Differences between version 9 and predecessor to the previous major change of PostfixNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 9 | Last edited on Wednesday, October 12, 2005 12:14:57 am | by AristotlePagaltzis | Revert |
Older page: | version 6 | Last edited on Friday, September 16, 2005 2:36:27 pm | by DanielLawson | Revert |
@@ -1,27 +1,23 @@
+!! [Postfix] + SMTP-Auth + Cyrus21 + LDAP Magic
+Here is a collection of the magic required to get Postfix to do various things.
-;What is Postfix?:Postfix is a modular email server designed
to be a "drop-in" replacement for sendmail. Postfix is described as modular in that it is made up of several smaller applications, each application is designed to do one task only. E.g. [SMTP] messages are received by one program to deliver them locally another program is invoked, and to deliver them to another host via SMTP a seperate program is called.
+! Delivery
to Cyrus Imap
+<tt>main.cf</tt>::
-;Why is modularity so important in an email system?:The modular approach taken during the implementation of the Postfix mail system allows individual processes to be replaced to meet the users needs. This is most useful in large enterprise and ISP email environments where custom solutions are required.
-
-;:The modularity of Postfix also means that the system required less resource overheads than some of the other "monolithic" email servers out there (e.g. Sendmail)
-
-----
-!!Postfix+SMTP Auth+Cyrus21+LDAP Magic
-
-Here is a collection of the magic required to get Postfix to do various things.
-
-!Delivery to Cyrus Imap
- __main.cf:__
+ <verbatim>
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
+ </verbatim>
+
+Note that this involves having cyrus set up to listen for [LMTP] on that socket. You can also use [TCP] delivery for [LMTP]. See CyrusNotes.
-Note that this involves having cyrus set up to listen for lmtp on that socket. You can also use TCP delivery for lmtp. See CyrusNotes.
+! SMTP Auth
-!SMTP Auth
+<tt>main.cf</tt>::
- __main.cf:__
+ <verbatim>
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
@@ -34,34 +30,45 @@
reject_non_fqdn_recipient,
reject_unauth_pipelining,
reject_unknown_sender_domain,
reject_unknown_recipient_domain
+ </verbatim>
-Create this file (under Debian it is in /etc/postfix/sasl/ but this will differ on other distributions)
+Create this file (under Debian it is in <tt>
/etc/postfix/sasl/</tt>
but this will differ on other distributions).
- __
sasl.conf:__
+<tt>
sasl.conf</tt>
::
+
+ <verbatim>
pwcheck_method: saslauthd
mech_list: login
mechanisms: pam
- saslauthd_path: /var/run/saslauthd/mux[1]
+ saslauthd_path: /var/run/saslauthd/mux
+ <verbatim>
Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus.
-!!TLS
+Note: I experienced problems using <tt>saslauthd</tt> under the Debian install. I resolved these by turning off <tt>chroot</tt> for <tt>smtpd</tt> in <tt>master.cf</tt>. You need to make sure that the <tt>postfix</tt> user is a member of the <tt>sasl</tt> group, otherwise it wont be able to communicate with <tt>saslauthd</tt>.
- __
main.cf:__
+!! [TLS]
+
+<tt>
main.cf</tt>
::
+
+ <verbatim>
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/ssl/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
+ </verbatim>
-!!LDAP Alias support
+!! [
LDAP]
Alias support
- __
main.cf:__
+<tt>
main.cf</tt>
::
+
+ <verbatim>
alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople
alias_database = hash:/etc/aliases
ldapaliases_server_host = shinobi.seclorum.tla
@@ -70,8 +77,7 @@
ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla
ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u)))
ldapaliases_result_attribute = uid,rfc822mailmember
ldapaliases_debuglevel = 3
+ </verbatim>
-This works with the same LDAP directory setup as described in EximNotes. I also use a second section for ldappeople that instead of searching the aliases OU, it searched people.
-
-[1]Note: I experienced problems using saslauthd under the Debian install. I resolved these by turning off chroot for smtpd in master.cf
.
+This works with the same [
LDAP]
directory setup as described in EximNotes. I also use a second section for <tt>
ldappeople</tt>
that instead of searching the aliases OU, it searched people.