Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
PostfixNotes
Edit
PageHistory
Diff
Info
LikePages
!! [Postfix] + SMTP-Auth + Cyrus21 + LDAP Magic Here is a collection of the magic required to get Postfix to do various things. ! Delivery to Cyrus Imap <tt>main.cf</tt>:: <verbatim> mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp </verbatim> Note that this involves having cyrus set up to listen for [LMTP] on that socket. You can also use [TCP] delivery for [LMTP]. See CyrusNotes. ! SMTP Auth <tt>main.cf</tt>:: <verbatim> smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain </verbatim> Create this file (under Debian it is in <tt>/etc/postfix/sasl/</tt> but this will differ on other distributions). <tt>sasl.conf</tt>:: <verbatim> pwcheck_method: saslauthd mech_list: login mechanisms: pam saslauthd_path: /var/run/saslauthd/mux </verbatim> Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus. Note: I experienced problems using <tt>saslauthd</tt> under the Debian install. I resolved these by turning off <tt>chroot</tt> for <tt>smtpd</tt> in <tt>master.cf</tt>. You need to make sure that the <tt>postfix</tt> user is a member of the <tt>sasl</tt> group, otherwise it wont be able to communicate with <tt>saslauthd</tt>. !! [TLS] <tt>main.cf</tt>:: <verbatim> smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_CAfile = /etc/ssl/cacert.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom </verbatim> !! [LDAP] Alias support <tt>main.cf</tt>:: <verbatim> alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople alias_database = hash:/etc/aliases ldapaliases_server_host = shinobi.seclorum.tla ldapaliases_server_port = 389 ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u))) ldapaliases_result_attribute = uid,rfc822mailmember ldapaliases_debuglevel = 3 </verbatim> This works with the same [LDAP] directory setup as described in EximNotes. I also use a second section for <tt>ldappeople</tt> that instead of searching the aliases OU, it searched people. ! Address Rewriting <tt>main.cf</tt>:: <verbatim> recipient_canonical_classes = envelope_recipient recipient_canonical_maps = hash:/etc/postfix/recipient_canonical </verbatim> In some cases, you will need to use <tt>regexp</tt> or <tt>pcre</tt> instead of <tt>hash</tt>. (<tt>postconf -m</tt> shows you what types of lookup tables your Postfix system supports.)
No page links to
PostfixNotes
.
