HowTos/Postfix
From Scalix Wiki
Scalix Wiki -> How-Tos -> Postfix Integration
Please note: this has been superseded by The Complete Postfix Howto
Contents
Replacing Sendmail with Postfix
Also see http://www.scalix.com/forums/viewtopic.php?t=5791&highlight=postfix
This is only a short discription (based on Debian), additions are highly appreciated.
Follow these steps:
stop all sendmail services
/etc/init.d/spamass-milter stop /etc/init.d/sendmail stop /etc/init.d/scalix-sendmail stop omoff -d 0 smtpd (the Scalix SMTP-Relay is not longer needed) omsetsvc -a smtpd N (to prevent the built-in SMTP-daemon from startup)
deinstall the packets
dpkg -P --force-depends sendmail dpkg -P sensible-mda dpkg -P rmail dpkg -P sendmail-bin dpkg -P sendmail-cf dpkg -P sendmail-base dpkg -P m4 dpkg -P spamass-milter
cleaning
3.1. remove the remaining folders:
/var/run/sendmail/stampdir /var/run/sendmail/mta /var/lib/sendmail /usr/share/doc/sendmail /etc/mail
3.2. remove remaining files:
/etc/init.d/scalix-sendmail
install the Postfix packets
apt-get install postfix apt-get install postfix-tls (needed for secure relaying) apt-get install sasl2-bin (for authentication)
Configure your Postfix
5.1. add this line to your master.cf:
127.0.0.1:10001 inet n n n - - spawn user=scalix argv=/opt/scalix/bin/unix.in
5.2. main.cf:
alias_maps = local_recipient_maps = mailbox_transport = smtp:[127.0.0.1]:10001 ## transport_maps = hash:/etc/postfix/transport ## when you want to define additional mail-routing use transport_maps
## for authentication (SMTP-Relaying) smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = no smtpd_sasl_local_domain = broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unauth_pipelining permit_mynetworks permit_sasl_authenticated reject_unauth_destination
## some rules against SPAM reject_rbl_client relays.ordb.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net reject_rbl_client cbl.abuseat.org reject_rbl_client sbl.spamhaus.org reject_rbl_client opm.blitzed.org reject_rbl_client l1.spews.dnsbl.sorbs.net
reject_invalid_hostname reject_unknown_sender_domain reject_unknown_client reject_non_fqdn_sender
## use a recipent table to prevent mail-loops! check_recipient_access hash:/etc/postfix/recipient_access
reject
5.3. content of an optinal transport map:
@domain.tld smtp:[127.0.0.1]:10001
5.4. restart postfix
i use a script to create the recipient list
ldapsearch -h 127.0.0.1 -p 389 -x omMailnode=Headquarters mail | grep -F mail: | cut -c 7- | awk '{print $0"\t\tOK"}' > /etc/postfix/recipients
postmap /etc/postfix/recipients
SMTP-Auth
7.1. create this file '/etc/postfix/sasl/smtpd.conf':
pwcheck_method: saslauthd mech_list: plain, login saslauthd_path: /var/run/saslauthd/mux
7.2. modify the '/etc/default/saslauthd' (for Debian):
# This needs to be uncommented before saslauthd will be run automatically START=yes
# You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow"
MECHANISMS="ldap" PARAMS="-m /var/spool/postfix/var/run/saslauthd"
7.3. create the '/etc/saslauthd.conf':
ldap_servers: ldap://127.0.0.1:389 ldap_filter: OmUlAuthid=%u
7.4 Open SSL-Port 465 for Outlook Clients (add to master.cf):
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
This opens a direct SSL port for client like Outlook that don't know how to use STARTTLS
7.5. restart sasl daemon
Testing Authentication
testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u user -p password
good luck!
