HowTos/Postfix

From Scalix Wiki
Revision as of 15:24, 5 February 2007 by Marc (Talk | contribs)

Jump to: navigation, search

Scalix Wiki -> How-Tos -> Postfix Integration

Replacing Sendmail with Postfix

This ist only a short discription (based on Debian), additions are highly appreciated. Follow these steps:

1. stop all sendmail services

/etc/init.d/spamass-milter stop /etc/init.d/sendmail stop /etc/init.d/scalix-sendmail stop


2. deinstall the packets

dpkg -P --force-depends sendmail dpkg -P sensible-mda dpkg -P rmail dpkg -P sendmail-bin dpkg -P sendmail-cf dpkg -P sendmail-base dpkg -P m4 dpkg -P spamass-milter


3. cleaning

3.1. remove the remaining folders: /var/run/sendmail/stampdir /var/run/sendmail/mta /var/lib/sendmail /usr/share/doc/sendmail /etc/mail

3.2. remove remaining files: /etc/init.d/scalix-sendmail


4. install then Postfix packets

apt-get install postfix apt-get install postfix-tls (needed for secure relaying) apt-get install sasl2-bin (for authentication)


5. Configure your Postfix

5.1. add this line to you master.cf: 

127.0.0.1:10001 inet  n       n       n       -       -       spawn user=scalix argv=/opt/scalix/bin/unix.in

5.2. main.cf: alias_maps = local_recipient_maps = mailbox_transport = smtp:[127.0.0.1]:10001

    1. transport_maps = hash:/etc/postfix/transport
    2. when you want to define additional mail-routing use transport_maps
    1. some rule against SPAM

smtpd_recipient_restrictions = 

   reject_unauth_pipelining
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination

   reject_rbl_client relays.ordb.org
   reject_rbl_client bl.spamcop.net
   reject_rbl_client dnsbl.sorbs.net
   reject_rbl_client cbl.abuseat.org
   reject_rbl_client sbl.spamhaus.org
   reject_rbl_client opm.blitzed.org
   reject_rbl_client l1.spews.dnsbl.sorbs.net

   reject_invalid_hostname
   reject_unknown_sender_domain
   reject_unknown_client
   reject_non_fqdn_sender
    1. use a recipent table to prevent mail-loops!
   check_recipient_access hash:/etc/postfix/recipient_access

   reject

5.3. content of an optinal transport map: @domain.tld smtp:[127.0.0.1]:10001

5.4. restart postfix


6. i use a script to create the recipient list

ldapsearch -h 127.0.0.1 -p 3890 -x omMailnode=Headquarters mail | grep -F mail: | cut -c 7- | awk '{print $0"\t\tOK"}' > /etc/postfix/recipients postmap /etc/postfix/recipients


7. SMTP-Auth

7.1. create this file '/etc/postfix/sasl/smtpd.conf': pwcheck_method: saslauthd mech_list: plain, login saslauthd_path: /var/run/saslauthd/mux

7.2. modify the '/etc/default/saslauthd' (for Debian):

  1. This needs to be uncommented before saslauthd will be run automatically

START=yes

  1. You must specify the authentication mechanisms you wish to use.
  2. This defaults to "pam" for PAM support, but may also include
  3. "shadow" or "sasldb", like this:
  4. MECHANISMS="pam shadow"

MECHANISMS="ldap" PARAMS="-m /var/spool/postfix/var/run/saslauthd"

7.3. create the '/etc/saslauthd.conf': (!!! UNTESTED !!!) ldap_servers: ldap://127.0.0.1:3890/ ldap_filter: UL-AUTHID=%u

7.4. restart sasl daemon


8. Testing Authentication

testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u user -p password


good luck!

Retrieved from "https://www.scalix.com/wiki/index.php?title=HowTos/Postfix&oldid=2996"