HowTos/Postfix multiple domains
This setup has been tested on openSUSE 10.2 running Scalix 11.1. The configuration may slightly differ for another distros, but that's not part of this article.
Portions here have been taken from http://www.scalix.com/wiki/index.php?title=HowTos/Complete_Postfix (especially the sasl/ldap integration).
Let's assume your scalix is handling mail for mydomain1.com, mydomain2.com and your MTA is also backup MX for foreigndomain1.com.
It is assumed that scalix and postfix run on the same server.
Contents
installing postfix
Install postfix and delete sendmail package through YaST -> Software Management. Select ignore conflicts when YaST starts complaining that sendmail is needed by other packages (i.e. scalix).
set scalix to listen on higher port
In order to switch scalix to listenon higher port add the line
LISTEN=localhost:10026to the file /var/opt/scalix/*/s/sys/smtpd.cfg
To activate the change execute /etc/init.d/scalix restart
set up sasl authentication against scalix user base
Edit /etc/sysconfig/saslauthd to look like this
SASLAUTHD_AUTHMECH=ldap
Create /etc/saslauthd.conf
ldap_servers: ldap://localhost:389/ ldap_search_base: o=Scalix ldap_auth_method: bind ldap_filter: omUlAuthid=%u ldap_version: 3 ldap_bind_dn: cn=sxadmin,o=scalix ldap_bind_pw: password
Replace password with your sxadmin's password
Edit /etc/sasl2/smtpd.conf to look like this
pwcheck_method: saslauthd mech_list: plain login
To activate the change execute rcsaslauthd restart
prepare your transport file
Create /etc/postfix/my_transport file
mydomain1.com smtp:[127.0.0.1]:10026 .mydomain1.com smtp:[127.0.0.1]:10026 mydomain2.com smtp:[127.0.0.1]:10026 .mydomain2.com smtp:[127.0.0.1]:10026 foreigndomain1.com smtp:[foreigndomain1_primary_mail_server.com] .foreigndomain1.com smtp:[foreigndomain1_primary_mail_server.com]
To activate the change execute postmap /etc/postfix/my_transport
prepare your domain file
Create /etc/postfix/my_relay_domains file
mydomain1.com mydomain2.com foreigndomain1.com
prepare your postfix main.cf file
Edit /etc/postfix/main.cf with something like this
# Update next two lines with your real host name and domain name.
myhostname = my_host.mydomain1.com
mydomain = mydomain1.com
smtpd_banner = $myhostname ESMTP $mail_name (relaying disabled)
transport_maps = hash:/etc/postfix/my_transport
setgid_group = maildrop
daemon_directory = /usr/lib/postfix
relay_domains = /etc/postfix/my_relay_domains
disable_vrfy_command = yes
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_hostname,
permit
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_pipelining,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
# Update the next line with real path and real cert for your server
smtpd_tls_cert_file = /etc/ssl/your_certificate.pem
smtpd_tls_CAfile = /etc/ssl/certs/CAcert-class1.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
To activate the change execute rcpostfix restart
