Differences between version 4 and predecessor to the previous major change of PostfixNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 4 | Last edited on Sunday, June 20, 2004 11:01:53 pm | by PerryLorier | Revert |
Older page: | version 1 | Last edited on Monday, March 10, 2003 11:27:59 pm | by AndrewThrift | Revert |
@@ -1,20 +1,76 @@
These are my personal notes, I am writing them as I learn about postfix's workings and will update them as I remember.
-1.1
What is Postfix?
+;
What is Postfix?:Postfix is a modular email server designed to be a "drop-in" replacement for sendmail. Postfix is described as modular in that it is made up of several smaller applications, each application is designed to do one task only. E.g. [SMTP] messages are received by one program to deliver them locally another program is invoked, and to deliver them to another host via SMTP a seperate program is called.
- Postfix is a modular email server designed to be a "drop-in" replacement for sendmail.
- Postfix is described as modular in that it is made up of several smaller applications, each
- application is designed to do one task only. E.g. SMTP messages are received by one program
- to deliver them locally another program is invoked, and to deliver them to another host
- via SMTP a seperate program is called.
+;Why is modularity so important in an email system?:The modular approach taken during the implementation of the Postfix mail system allows individual processes to be replaced to meet the users needs. This is most useful in large enterprise and ISP email environments where custom solutions are required.
-1.2 Why is
modularity so important in an email
system?
+;:The
modularity of Postfix also means that the
system required less resource overheads than some of the other "monolithic" email servers out there (e.g. Sendmail)
- The modular approach taken during the implementation of the
Postfix mail system allows individual
- processes to be replaced to meet the users needs. This is most useful in large enterprise and ISP
- email environments where custom solutions are required.
+----
+!!
Postfix+SMTP Auth+Cyrus21+LDAP Magic
- The modularity
of Postfix also means
that the system required less resource overheads than some
of the
- other "monolithic" email servers out there (e
.g
. Sendmail)
+Here is a collection
of the magic required to get
Postfix to do various things.
+
+!Delivery to Cyrus Imap
+ __main.cf:__
+ mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
+
+!SMTP Auth
+
+ __main.cf:__
+ smtpd_sasl_auth_enable = yes
+ smtpd_sasl_security_options = noanonymous
+ smtpd_sasl_application_name = smtpd
+ broken_sasl_auth_clients = yes
+
+ smtpd_recipient_restrictions =
+ permit_mynetworks,
+ permit_sasl_authenticated,
+ reject_unauth_destination,
+ reject_non_fqdn_sender,
+ reject_non_fqdn_recipient,
+ reject_unauth_pipelining,
+ reject_unknown_sender_domain,
+ reject_unknown_recipient_domain
+
+Create this file (under Debian it is in /etc/postfix/sasl/ but this will differ on other distributions)
+
+ __sasl.conf:__
+ pwcheck_method: saslauthd
+ mech_list: login
+ mechanisms: pam
+ saslauthd_path: /var/run/saslauthd/mux[1]
+
+Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus.
+
+!!TLS
+
+ __main.cf:__
+ smtpd_use_tls = yes
+ smtpd_tls_key_file = /etc/postfix/key.pem
+ smtpd_tls_cert_file = /etc/postfix/cert.pem
+ smtpd_tls_CAfile = /etc/ssl/cacert.pem
+ smtpd_tls_loglevel = 3
+ smtpd_tls_received_header = yes
+ smtpd_tls_session_cache_timeout = 3600s
+ tls_random_source = dev:/dev/urandom
+
+!!LDAP Alias support
+
+ __main.cf:__
+ alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople
+ alias_database = hash:/etc/aliases
+
+ ldapaliases_server_host = shinobi.seclorum.tla
+ ldapaliases_server_port = 389
+
+ ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla
+ ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u)))
+ ldapaliases_result_attribute = uid,rfc822mailmember
+ ldapaliases_debuglevel = 3
+
+This works with the same LDAP directory setup as described in EximNotes. I
also use a second section for ldappeople
that instead
of searching
the aliases OU, it searched people.
+
+[1]Note: I experienced problems using saslauthd under the Debian install
. I resolved these by turning off chroot for smtpd in master.cf
.