Authenticating SMTP Proxy

Question

I have acquired a number of mail users, and I'm wanting to transition them away from their current mail server and onto mine. I've set up perdition as a proxy which will allow me to proxy IMAP and POP connections - and I have control of the DNS used to direct them to the appropriate mail server. I do not have access to the old mail server.

The mail proxy server is running Linux

Unfortunately I suspect a lot of people are using the same server for POP3 and SMTP.

I am wanting to set up an SMTP proxy so I can seemlessly provide SMTP services to the customers during the transition - without an open mail relay. It does not appear that Perdition offers this solution natively.

Is anyone aware of a solution which either proxies SMTP requests (including AUTH requests) - ideally with the ability to map which requests go to which backend ? [ I've not tried an IPTables DNAT rule - I suspect this might work, but I loose the ability to do authentication to different servers on a per domain / client basis, which makes migration substantially harder ].

EDIT

I have tried configuring Dovecot as a director / proxy in place of Perdition. This works fine for IMAP and POP, but not for SMTP - Specifically it will authenticate based on username or domain name - it does not check the actual credentials against the SMTP server.

May be the port-forwarding is an option? Forward ports 25 and 143 from an old server to the new ones via `ssh`: `ssh -N -f -i /path/ssh.key -L 25:127.0.0.1:25 user@newhost.tld` Here all packets arriving old server on the port 25 will be forwarded via ssh tunnel directly to the new server. — Kondybas, Sep 23 '15 at 10:16
Thanks for the comment. I dont have SSH access to old server, so I dont think that can work. I did find an smtp proxy I may be able to abuse to do the job, but it cant switch between backends based on domain/email which makes things a pain (and its not designed to be world facing) — davidgo, Sep 23 '15 at 16:44

Jacob Evans · Accepted Answer · 2015-09-28T12:22:31.820

4

For Postfix,
http://www.andybev.com/index.php/SMTP_authentication_and_Postfix

START=yes
MECHANISMS="rimap"
MECH_OPTIONS="imap.example.com"

I would also configure postfix to route directly to your new SMTP Server as a relay. Add the IP of your new server to 'my networks' and set relayhost to the new smtp server.

Point it to the perdition proxy for dovecot where the imap server is, it's plain auth between the saslauthd system and imap so you'll need to use the perdition proxy as non-secure to localhost (or just block external access to 143 pending your setup details)

edited Sep 28 '15 at 12:22

answered Sep 27 '15 at 03:53

Jacob Evans

7,636
3
25
55

1

Thanks for this. That is exactly what I was looking for ! – davidgo Sep 27 '15 at 16:58
1

I know exim can do it too, but it's a bit more complex – Jacob Evans Sep 27 '15 at 16:59

Authenticating SMTP Proxy

1 Answers1