Penguin
Note: You are viewing an old revision of this page. View the current version.

These are my personal notes, I am writing them as I learn about postfix's workings and will update them as I remember.

What is Postfix?
Postfix is a modular email server designed to be a "drop-in" replacement for sendmail. Postfix is described as modular in that it is made up of several smaller applications, each application is designed to do one task only. E.g. SMTP messages are received by one program to deliver them locally another program is invoked, and to deliver them to another host via SMTP a seperate program is called.
Why is modularity so important in an email system?
The modular approach taken during the implementation of the Postfix mail system allows individual processes to be replaced to meet the users needs. This is most useful in large enterprise and ISP email environments where custom solutions are required.
The modularity of Postfix also means that the system required less resource overheads than some of the other "monolithic" email servers out there (e.g. Sendmail)

Postfix+SMTP Auth+Cyrus21+LDAP Magic

Here is a collection of the magic required to get Postfix to do various things.

Delivery to Cyrus Imap

main.cf: mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp

Note that this involves having cyrus set up to listen for lmtp on that socket. See CyrusNotes.

SMTP Auth

main.cf: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =

permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain

Create this file (under Debian it is in /etc/postfix/sasl/ but this will differ on other distributions)

sasl.conf: pwcheck_method: saslauthd mech_list: login mechanisms: pam saslauthd_path: /var/run/saslauthd/mux1?

Now provided you have Cyrus Sasl working you can authenticate using the same credentials you use for Cyrus.

TLS

main.cf: smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_CAfile = /etc/ssl/cacert.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom

LDAP Alias support

main.cf: alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldappeople alias_database = hash:/etc/aliases

ldapaliases_server_host = shinobi.seclorum.tla ldapaliases_server_port = 389

ldapaliases_search_base = ou=Aliases,dc=seclorum,dc=tla ldapaliases_query_filter = (&(objectClass=nisMailAlias)(|(cn=%u))) ldapaliases_result_attribute = uid,rfc822mailmember ldapaliases_debuglevel = 3

This works with the same LDAP directory setup as described in EximNotes. I also use a second section for ldappeople that instead of searching the aliases OU, it searched people.

1?Note: I experienced problems using saslauthd under the Debian install. I resolved these by turning off chroot for smtpd in master.cf.