sendmail
#
sendmail	/usr/local/sbin/sendmail
send-mail	/usr/local/sbin/sendmail
mailq		/usr/local/sbin/sendmail
newaliases	/usr/local/sbin/sendmail

Testing

For testing I did this:

[12:21 aws-1 dan ~] % echo $(hostname) testing | mail dan@example.org

I used hostname so that I would know which hosts had worked when I was reviewing the received emails.

The logs looked like this:

Aug  2 12:22:06 cliff1 dma[afd5d][46246]: new mail from user=dvl uid=1001 envelope_from=
Aug  2 12:22:06 cliff1 dma[afd5d][46246]: mail to= queued as afd5d.240c20248000
Aug  2 12:22:06 cliff1 dma[afd5d.240c20248000][46247]:  trying delivery
Aug  2 12:22:06 cliff1 dma[afd5d.240c20248000][46247]: using smarthost (smtp.example.com:465)
Aug  2 12:22:06 cliff1 dma[afd5d.240c20248000][46247]: trying remote delivery to smtp.example.com [233.252.0.45] pref 0
Aug  2 12:22:06 cliff1 dma[afd5d.240c20248000][46247]: using SMTP authentication for user dvl@example.com
Aug  2 12:22:07 cliff1 dma[afd5d.240c20248000][46247]:  delivery successful

Success!

Every host successfully sent the email.

Hope this helps.

Still to do

For me, now I have to update the monitoring for these hosts. They are checking Postfix queues now. That has to change.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top