1

Deployed simple Postfix setup. Currently using Google's SMTP server as smarthost:

relayhost = [smtp.gmail.com]:587

smtp_sasl_auth_enable=yes
smtp_sasl_security_options=noanonymous
smtp_use_tls=yes

smtp_tls_note_starttls_offer=yes
smtp_tls_security_level=encrypt

smtp_sasl_password_maps=hash:/etc/postfix/saslpassword

Have corresponding file /etc/postfix/saslpassword

[smtp.gmail.com]:587 <mail>:<password>

However, having sensitive credentials in plain text bothers me.

Is there any way to use smarthost without authentificating?

I mean, not for spamming via open relay but for convenience of not specifying password in plain text and a bit more additional privacy?

Any help is much appreciated, thanks.

janos
  • 798
  • 1
  • 5
  • 22
Bulat M.
  • 117
  • 1
  • 6

1 Answers1

2

Yes, you have two options:

  1. Get Google to add your server IP as a trusted sender (not likely to happen).

  2. Use your service provider's SMTP service for mail relay.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • You mean, ISPs provide open relays for their clients that could be freely used without authentication? – Bulat M. Dec 26 '16 at 11:17
  • That is the case at least in Finland. – Tero Kilkanen Dec 26 '16 at 11:21
  • Is there any way to get it, if, for example, one uses public AP to connect to the internet? Maybe DHCP client configuration? – Bulat M. Dec 26 '16 at 11:34
  • Well, the second option won't work very nicely with SPF, I guess. `v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"` – Sven Dec 26 '16 at 11:55
  • @BulatM. yes, and actually provide open relays for any client that use their internet. (in canada for me). Be advised that often the isp scan outgooing email from their open relay to block infected user/ip. (barracuda, spamasassin, etc..) Thus if you think it will generate a lot of traffic you better warn your isp before. – yagmoth555 Dec 26 '16 at 13:23