Penguin
Recent Changes

Differences between version 2 and predecessor to the previous major change of PostfixNotes.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 2 Last edited on Sunday, June 20, 2004 6:07:41 pm by TomHibbert Revert
Older page: version 1 Last edited on Monday, March 10, 2003 11:27:59 pm by AndrewThrift Revert
@@ -17,4 +17,73 @@
  email environments where custom solutions are required. 
  
  The modularity of Postfix also means that the system required less resource overheads than some of the 
  other "monolithic" email servers out there (e.g. Sendmail) 
+  
+----  
+__Postfix+SMTP Auth+Cyrus21+LDAP Magic__  
+  
+Here is a collection of the magic required to get Postfix to do various things.  
+  
+__Delivery to Cyrus Imap__  
+ __main.cf:__  
+ mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp  
+  
+__SMTP Auth__  
+  
+ __main.cf:__  
+ smtpd_sasl_auth_enable = yes  
+ smtpd_sasl_security_options = noanonymous  
+ smtpd_sasl_application_name = smtpd  
+ broken_sasl_auth_clients = yes  
+  
+ smtpd_recipient_restrictions =  
+ permit_mynetworks,  
+ permit_sasl_authenticated,  
+ reject_unauth_destination,  
+ reject_non_fqdn_sender,  
+ reject_non_fqdn_recipient,  
+ reject_unauth_pipelining,  
+ reject_unknown_sender_domain,  
+ reject_unknown_recipient_domain  
+  
+Create this file (under Debian it is in /etc/postfix/sasl/ but this will differ on other distributions)  
+  
+ __sasl.conf:__  
+ pwcheck_method: saslauthd  
+ mech_list: login  
+ mechanisms: pam  
+ saslauthd_path: /var/run/saslauthd/mux[1]  
+  
+Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus.  
+  
+  
+  
+__TLS__  
+  
+ __main.cf:__  
+ smtpd_use_tls = yes  
+ smtpd_tls_key_file = /etc/postfix/key.pem  
+ smtpd_tls_cert_file = /etc/postfix/cert.pem  
+ smtpd_tls_CAfile = /etc/ssl/cacert.pem  
+ smtpd_tls_loglevel = 3  
+ smtpd_tls_received_header = yes  
+ smtpd_tls_session_cache_timeout = 3600s  
+ tls_random_source = dev:/dev/urandom  
+  
+__LDAP Alias support__  
+  
+ __main.cf:__  
+ alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople  
+ alias_database = hash:/etc/aliases  
+  
+ ldapaliases_server_host = shinobi.seclorum.tla  
+ ldapaliases_server_port = 389  
+  
+ ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla  
+ ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u)))  
+ ldapaliases_result_attribute = uid,rfc822mailmember  
+ ldapaliases_debuglevel = 3  
+  
+This works with the same LDAP directory setup as described in EximNotes. I also use a second section for ldappeople that instead of searching the aliases OU, it searched people.  
+  
+[1]Note: I experienced problems using saslauthd under the Debian install. I resolved these by turning off chroot for smtpd in master.cf.