Rev | Author | # | Line |
---|---|---|---|
9 | AristotlePagaltzis | 1 | !! [Postfix] + SMTP-Auth + Cyrus21 + LDAP Magic |
4 | PerryLorier | 2 | |
9 | AristotlePagaltzis | 3 | Here is a collection of the magic required to get Postfix to do various things. |
4 | PerryLorier | 4 | |
9 | AristotlePagaltzis | 5 | ! Delivery to Cyrus Imap |
4 | PerryLorier | 6 | |
9 | AristotlePagaltzis | 7 | <tt>main.cf</tt>:: |
4 | PerryLorier | 8 | |
9 | AristotlePagaltzis | 9 | <verbatim> |
4 | PerryLorier | 10 | mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp |
9 | AristotlePagaltzis | 11 | </verbatim> |
5 | DanielLawson | 12 | |
9 | AristotlePagaltzis | 13 | Note that this involves having cyrus set up to listen for [LMTP] on that socket. You can also use [TCP] delivery for [LMTP]. See CyrusNotes. |
4 | PerryLorier | 14 | |
9 | AristotlePagaltzis | 15 | ! SMTP Auth |
4 | PerryLorier | 16 | |
9 | AristotlePagaltzis | 17 | <tt>main.cf</tt>:: |
18 | |||
19 | <verbatim> | ||
4 | PerryLorier | 20 | smtpd_sasl_auth_enable = yes |
21 | smtpd_sasl_security_options = noanonymous | ||
22 | smtpd_sasl_application_name = smtpd | ||
23 | broken_sasl_auth_clients = yes | ||
24 | |||
25 | smtpd_recipient_restrictions = | ||
26 | permit_mynetworks, | ||
27 | permit_sasl_authenticated, | ||
28 | reject_unauth_destination, | ||
29 | reject_non_fqdn_sender, | ||
30 | reject_non_fqdn_recipient, | ||
31 | reject_unauth_pipelining, | ||
32 | reject_unknown_sender_domain, | ||
33 | reject_unknown_recipient_domain | ||
9 | AristotlePagaltzis | 34 | </verbatim> |
4 | PerryLorier | 35 | |
9 | AristotlePagaltzis | 36 | Create this file (under Debian it is in <tt>/etc/postfix/sasl/</tt> but this will differ on other distributions). |
4 | PerryLorier | 37 | |
9 | AristotlePagaltzis | 38 | <tt>sasl.conf</tt>:: |
39 | |||
40 | <verbatim> | ||
4 | PerryLorier | 41 | pwcheck_method: saslauthd |
42 | mech_list: login | ||
43 | mechanisms: pam | ||
9 | AristotlePagaltzis | 44 | saslauthd_path: /var/run/saslauthd/mux |
10 | AristotlePagaltzis | 45 | </verbatim> |
4 | PerryLorier | 46 | |
47 | Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus. | ||
7 | CraigMckenna | 48 | |
9 | AristotlePagaltzis | 49 | Note: I experienced problems using <tt>saslauthd</tt> under the Debian install. I resolved these by turning off <tt>chroot</tt> for <tt>smtpd</tt> in <tt>master.cf</tt>. You need to make sure that the <tt>postfix</tt> user is a member of the <tt>sasl</tt> group, otherwise it wont be able to communicate with <tt>saslauthd</tt>. |
4 | PerryLorier | 50 | |
9 | AristotlePagaltzis | 51 | !! [TLS] |
52 | |||
53 | <tt>main.cf</tt>:: | ||
54 | |||
55 | <verbatim> | ||
4 | PerryLorier | 56 | smtpd_use_tls = yes |
57 | smtpd_tls_key_file = /etc/postfix/key.pem | ||
58 | smtpd_tls_cert_file = /etc/postfix/cert.pem | ||
59 | smtpd_tls_CAfile = /etc/ssl/cacert.pem | ||
60 | smtpd_tls_loglevel = 3 | ||
61 | smtpd_tls_received_header = yes | ||
62 | smtpd_tls_session_cache_timeout = 3600s | ||
63 | tls_random_source = dev:/dev/urandom | ||
9 | AristotlePagaltzis | 64 | </verbatim> |
4 | PerryLorier | 65 | |
9 | AristotlePagaltzis | 66 | !! [LDAP] Alias support |
4 | PerryLorier | 67 | |
9 | AristotlePagaltzis | 68 | <tt>main.cf</tt>:: |
69 | |||
70 | <verbatim> | ||
4 | PerryLorier | 71 | alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople |
72 | alias_database = hash:/etc/aliases | ||
73 | |||
74 | ldapaliases_server_host = shinobi.seclorum.tla | ||
75 | ldapaliases_server_port = 389 | ||
76 | |||
77 | ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla | ||
78 | ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u))) | ||
79 | ldapaliases_result_attribute = uid,rfc822mailmember | ||
80 | ldapaliases_debuglevel = 3 | ||
9 | AristotlePagaltzis | 81 | </verbatim> |
4 | PerryLorier | 82 | |
9 | AristotlePagaltzis | 83 | This works with the same [LDAP] directory setup as described in EximNotes. I also use a second section for <tt>ldappeople</tt> that instead of searching the aliases OU, it searched people. |
11 | PaulWankadia | 84 | |
85 | ! Address Rewriting | ||
86 | |||
87 | <tt>main.cf</tt>:: | ||
88 | |||
89 | <verbatim> | ||
90 | recipient_canonical_classes = envelope_recipient | ||
91 | recipient_canonical_maps = hash:/etc/postfix/recipient_canonical | ||
92 | </verbatim> | ||
93 | |||
94 | In some cases, you will need to use <tt>regexp</tt> or <tt>pcre</tt> instead of <tt>hash</tt>. (<tt>postconf -m</tt> shows you what types of lookup tables your Postfix system supports.) |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 3 times)