Penguin
Recent Changes

Differences between version 4 and predecessor to the previous major change of PostfixNotes.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 4 Last edited on Sunday, June 20, 2004 11:01:53 pm by PerryLorier Revert
Older page: version 1 Last edited on Monday, March 10, 2003 11:27:59 pm by AndrewThrift Revert
@@ -1,20 +1,76 @@
 These are my personal notes, I am writing them as I learn about postfix's workings and will update them as I remember. 
  
  
-1.1 What is Postfix? 
+; What is Postfix?:Postfix is a modular email server designed to be a "drop-in" replacement for sendmail. Postfix is described as modular in that it is made up of several smaller applications, each application is designed to do one task only. E.g. [SMTP] messages are received by one program to deliver them locally another program is invoked, and to deliver them to another host via SMTP a seperate program is called.  
  
- Postfix is a modular email server designed to be a "drop-in" replacement for sendmail.  
- Postfix is described as modular in that it is made up of several smaller applications, each  
- application is designed to do one task only. E.g. SMTP messages are received by one program  
- to deliver them locally another program is invoked, and to deliver them to another host  
- via SMTP a seperate program is called.  
  
+;Why is modularity so important in an email system?:The modular approach taken during the implementation of the Postfix mail system allows individual processes to be replaced to meet the users needs. This is most useful in large enterprise and ISP email environments where custom solutions are required.  
  
-1.2 Why is modularity so important in an email system?  
+;:The modularity of Postfix also means that the system required less resource overheads than some of the other "monolithic" email servers out there (e.g. Sendmail)  
  
- The modular approach taken during the implementation of the Postfix mail system allows individual  
- processes to be replaced to meet the users needs. This is most useful in large enterprise and ISP  
- email environments where custom solutions are required.  
+----  
+!! Postfix+SMTP Auth+Cyrus21+LDAP Magic  
  
- The modularity of Postfix also means that the system required less resource overheads than some of the  
- other "monolithic" email servers out there (e .g . Sendmail)  
+Here is a collection of the magic required to get Postfix to do various things.  
+  
+!Delivery to Cyrus Imap  
+ __main.cf:__  
+ mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp  
+  
+!SMTP Auth  
+  
+ __main.cf:__  
+ smtpd_sasl_auth_enable = yes  
+ smtpd_sasl_security_options = noanonymous  
+ smtpd_sasl_application_name = smtpd  
+ broken_sasl_auth_clients = yes  
+  
+ smtpd_recipient_restrictions =  
+ permit_mynetworks,  
+ permit_sasl_authenticated,  
+ reject_unauth_destination,  
+ reject_non_fqdn_sender,  
+ reject_non_fqdn_recipient,  
+ reject_unauth_pipelining,  
+ reject_unknown_sender_domain,  
+ reject_unknown_recipient_domain  
+  
+Create this file (under Debian it is in /etc/postfix/sasl/ but this will differ on other distributions)  
+  
+ __sasl.conf:__  
+ pwcheck_method: saslauthd  
+ mech_list: login  
+ mechanisms: pam  
+ saslauthd_path: /var/run/saslauthd/mux[1]  
+  
+Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus.  
+  
+!!TLS  
+  
+ __main.cf:__  
+ smtpd_use_tls = yes  
+ smtpd_tls_key_file = /etc/postfix/key.pem  
+ smtpd_tls_cert_file = /etc/postfix/cert.pem  
+ smtpd_tls_CAfile = /etc/ssl/cacert.pem  
+ smtpd_tls_loglevel = 3  
+ smtpd_tls_received_header = yes  
+ smtpd_tls_session_cache_timeout = 3600s  
+ tls_random_source = dev:/dev/urandom  
+  
+!!LDAP Alias support  
+  
+ __main.cf:__  
+ alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople  
+ alias_database = hash:/etc/aliases  
+  
+ ldapaliases_server_host = shinobi.seclorum.tla  
+ ldapaliases_server_port = 389  
+  
+ ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla  
+ ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u)))  
+ ldapaliases_result_attribute = uid,rfc822mailmember  
+ ldapaliases_debuglevel = 3  
+  
+This works with the same LDAP directory setup as described in EximNotes. I also use a second section for ldappeople that instead of searching the aliases OU, it searched people.  
+  
+[1]Note: I experienced problems using saslauthd under the Debian install . I resolved these by turning off chroot for smtpd in master.cf