HowTos/Complete Postfix

From Scalix Wiki
Revision as of 00:01, 2 June 2007 by Chris (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

If you hate sendmail as much as I do, you've probably been wanting to switch it out with postfix for a while.

Here's the quick and dirty on how to do that.

When you finish this howto you'll have achieved the following:

- sendmail will be gone - postfix will accept incoming mail from authenticated clients - postfix will virus-scan incoming mail - postfix will deliver incoming mail that belongs to local-users to scalix

conventions

throughout this document, $FQDN means the fully qualified domain name of your serfer

installing postfix

first you'll need to install postfix and ditch sendmail.

redhat:

rpm -ivh postfix system-switch-mail system-switch-mail, select postfix, and ok rpm -e --nodeps sendmail sendmail-cf

set postfix to listen on the external ip, omsmtpd to a high port

add the line LISTEN=$FQDN:10025 to your /var/opt/scalix/*/s/sys/smtpd.cfg omoff -d0 -w smtpd; omon smtpd to activate the config

remove the line inet_interfaces = localhost from /etc/postfix/main.cf /etc/init.d/postfix reload

set up transport

you'll want postfix to check which addresses belong to scalix and deliver email there. to do this, create the file /etc/postfix/scalix-transport.cf and fill it with:

server_host = ldap://localhost:5757
query_filter = mail=%s
bind = no
result_attribute = scalixInstanceMailHost
result_format = smtp:[%s]:10025
size_limiti = 1
domain = scalix.demo

then add the line transport_maps = ldap:/etc/postfix/scalix-transport.cf to your /etc/postfix/main.cf

now postfix has replaced sendmail. however, it needs to fully replace omsmtpd as well, so it should authenticate

setting up smtp-auth

ensure that cyrus-sasl, cyrus-sasl-md5 and cyrus-sasl-plain are installed.

we'll use saslauthd to authenticate against scalix's ldap directory. first let's set saslauthd up to do ldap by setting MECH=ldap in /etc/sysconfig/saslauthd. Change the location of saslauthd's conf file, enable caching, and set a socket for postfix to use by setting FLAGS="-O /etc/postfix/saslauthd.conf -c -m /var/spool/postfix/var/run/saslauthd" in the same file. Also set saslauthd to start at boot /sbin/chkconfig --level 345 saslauthd on

create the directory /etc/postfix/sasl2/ and edit /etc/postfix/sasl2/smtpd.conf with the following:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 5
saslauthd_path: /var/run/saslauthd/mux
auxprop_plugin: ldap

now we need to configure our ldap parameters in /etc/postfix/saslauthd.conf:

ldap_servers: ldap://localhost:389/
ldap_search_base: o=Scalix
ldap_auth_method: bind
ldap_filter: omUlAuthid=%u
ldap_version: 3
ldap_bind_dn: cn=sxadmin,o=scalix
ldap_bind_pw: super_secret

now we configure postfix to use sasl in the main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

and we configure postfix to require sasl:

smtpd_client_restrictions =
                permit_mynetworks
                permit_sasl_authenticated

smtpd_sender_restrictions =
                permit_mynetworks
                permit_sasl_authenticated

smtpd_recipient_restrictions =
                permit_mynetworks
                permit_sasl_authenticated