HowTos/Postfix multiple domains
This setup has been tested on openSUSE 10.2 running Scalix 11.1. The configuration may slightly differ for other distros, but that's not part of this article.
Portions here have been taken from http://www.scalix.com/wiki/index.php?title=HowTos/Complete_Postfix (especially the sasl/ldap integration).
Let's assume your scalix is handling mail for mydomain1.com, mydomain2.com and your MTA is also backup MX for foreigndomain1.com.
It is assumed that scalix and postfix run on the same server.
Contents
installing postfix
Install postfix and delete sendmail package through YaST -> Software Management. Select ignore conflicts when YaST starts complaining that sendmail is needed by other packages (i.e. scalix).
set scalix to listen on higher port
In order to switch scalix to listenon higher port add the line
LISTEN=localhost:10026to the file /var/opt/scalix/*/s/sys/smtpd.cfg
To activate the change execute /etc/init.d/scalix restart
set up sasl authentication against scalix user base
Edit /etc/sysconfig/saslauthd to look like this
SASLAUTHD_AUTHMECH=ldap
Create /etc/saslauthd.conf
ldap_servers: ldap://localhost:389/ ldap_search_base: o=Scalix ldap_auth_method: bind ldap_filter: omUlAuthid=%u ldap_version: 3 ldap_bind_dn: cn=sxadmin,o=scalix ldap_bind_pw: password
Replace password with your sxadmin's password
Edit /etc/sasl2/smtpd.conf to look like this
pwcheck_method: saslauthd mech_list: plain login
To activate the change execute rcsaslauthd restart
prepare your transport file
Create /etc/postfix/my_transport file
mydomain1.com smtp:[127.0.0.1]:10026 .mydomain1.com smtp:[127.0.0.1]:10026 mydomain2.com smtp:[127.0.0.1]:10026 .mydomain2.com smtp:[127.0.0.1]:10026 foreigndomain1.com smtp:[foreigndomain1_primary_mail_server.com] .foreigndomain1.com smtp:[foreigndomain1_primary_mail_server.com]
To activate the change execute postmap /etc/postfix/my_transport
prepare your domain file
Create /etc/postfix/my_relay_domains file
mydomain1.com mydomain2.com foreigndomain1.com
prepare your postfix main.cf file
Edit /etc/postfix/main.cf with something like this
# Update next two lines with your real host name and domain name.
myhostname = my_host.mydomain1.com
mydomain = mydomain1.com
smtpd_banner = $myhostname ESMTP $mail_name (relaying disabled)
transport_maps = hash:/etc/postfix/my_transport
setgid_group = maildrop
daemon_directory = /usr/lib/postfix
relay_domains = /etc/postfix/my_relay_domains
disable_vrfy_command = yes
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_hostname,
permit
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_pipelining,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
# Update the next line with real path and real cert for your server
smtpd_tls_cert_file = /etc/ssl/your_certificate.pem
smtpd_tls_CAfile = /etc/ssl/certs/CAcert-class1.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
To activate the change execute rcpostfix restart
At this point postfix integration with Scalix is complete, now let's add SPAM and Anti-virus filters.
installing required packages
Through YaST -> Software Management install: amavisd-new, spamassassin, clamav, razor-agents and all required dependencies.
... to be continued when I get some more spare time ;) ...
As my setup is Centos 5 based I just give some advice how my setup is working together
Integrate policyd-weight
Policyd-weight examines incoming mail during the smtp delivery process, which means a recognized spam message will be rejected at the smtp level already. To achieve this policyd is hooked in as content filter.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:12525, <- ADD this line, these are the defaults
permit
Thats all that has to be done on the postfix side, now lets get policyd-weight running. Just download the lastest version from policyd-weight homepage, install it under /usr/sbin or /usr/local/sbin and check that it is executable.
By running policyd-weight defalts the default settings get printed. Setting only settings in the config files that difer from the default is adviced.
The default user policyd uses is "polw" so we dreate it:
adduser polw
Here is a sample start script for the daemon:
#! /bin/sh
# Basic support for IRIX style chkconfig
###
# chkconfig: 235 98 55
# description: Manages the services you are controlling with the chkconfig command
###
CONFFILE="/etc/policyd-weight.conf"
case "$1" in
start)
echo -n "Starting policy-weight"
#To run it as root:
/usr/local/bin/policyd-weight -f $CONFFILE start
echo "."
;;
stop)
echo -n "Stopping policy-weight"
#To run it as root:
/usr/local/bin/policyd-weight stop
echo "."
;;
*)
echo "Usage: /sbin/service new-service {start|stop}"
exit 1
esac
exit 0
Create a default config file /etc/policyd-weight.conf:
$DEBUG=1; $VERBOSE=1; $ADD_X_HEADER= 1;
Take care that policyd-weight is started at system start up.
