| Rev | Author | # | Line |
|---|---|---|---|
| 9 | AristotlePagaltzis | 1 | !! [Postfix] + SMTP-Auth + Cyrus21 + LDAP Magic |
| 4 | PerryLorier | 2 | |
| 9 | AristotlePagaltzis | 3 | Here is a collection of the magic required to get Postfix to do various things. |
| 4 | PerryLorier | 4 | |
| 9 | AristotlePagaltzis | 5 | ! Delivery to Cyrus Imap |
| 4 | PerryLorier | 6 | |
| 9 | AristotlePagaltzis | 7 | <tt>main.cf</tt>:: |
| 4 | PerryLorier | 8 | |
| 9 | AristotlePagaltzis | 9 | <verbatim> |
| 4 | PerryLorier | 10 | mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp |
| 9 | AristotlePagaltzis | 11 | </verbatim> |
| 5 | DanielLawson | 12 | |
| 9 | AristotlePagaltzis | 13 | Note that this involves having cyrus set up to listen for [LMTP] on that socket. You can also use [TCP] delivery for [LMTP]. See CyrusNotes. |
| 4 | PerryLorier | 14 | |
| 9 | AristotlePagaltzis | 15 | ! SMTP Auth |
| 4 | PerryLorier | 16 | |
| 9 | AristotlePagaltzis | 17 | <tt>main.cf</tt>:: |
| 18 | |||
| 19 | <verbatim> | ||
| 4 | PerryLorier | 20 | smtpd_sasl_auth_enable = yes |
| 21 | smtpd_sasl_security_options = noanonymous | ||
| 22 | smtpd_sasl_application_name = smtpd | ||
| 23 | broken_sasl_auth_clients = yes | ||
| 24 | |||
| 25 | smtpd_recipient_restrictions = | ||
| 26 | permit_mynetworks, | ||
| 27 | permit_sasl_authenticated, | ||
| 28 | reject_unauth_destination, | ||
| 29 | reject_non_fqdn_sender, | ||
| 30 | reject_non_fqdn_recipient, | ||
| 31 | reject_unauth_pipelining, | ||
| 32 | reject_unknown_sender_domain, | ||
| 33 | reject_unknown_recipient_domain | ||
| 9 | AristotlePagaltzis | 34 | </verbatim> |
| 4 | PerryLorier | 35 | |
| 9 | AristotlePagaltzis | 36 | Create this file (under Debian it is in <tt>/etc/postfix/sasl/</tt> but this will differ on other distributions). |
| 4 | PerryLorier | 37 | |
| 9 | AristotlePagaltzis | 38 | <tt>sasl.conf</tt>:: |
| 39 | |||
| 40 | <verbatim> | ||
| 4 | PerryLorier | 41 | pwcheck_method: saslauthd |
| 42 | mech_list: login | ||
| 43 | mechanisms: pam | ||
| 9 | AristotlePagaltzis | 44 | saslauthd_path: /var/run/saslauthd/mux |
| 10 | AristotlePagaltzis | 45 | </verbatim> |
| 4 | PerryLorier | 46 | |
| 47 | Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus. | ||
| 7 | CraigMckenna | 48 | |
| 9 | AristotlePagaltzis | 49 | Note: I experienced problems using <tt>saslauthd</tt> under the Debian install. I resolved these by turning off <tt>chroot</tt> for <tt>smtpd</tt> in <tt>master.cf</tt>. You need to make sure that the <tt>postfix</tt> user is a member of the <tt>sasl</tt> group, otherwise it wont be able to communicate with <tt>saslauthd</tt>. |
| 4 | PerryLorier | 50 | |
| 9 | AristotlePagaltzis | 51 | !! [TLS] |
| 52 | |||
| 53 | <tt>main.cf</tt>:: | ||
| 54 | |||
| 55 | <verbatim> | ||
| 4 | PerryLorier | 56 | smtpd_use_tls = yes |
| 57 | smtpd_tls_key_file = /etc/postfix/key.pem | ||
| 58 | smtpd_tls_cert_file = /etc/postfix/cert.pem | ||
| 59 | smtpd_tls_CAfile = /etc/ssl/cacert.pem | ||
| 60 | smtpd_tls_loglevel = 3 | ||
| 61 | smtpd_tls_received_header = yes | ||
| 62 | smtpd_tls_session_cache_timeout = 3600s | ||
| 63 | tls_random_source = dev:/dev/urandom | ||
| 9 | AristotlePagaltzis | 64 | </verbatim> |
| 4 | PerryLorier | 65 | |
| 9 | AristotlePagaltzis | 66 | !! [LDAP] Alias support |
| 4 | PerryLorier | 67 | |
| 9 | AristotlePagaltzis | 68 | <tt>main.cf</tt>:: |
| 69 | |||
| 70 | <verbatim> | ||
| 4 | PerryLorier | 71 | alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople |
| 72 | alias_database = hash:/etc/aliases | ||
| 73 | |||
| 74 | ldapaliases_server_host = shinobi.seclorum.tla | ||
| 75 | ldapaliases_server_port = 389 | ||
| 76 | |||
| 77 | ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla | ||
| 78 | ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u))) | ||
| 79 | ldapaliases_result_attribute = uid,rfc822mailmember | ||
| 80 | ldapaliases_debuglevel = 3 | ||
| 9 | AristotlePagaltzis | 81 | </verbatim> |
| 4 | PerryLorier | 82 | |
| 9 | AristotlePagaltzis | 83 | This works with the same [LDAP] directory setup as described in EximNotes. I also use a second section for <tt>ldappeople</tt> that instead of searching the aliases OU, it searched people. |
| 11 | PaulWankadia | 84 | |
| 85 | ! Address Rewriting | ||
| 86 | |||
| 87 | <tt>main.cf</tt>:: | ||
| 88 | |||
| 89 | <verbatim> | ||
| 90 | recipient_canonical_classes = envelope_recipient | ||
| 91 | recipient_canonical_maps = hash:/etc/postfix/recipient_canonical | ||
| 92 | </verbatim> | ||
| 93 | |||
| 94 | In some cases, you will need to use <tt>regexp</tt> or <tt>pcre</tt> instead of <tt>hash</tt>. (<tt>postconf -m</tt> shows you what types of lookup tables your Postfix system supports.) |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 3 times)