Difference between revisions of "HowTos/Postfix"

From Scalix Wiki
Jump to: navigation, search
(Replacing Sendmail by Postfix)
 
m (fixed link to HowTos/Complete_Postfix)
 
(20 intermediate revisions by 5 users not shown)
Line 1: Line 1:
Replacing Sendmail by Postfix
+
[[Scalix Wiki]] -> [[How-Tos]] -> '''Postfix Integration'''
  
This ist only a short discription (based on Debian), additions are highly appreciated.
+
'''Please note: this has been superseded by [[HowTos/Complete_Postfix|The Complete Postfix Howto]]'''
  
1. stop all sendmail services:
+
= Replacing Sendmail with Postfix =
/etc/init.d/spamass-milter stop
+
/etc/init.d/sendmail stop
+
/etc/init.d/scalix-sendmail stop
+
  
2. deinstall the packets:
+
Also see
dpkg -P --force-depends sendmail
+
http://www.scalix.com/forums/viewtopic.php?t=5791&highlight=postfix
dpkg -P sensible-mda
+
 
dpkg -P rmail
+
 
dpkg -P sendmail-bin
+
This is only a short discription (based on Debian), additions are highly appreciated.
dpkg -P sendmail-cf
+
Follow these steps:
dpkg -P sendmail-base
+
 
dpkg -P m4
+
== stop all sendmail services ==
dpkg -P spamass-milter
+
/etc/init.d/spamass-milter stop
 +
/etc/init.d/sendmail stop
 +
/etc/init.d/scalix-sendmail stop
 +
omoff -d 0 smtpd (the Scalix SMTP-Relay is not longer needed)
 +
omsetsvc -a smtpd N (to prevent the built-in SMTP-daemon from startup)
 +
 
 +
== deinstall the packets ==
 +
dpkg -P --force-depends sendmail
 +
dpkg -P sensible-mda
 +
dpkg -P rmail
 +
dpkg -P sendmail-bin
 +
dpkg -P sendmail-cf
 +
dpkg -P sendmail-base
 +
dpkg -P m4
 +
dpkg -P spamass-milter
 +
 
 +
== cleaning ==
  
 
3.1. remove the remaining folders:
 
3.1. remove the remaining folders:
/var/run/sendmail/stampdir
+
/var/run/sendmail/stampdir
/var/run/sendmail/mta
+
/var/run/sendmail/mta
/var/lib/sendmail
+
/var/lib/sendmail
/usr/share/doc/sendmail
+
/usr/share/doc/sendmail
/etc/mail
+
/etc/mail
  
 
3.2. remove remaining files:
 
3.2. remove remaining files:
/etc/init.d/scalix-sendmail
+
/etc/init.d/scalix-sendmail
  
4. install then Postfix packets:
+
== install the Postfix packets ==
apt-get install postfix
+
apt-get install postfix
apt-get install postfix-tls (needed for secure relaying)
+
apt-get install postfix-tls (needed for secure relaying)
apt-get install sasl2-bin (for authentication)
+
apt-get install sasl2-bin (for authentication)
  
5. Configure your Postfix
+
== Configure your Postfix ==
  
5.1. add this line to you master.cf:
+
5.1. add this line to your master.cf:
 
  127.0.0.1:10001 inet  n      n      n      -      -      spawn user=scalix argv=/opt/scalix/bin/unix.in
 
  127.0.0.1:10001 inet  n      n      n      -      -      spawn user=scalix argv=/opt/scalix/bin/unix.in
  
 
5.2. main.cf:
 
5.2. main.cf:
alias_maps =
+
alias_maps =
local_recipient_maps =
+
local_recipient_maps =
mailbox_transport = smtp:[127.0.0.1]:10001
+
mailbox_transport = smtp:[127.0.0.1]:10001
## transport_maps = hash:/etc/postfix/transport
+
## transport_maps = hash:/etc/postfix/transport
## when you want to define additional mail-routing use transport_maps
+
## when you want to define additional mail-routing use transport_maps
  
## some rule against SPAM
+
## for authentication (SMTP-Relaying)
smtpd_recipient_restrictions =
+
smtpd_sasl_auth_enable = yes
 +
smtpd_sasl_security_options = noanonymous
 +
smtpd_tls_auth_only = no
 +
smtpd_sasl_local_domain =
 +
broken_sasl_auth_clients = yes
 +
 
 +
smtpd_recipient_restrictions =
 
     reject_unauth_pipelining
 
     reject_unauth_pipelining
 
     permit_mynetworks
 
     permit_mynetworks
Line 52: Line 71:
 
     reject_unauth_destination
 
     reject_unauth_destination
  
 +
## some rules against SPAM
 
     reject_rbl_client relays.ordb.org
 
     reject_rbl_client relays.ordb.org
 
     reject_rbl_client bl.spamcop.net
 
     reject_rbl_client bl.spamcop.net
Line 65: Line 85:
 
     reject_non_fqdn_sender
 
     reject_non_fqdn_sender
  
## use a recipent table to prevent mail-loops!
+
## use a recipent table to prevent mail-loops!
 
     check_recipient_access hash:/etc/postfix/recipient_access
 
     check_recipient_access hash:/etc/postfix/recipient_access
  
Line 71: Line 91:
  
 
5.3. content of an optinal transport map:
 
5.3. content of an optinal transport map:
@domain.tld        smtp:[127.0.0.1]:10001
+
@domain.tld        smtp:[127.0.0.1]:10001
  
 
5.4. restart postfix
 
5.4. restart postfix
  
6. i use a script to create the recipient list:
+
== i use a script to create the recipient list ==
ldapsearch -h 127.0.0.1 -p 3890 -x omMailnode=Headquarters mail | grep -F mail: | cut -c 7- | awk '{print $0"\t\tOK"}' > /etc/postfix/recipients
+
ldapsearch -h 127.0.0.1 -p 389 -x omMailnode=Headquarters mail | grep -F mail: | cut -c 7- | awk '{print $0"\t\tOK"}' > /etc/postfix/recipients
postmap /etc/postfix/recipients
+
postmap /etc/postfix/recipients
  
 
+
== SMTP-Auth ==
7. SMTP-Auth
+
  
 
7.1. create this file '/etc/postfix/sasl/smtpd.conf':
 
7.1. create this file '/etc/postfix/sasl/smtpd.conf':
pwcheck_method: saslauthd
+
pwcheck_method: saslauthd
mech_list: plain, login
+
mech_list: plain, login
saslauthd_path: /var/run/saslauthd/mux
+
saslauthd_path: /var/run/saslauthd/mux
  
 
7.2. modify the '/etc/default/saslauthd' (for Debian):
 
7.2. modify the '/etc/default/saslauthd' (for Debian):
# This needs to be uncommented before saslauthd will be run automatically
+
# This needs to be uncommented before saslauthd will be run automatically
START=yes
+
START=yes
 +
 
 +
# You must specify the authentication mechanisms you wish to use.
 +
# This defaults to "pam" for PAM support, but may also include
 +
# "shadow" or "sasldb", like this:
 +
# MECHANISMS="pam shadow"
 +
 
 +
MECHANISMS="ldap"
 +
PARAMS="-m /var/spool/postfix/var/run/saslauthd"
 +
 
 +
7.3. create the '/etc/saslauthd.conf':
 +
ldap_servers: ldap://127.0.0.1:389
 +
ldap_filter: OmUlAuthid=%u
 +
 
 +
7.4 Open SSL-Port 465 for Outlook Clients (add to master.cf):
 +
  smtps    inet  n      -      n      -      -      smtpd
 +
    -o smtpd_tls_wrappermode=yes
 +
    -o smtpd_sasl_auth_enable=yes
 +
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  
# You must specify the authentication mechanisms you wish to use.
+
  This opens a direct SSL port for client like Outlook
# This defaults to "pam" for PAM support, but may also include
+
  that don't know how to use STARTTLS
# "shadow" or "sasldb", like this:
+
# MECHANISMS="pam shadow"
+
  
MECHANISMS="ldap"
 
PARAMS="-m /var/spool/postfix/var/run/saslauthd"
 
  
7.3. create the '/etc/saslauthd.conf': (!!! UNTESTED !!!)
+
7.5. restart sasl daemon
ldap_servers: ldap://127.0.0.1:3890/
+
ldap_filter: UL-AUTHID=%u
+
  
7.4. restart sasl daemon
+
== Testing Authentication ==
 +
testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u user -p password
  
8. Testing Authentication:
 
testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u user -p password
 
  
 
good luck!
 
good luck!

Latest revision as of 15:50, 30 June 2010

Scalix Wiki -> How-Tos -> Postfix Integration

Please note: this has been superseded by The Complete Postfix Howto

Replacing Sendmail with Postfix

Also see http://www.scalix.com/forums/viewtopic.php?t=5791&highlight=postfix


This is only a short discription (based on Debian), additions are highly appreciated. Follow these steps:

stop all sendmail services

/etc/init.d/spamass-milter stop
/etc/init.d/sendmail stop
/etc/init.d/scalix-sendmail stop
omoff -d 0 smtpd (the Scalix SMTP-Relay is not longer needed)
omsetsvc -a smtpd N (to prevent the built-in SMTP-daemon from startup)

deinstall the packets

dpkg -P --force-depends sendmail
dpkg -P sensible-mda
dpkg -P rmail
dpkg -P sendmail-bin
dpkg -P sendmail-cf
dpkg -P sendmail-base
dpkg -P m4
dpkg -P spamass-milter

cleaning

3.1. remove the remaining folders: 

/var/run/sendmail/stampdir
/var/run/sendmail/mta
/var/lib/sendmail
/usr/share/doc/sendmail
/etc/mail

3.2. remove remaining files: 

/etc/init.d/scalix-sendmail

install the Postfix packets

apt-get install postfix
apt-get install postfix-tls (needed for secure relaying)
apt-get install sasl2-bin (for authentication)

Configure your Postfix

5.1. add this line to your master.cf: 

127.0.0.1:10001 inet  n       n       n       -       -       spawn user=scalix argv=/opt/scalix/bin/unix.in

5.2. main.cf: 

alias_maps =
local_recipient_maps =
mailbox_transport = smtp:[127.0.0.1]:10001
## transport_maps = hash:/etc/postfix/transport
## when you want to define additional mail-routing use transport_maps

## for authentication (SMTP-Relaying)
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
   reject_unauth_pipelining
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination

## some rules against SPAM
   reject_rbl_client relays.ordb.org
   reject_rbl_client bl.spamcop.net
   reject_rbl_client dnsbl.sorbs.net
   reject_rbl_client cbl.abuseat.org
   reject_rbl_client sbl.spamhaus.org
   reject_rbl_client opm.blitzed.org
   reject_rbl_client l1.spews.dnsbl.sorbs.net

   reject_invalid_hostname
   reject_unknown_sender_domain
   reject_unknown_client
   reject_non_fqdn_sender

## use a recipent table to prevent mail-loops!
   check_recipient_access hash:/etc/postfix/recipient_access

   reject

5.3. content of an optinal transport map: 

@domain.tld         smtp:[127.0.0.1]:10001

5.4. restart postfix

i use a script to create the recipient list

ldapsearch -h 127.0.0.1 -p 389 -x omMailnode=Headquarters mail | grep -F mail: | cut -c 7- | awk '{print $0"\t\tOK"}' > /etc/postfix/recipients
postmap /etc/postfix/recipients

SMTP-Auth

7.1. create this file '/etc/postfix/sasl/smtpd.conf': 

pwcheck_method: saslauthd
mech_list: plain, login
saslauthd_path: /var/run/saslauthd/mux

7.2. modify the '/etc/default/saslauthd' (for Debian): 

# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="ldap"
PARAMS="-m /var/spool/postfix/var/run/saslauthd"

7.3. create the '/etc/saslauthd.conf': 

ldap_servers: ldap://127.0.0.1:389
ldap_filter: OmUlAuthid=%u

7.4 Open SSL-Port 465 for Outlook Clients (add to master.cf): 

 smtps     inet  n       -       n       -       -       smtpd
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject

 This opens a direct SSL port for client like Outlook 
 that don't know how to use STARTTLS


7.5. restart sasl daemon

Testing Authentication

testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u user -p password


good luck!

Retrieved from "https://www.scalix.com/wiki/index.php?title=HowTos/Postfix&oldid=5019"