Difference between revisions of "HowTos/Postfix multiple domains"
Beaujolais (Talk | contribs) (→prepare your postfix main.cf file) |
Beaujolais (Talk | contribs) |
||
Line 1: | Line 1: | ||
− | This setup has been tested on openSUSE 10.2 running Scalix 11.1. The configuration may slightly differ for | + | This setup has been tested on openSUSE 10.2 running Scalix 11.1. The configuration may slightly differ for other distros, but that's not part of this article. |
Portions here have been taken from http://www.scalix.com/wiki/index.php?title=HowTos/Complete_Postfix (especially the sasl/ldap integration). | Portions here have been taken from http://www.scalix.com/wiki/index.php?title=HowTos/Complete_Postfix (especially the sasl/ldap integration). |
Revision as of 04:27, 12 July 2007
This setup has been tested on openSUSE 10.2 running Scalix 11.1. The configuration may slightly differ for other distros, but that's not part of this article.
Portions here have been taken from http://www.scalix.com/wiki/index.php?title=HowTos/Complete_Postfix (especially the sasl/ldap integration).
Let's assume your scalix is handling mail for mydomain1.com, mydomain2.com and your MTA is also backup MX for foreigndomain1.com.
It is assumed that scalix and postfix run on the same server.
Contents
installing postfix
Install postfix and delete sendmail package through YaST -> Software Management. Select ignore conflicts when YaST starts complaining that sendmail is needed by other packages (i.e. scalix).
set scalix to listen on higher port
In order to switch scalix to listenon higher port add the line
LISTEN=localhost:10026to the file /var/opt/scalix/*/s/sys/smtpd.cfg
To activate the change execute /etc/init.d/scalix restart
set up sasl authentication against scalix user base
Edit /etc/sysconfig/saslauthd to look like this
SASLAUTHD_AUTHMECH=ldap
Create /etc/saslauthd.conf
ldap_servers: ldap://localhost:389/ ldap_search_base: o=Scalix ldap_auth_method: bind ldap_filter: omUlAuthid=%u ldap_version: 3 ldap_bind_dn: cn=sxadmin,o=scalix ldap_bind_pw: password
Replace password with your sxadmin's password
Edit /etc/sasl2/smtpd.conf to look like this
pwcheck_method: saslauthd mech_list: plain login
To activate the change execute rcsaslauthd restart
prepare your transport file
Create /etc/postfix/my_transport file
mydomain1.com smtp:[127.0.0.1]:10026 .mydomain1.com smtp:[127.0.0.1]:10026 mydomain2.com smtp:[127.0.0.1]:10026 .mydomain2.com smtp:[127.0.0.1]:10026 foreigndomain1.com smtp:[foreigndomain1_primary_mail_server.com] .foreigndomain1.com smtp:[foreigndomain1_primary_mail_server.com]
To activate the change execute postmap /etc/postfix/my_transport
prepare your domain file
Create /etc/postfix/my_relay_domains file
mydomain1.com mydomain2.com foreigndomain1.com
prepare your postfix main.cf file
Edit /etc/postfix/main.cf with something like this
# Update next two lines with your real host name and domain name. myhostname = my_host.mydomain1.com mydomain = mydomain1.com smtpd_banner = $myhostname ESMTP $mail_name (relaying disabled) transport_maps = hash:/etc/postfix/my_transport setgid_group = maildrop daemon_directory = /usr/lib/postfix relay_domains = /etc/postfix/my_relay_domains disable_vrfy_command = yes smtpd_sasl_auth_enable = yes smtpd_helo_required = yes smtpd_delay_reject = yes smtpd_reject_unlisted_sender = yes smtpd_reject_unlisted_recipient = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname, permit smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_pipelining, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_security_level = may smtpd_tls_received_header = yes # Update the next line with real path and real cert for your server smtpd_tls_cert_file = /etc/ssl/your_certificate.pem smtpd_tls_CAfile = /etc/ssl/certs/CAcert-class1.crt smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 450
To activate the change execute rcpostfix restart