Outbound SASL Support

Any email leaving ZixGateway for any destination, whether a mail server or Internet gateway, is considered outbound. Outbound SASL is required only if the destination server is a SASL server requiring SASL authentication. The ZixGateway outbound configuration is defined by destination. Therefore, unlike inbound SASL authentication, outbound SASL authentication can be selective.

To configure SASL in the ZixGateway appliance

1. Login to ZixGateway appliance as zixadmin.
2. Edit /etc/postfix/sasl_passwd by adding one line for each system you are authenticating to.

sudo vi /etc/postfix/sasl_passwd

Use the format destination username:password.

• If no password is required, you may use destination username.
• Destination is the IP or hostname where ZixGateway sends mail.
• username matches an NT user login or equivalent defined on the destination machine.

Note: If a server farm services the destination and all servers share the same authentication database, you should set this to be the domain name instead of adding a line for each individual server.

3. Execute the following command:

sudo postmap /etc/postfix/sasl_passwd

Ignore the warning message that appears.

To configure SASL in ZixGateway Manager

1. Select the Configure Server tab.
2. Select the Secure Connection tab.
3. Select Yes in the Enable Outbound SASL Support row.
4. Click Apply.
5. Select the System tab.
6. Verify that permit_sasl_authenticated is in the Recipient Restrictions box and appears before the reject_unauth_destination entry.
7. If it does not appear, enter it using the instructions in Recipient Restrictions.

Note: When using AUTH with the SMTP client, the host information matched in the client password map must exist in DNS, even if you are using a different naming service, such as NIS or host files.

Main Topic

SASL Support