Differences

This shows you the differences between two versions of the page.

--- postfix [2006/10/17 01:09] – old revision restored andi
+++ postfix [2008/04/19 17:43] (current) – 85.178.128.191
@@ Line 1: / Line 1: @@
+====== Postfix ======
+  #> apt-get install postfix postfix-tls postfix-pcre libsasl2 libsasl2-modules sasl2-bin
+===== SASL authd =====
+Make saslauthd work with changerooted postfix:
+Edit ''/etc/default/saslauthd'':
+<file>
+# This needs to be uncommented before saslauthd will be run automatically
+START=yes
+# You must specify the authentication mechanisms you wish to use.
+# This defaults to "pam" for PAM support, but may also include
+# "shadow" or "sasldb", like this:
+# MECHANISMS="pam shadow"
+MECHANISMS="pam"
+PWDIR=/var/spool/postfix/var/run/saslauthd
+PARAMS="-m /var/spool/postfix/var/run/saslauthd"
+</file>
+Use ''dpkg-statoverride'' to make sure the startscript works as expected:
+  #> dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
+Add the postfix user to the group sasl
+  #> usermod -g postfix -G sasl postfix
+Create a ''/etc/postfix/sasl/smtpd.conf'' file with the following options:
+<file>
+pwcheck_method: saslauthd
+mech_list: plain login
+</file>
+Start the sasldaemon and restart postfix
+  #> /etc/init.d/saslauthd start
+  #> /etc/init.d/postfix restart
+===== TLS =====
+Create a private key and a certificate as described [[sslca|here]].
+  #> mkdir /etc/postfix/ssl
+  #> cp cp postfixCert.pem postfixKey.pem /etc/postfix/ssl/
+  #> chmod 400 /etc/postfix/ssl/postfixKey.pem
+  #> cp /etc/ssl/CA/cacert.pem /etc/postfix/ssl/
+Add the following to the ''/etc/postfix/main.cf'':
+<file>
+# Enable TLS support
+smtpd_tls_key_file  = /etc/postfix/ssl/postfixKey.pem
+smtpd_tls_cert_file = /etc/postfix/ssl/postfixCert.pem
+smtpd_tls_CAfile    = /etc/postfix/ssl/cacert.pem
+smtpd_use_tls       = yes
+</file>
+Comment in the following three lines in ''/etc/postfix/master.cf''
+<file>
+tlsmgr    fifo  -       -       n       300     1       tlsmgr
+smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
+       inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
+</file>
+===== Spam prevention =====
+Follow the tutorial at http://www.freesoftwaremagazine.com/free_issues/issue_02/focus_spam_postfix/
+The SPF script which comes with the postfix-doc package is broken ((It produces the following error: ''syslog: invalid level/facility: warn at ./spf-policy.pl line 154'')) so we get a current one from the source directly.
+Go to the following URL :
+http://new.openspf.org/source/software/postfix-policyd-spf-perl/tags/1.08/postfix-policyd-spf-perl?rev=13&view=log
+and download the most recent version of this file (click on "(download)") and save to /etc/postfix/spf-policy.pl
+To make it work install the needed Perl lib and make the script executable.
+  #> apt-get install libmail-spf-query-perl
+  #> chmod 755 /etc/postfix/spf-policy.pl
+Then add the following to ''/etc/postfix/master.cf''
+<file>
+spfpolicy unix  -       n       n       -       -       spawn user=nobody argv=/usr/bin/perl /etc/postfix/spf-policy.pl</file>
+Add the following entry
+<file>
+check_policy_service unix:private/spfpolicy
+</file>
+to ''/etc/postfix/main.cf'' into the smtpd_recipient_restrictions section. Preferable as one of the last restrictions.
+e.g.
+<file>
+smtpd_recipient_restrictions =
+        reject_unauth_destination
+        reject_unknown_recipient_domain
+        reject_unverified_recipient
+        check_policy_service unix:private/spfpolicy
+</file>