Difference between revisions of "HowTos/Postfix"
From Scalix Wiki
m (typo) |
m (fixed link to HowTos/Complete_Postfix) |
||
(11 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
[[Scalix Wiki]] -> [[How-Tos]] -> '''Postfix Integration''' | [[Scalix Wiki]] -> [[How-Tos]] -> '''Postfix Integration''' | ||
+ | |||
+ | '''Please note: this has been superseded by [[HowTos/Complete_Postfix|The Complete Postfix Howto]]''' | ||
+ | |||
= Replacing Sendmail with Postfix = | = Replacing Sendmail with Postfix = | ||
− | This | + | Also see |
+ | http://www.scalix.com/forums/viewtopic.php?t=5791&highlight=postfix | ||
+ | |||
+ | |||
+ | This is only a short discription (based on Debian), additions are highly appreciated. | ||
Follow these steps: | Follow these steps: | ||
Line 9: | Line 16: | ||
/etc/init.d/sendmail stop | /etc/init.d/sendmail stop | ||
/etc/init.d/scalix-sendmail stop | /etc/init.d/scalix-sendmail stop | ||
− | omoff -d 0 smtpd | + | omoff -d 0 smtpd (the Scalix SMTP-Relay is not longer needed) |
+ | omsetsvc -a smtpd N (to prevent the built-in SMTP-daemon from startup) | ||
== deinstall the packets == | == deinstall the packets == | ||
Line 40: | Line 48: | ||
== Configure your Postfix == | == Configure your Postfix == | ||
− | 5.1. add this line to | + | 5.1. add this line to your master.cf: |
127.0.0.1:10001 inet n n n - - spawn user=scalix argv=/opt/scalix/bin/unix.in | 127.0.0.1:10001 inet n n n - - spawn user=scalix argv=/opt/scalix/bin/unix.in | ||
Line 57: | Line 65: | ||
broken_sasl_auth_clients = yes | broken_sasl_auth_clients = yes | ||
− | |||
smtpd_recipient_restrictions = | smtpd_recipient_restrictions = | ||
reject_unauth_pipelining | reject_unauth_pipelining | ||
Line 64: | Line 71: | ||
reject_unauth_destination | reject_unauth_destination | ||
+ | ## some rules against SPAM | ||
reject_rbl_client relays.ordb.org | reject_rbl_client relays.ordb.org | ||
reject_rbl_client bl.spamcop.net | reject_rbl_client bl.spamcop.net | ||
Line 88: | Line 96: | ||
== i use a script to create the recipient list == | == i use a script to create the recipient list == | ||
− | ldapsearch -h 127.0.0.1 -p | + | ldapsearch -h 127.0.0.1 -p 389 -x omMailnode=Headquarters mail | grep -F mail: | cut -c 7- | awk '{print $0"\t\tOK"}' > /etc/postfix/recipients |
postmap /etc/postfix/recipients | postmap /etc/postfix/recipients | ||
Line 94: | Line 102: | ||
7.1. create this file '/etc/postfix/sasl/smtpd.conf': | 7.1. create this file '/etc/postfix/sasl/smtpd.conf': | ||
− | pwcheck_method: saslauthd | + | pwcheck_method: saslauthd |
− | mech_list: plain, login | + | mech_list: plain, login |
− | saslauthd_path: /var/run/saslauthd/mux | + | saslauthd_path: /var/run/saslauthd/mux |
7.2. modify the '/etc/default/saslauthd' (for Debian): | 7.2. modify the '/etc/default/saslauthd' (for Debian): | ||
Line 114: | Line 122: | ||
ldap_filter: OmUlAuthid=%u | ldap_filter: OmUlAuthid=%u | ||
− | 7.4. restart sasl daemon | + | 7.4 Open SSL-Port 465 for Outlook Clients (add to master.cf): |
+ | smtps inet n - n - - smtpd | ||
+ | -o smtpd_tls_wrappermode=yes | ||
+ | -o smtpd_sasl_auth_enable=yes | ||
+ | -o smtpd_client_restrictions=permit_sasl_authenticated,reject | ||
+ | |||
+ | This opens a direct SSL port for client like Outlook | ||
+ | that don't know how to use STARTTLS | ||
+ | |||
+ | |||
+ | 7.5. restart sasl daemon | ||
== Testing Authentication == | == Testing Authentication == |
Latest revision as of 15:50, 30 June 2010
Scalix Wiki -> How-Tos -> Postfix Integration
Please note: this has been superseded by The Complete Postfix Howto
Contents
Replacing Sendmail with Postfix
Also see http://www.scalix.com/forums/viewtopic.php?t=5791&highlight=postfix
This is only a short discription (based on Debian), additions are highly appreciated.
Follow these steps:
stop all sendmail services
/etc/init.d/spamass-milter stop /etc/init.d/sendmail stop /etc/init.d/scalix-sendmail stop omoff -d 0 smtpd (the Scalix SMTP-Relay is not longer needed) omsetsvc -a smtpd N (to prevent the built-in SMTP-daemon from startup)
deinstall the packets
dpkg -P --force-depends sendmail dpkg -P sensible-mda dpkg -P rmail dpkg -P sendmail-bin dpkg -P sendmail-cf dpkg -P sendmail-base dpkg -P m4 dpkg -P spamass-milter
cleaning
3.1. remove the remaining folders:
/var/run/sendmail/stampdir /var/run/sendmail/mta /var/lib/sendmail /usr/share/doc/sendmail /etc/mail
3.2. remove remaining files:
/etc/init.d/scalix-sendmail
install the Postfix packets
apt-get install postfix apt-get install postfix-tls (needed for secure relaying) apt-get install sasl2-bin (for authentication)
Configure your Postfix
5.1. add this line to your master.cf:
127.0.0.1:10001 inet n n n - - spawn user=scalix argv=/opt/scalix/bin/unix.in
5.2. main.cf:
alias_maps = local_recipient_maps = mailbox_transport = smtp:[127.0.0.1]:10001 ## transport_maps = hash:/etc/postfix/transport ## when you want to define additional mail-routing use transport_maps
## for authentication (SMTP-Relaying) smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = no smtpd_sasl_local_domain = broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unauth_pipelining permit_mynetworks permit_sasl_authenticated reject_unauth_destination
## some rules against SPAM reject_rbl_client relays.ordb.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net reject_rbl_client cbl.abuseat.org reject_rbl_client sbl.spamhaus.org reject_rbl_client opm.blitzed.org reject_rbl_client l1.spews.dnsbl.sorbs.net
reject_invalid_hostname reject_unknown_sender_domain reject_unknown_client reject_non_fqdn_sender
## use a recipent table to prevent mail-loops! check_recipient_access hash:/etc/postfix/recipient_access
reject
5.3. content of an optinal transport map:
@domain.tld smtp:[127.0.0.1]:10001
5.4. restart postfix
i use a script to create the recipient list
ldapsearch -h 127.0.0.1 -p 389 -x omMailnode=Headquarters mail | grep -F mail: | cut -c 7- | awk '{print $0"\t\tOK"}' > /etc/postfix/recipients postmap /etc/postfix/recipients
SMTP-Auth
7.1. create this file '/etc/postfix/sasl/smtpd.conf':
pwcheck_method: saslauthd mech_list: plain, login saslauthd_path: /var/run/saslauthd/mux
7.2. modify the '/etc/default/saslauthd' (for Debian):
# This needs to be uncommented before saslauthd will be run automatically START=yes
# You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow"
MECHANISMS="ldap" PARAMS="-m /var/spool/postfix/var/run/saslauthd"
7.3. create the '/etc/saslauthd.conf':
ldap_servers: ldap://127.0.0.1:389 ldap_filter: OmUlAuthid=%u
7.4 Open SSL-Port 465 for Outlook Clients (add to master.cf):
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
This opens a direct SSL port for client like Outlook that don't know how to use STARTTLS
7.5. restart sasl daemon
Testing Authentication
testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u user -p password
good luck!