User Tools

Site Tools



#> apt-get install postfix postfix-tls postfix-pcre libsasl2 libsasl2-modules sasl2-bin

SASL authd

Make saslauthd work with changerooted postfix:

Edit /etc/default/saslauthd:

# This needs to be uncommented before saslauthd will be run automatically

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"


PARAMS="-m /var/spool/postfix/var/run/saslauthd"

Use dpkg-statoverride to make sure the startscript works as expected:

#> dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

Add the postfix user to the group sasl

#> usermod -g postfix -G sasl postfix

Create a /etc/postfix/sasl/smtpd.conf file with the following options:

pwcheck_method: saslauthd
mech_list: plain login

Start the sasldaemon and restart postfix

#> /etc/init.d/saslauthd start
#> /etc/init.d/postfix restart


Create a private key and a certificate as described here.

#> mkdir /etc/postfix/ssl
#> cp cp postfixCert.pem postfixKey.pem /etc/postfix/ssl/
#> chmod 400 /etc/postfix/ssl/postfixKey.pem
#> cp /etc/ssl/CA/cacert.pem /etc/postfix/ssl/

Add the following to the /etc/postfix/

# Enable TLS support
smtpd_tls_key_file  = /etc/postfix/ssl/postfixKey.pem
smtpd_tls_cert_file = /etc/postfix/ssl/postfixCert.pem
smtpd_tls_CAfile    = /etc/postfix/ssl/cacert.pem
smtpd_use_tls       = yes

Comment in the following three lines in /etc/postfix/

tlsmgr    fifo  -       -       n       300     1       tlsmgr
smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
587       inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

Spam prevention

Follow the tutorial at

The SPF script which comes with the postfix-doc package is broken 1) so we get a current one from the source directly.

Go to the following URL :

and download the most recent version of this file (click on “(download)”) and save to /etc/postfix/

To make it work install the needed Perl lib and make the script executable.

#> apt-get install libmail-spf-query-perl
#> chmod 755 /etc/postfix/

Then add the following to /etc/postfix/

spfpolicy unix  -       n       n       -       -       spawn user=nobody argv=/usr/bin/perl /etc/postfix/

Add the following entry

check_policy_service unix:private/spfpolicy

to /etc/postfix/ into the smtpd_recipient_restrictions section. Preferable as one of the last restrictions.


smtpd_recipient_restrictions =
        check_policy_service unix:private/spfpolicy
It produces the following error: syslog: invalid level/facility: warn at ./ line 154
postfix.txt · Last modified: 2008/04/19 17:43 by