Postfix
smtpd (smtp + daemon) = server = Postfix receives mail from a client
smtp = client = Postfix sends mail to another mailserver
Edit /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
smtpd_banner = mail.example.org
myhostname = mail.example.org
myorigin = example.org
mydestination = mail.example.org
mynetworks = 127.0.0.0/8, 10.0.0.0/8
alias_maps = hash:/etc/aliases, ldap:virtualaliases
alias_database = hash:/etc/aliases
virtual_mailbox_limit = 50000000000
message_size_limit = 25728640
virtual_mailbox_domains = example.org, test.example.org
** Achtung: an Cyrus anpassen ** virtual_mailbox_base = /var/vmail
** Achtung: an Cyrus anpassen ** virtual_uid_maps = static:800
** Achtung: an Cyrus anpassen ** virtual_gid_maps = static:800
mailbox_size_limit = 50000000000
recipient_delimiter =
inet_interfaces = all
** Achtung: an Cyrus anpassen ** home_mailbox = Maildir/
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
# RFC standars
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
# RBL checks and restrictions
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client combined.njabl.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client dialups.mail-abuse.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_unauth_pipelining
# Transport config
[L]_destination_concurrency_limit = 1
[L]_destination_recipient_limit = 1
[VL]_destination_concurrency_limit = 1
[VL]_destination_recipient_limit = 1
virtual_transport = [L]
local_transport = [L]
virtual_maps = hash:/etc/postfix/virtual, ldap:virtualaliases
transport_maps = hash:/etc/postfix/transport, ldap:tmap
# LDAP transport source
tmap_server_host = 127.0.0.1
tmap_search_base = dc=jrios,dc=com,dc=co
tmap_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
tmap_result_attribute = gosaMailDeliveryMode
tmap_cache = no
tmap_bind = yes
tmap_bind_dn = cn=admin,dc=example,dc=org
tmap_bind_pw = IveGotASecret
# GoSA main LDAP source
virtualaliases_server_host = 127.0.0.1
virtualaliases_server_port = 389
virtualaliases_bind = no
virtualaliases_timeout = 5
virtualaliases_search_base = dc=jrios,dc=com,dc=co
virtualaliases_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
virtualaliases_result_attribute = gosaMailForwardingAddress,mail
# SSL/TLS config
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpdkey.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
# SASL config
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
Create SSL certificates for Postfix
First, make sure that file openssl.cnf is in the specified path, otherwise find it
# mkdir /etc/postfix/ssl # /usr/bin/openssl req -config /etc/pki/tls/openssl.cnf -new -x509 -nodes -out /etc/postfix/ssl/smtpd.pem \ -keyout /etc/postfix/ssl/smtpdkey.pem -pem -days 999999
Edit /etc/postfix/master.cf
Make sure that you have the following lines:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
Testing
station7:/ # smtptest -u root -a root station7.example.com S: 220 station7.example.com ESMTP Example Inc. Mailserver C: EHLO example.com S: 250-station7.example.com S: 250-PIPELINING S: 250-SIZE 30000000 S: 250-VRFY S: 250-ETRN S: 250 8BITMIME Authenticated. Security strength factor: 0
telnet station7.example.com 25
Trying 127.0.0.1...
Connected to station7.example.com.
Escape character is '^]'.
220 station7.example.com ESMTP Example Inc. Mailserver
ehlo station7.example.com
250-station7.example.com
250-PIPELINING
250-SIZE 30000000
250-VRFY
250-ETRN
250 8BITMIME
Sending mail:
mail from: christoph.haas@example.com 250 Ok rcpt to: susann.meissner@example.com 250 Ok data 354 End data with <CR><LF>.<CR><LF> Hello Susi, this is just a test-email from station7.example.com ... Yours Christoph . 250 Ok: queued as E16F74D867 quit
← zurück