HannibalWiki

User Tools

Site Tools

You are here: start » hannibal » postfix_with_users_in_files
Trace: postfix_with_users_in_files
hannibal:postfix_with_users_in_files

This is an old revision of the document!

Table of Contents

MTA (mail transfer agent)

Below a configuration for an MTA with the config and user-info in files on the system.

For a configuration with the user-info stored in LDAP see:

This system is only the MTA itself, it routes the e-mail to one or more mailstores on separate machines. Cyrus, Dovecot, Zarafa, pick your choice.

To service an RBL yourself, see: https://hannibal.solstice.nl/hannibalwiki/hannibal:rbl

Installation

apt-get install  postfix postfix-doc sasl2-bin libsasl2-modules

Extra stuff: 

apt-get install  postgrey
apt-get install  postfix-policyd-spf-python

Configuration

/etc/default/saslauthd 

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="sasldb"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"

/etc/postfix/sasl/smtpd.conf 

pwcheck_method: saslauthd
mech_list: plain login

/etc/postfix/main.cf 

smtpd_banner = postoffice.example.com ESMTP
disable_vrfy_command = yes
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = smtp.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = intra.example.com
mydestination = smtp.intra.example.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
virtual_alias_domains = example2.com example3.com example4.com
virtual_alias_maps = hash:/etc/postfix/virtual
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
#broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   check_helo_access hash:/etc/postfix/whitelist,
   reject_unauth_destination,
   check_policy_service unix:private/policy-spf,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client bl.spamcop.net,
   check_policy_service inet:127.0.0.1:10023
policy-spf_time_limit=3600s

/etc/postfix/virtual 

info1@example.com              me@intra.example.com
info2@example.com              me@intra.example.com
info3@example.com              me@intra.example.com
info4@example.com              you@intra.example.com
info5@example.com              you@intra.example.com
info6@example.com              we@intra.example.com
info7@example.com              we@intra.example.com
info8@example.com              me@intra.example.com,we@intra.example.com

/etc/postfix/transport 

me@intra.example.com           smtp:cyrus1.intra.example.com:25
you@intra.example.com          lmtp:cyrus2.intra.example.com:24
we@intra.example.com           lmtp:dovecot1.intra.example.com:24
*                              smtp:[172.16.50.2]

/etc/default/postgrey 

POSTGREY_OPTS="--inet=10023 --delay=250 --max-age=400"
POSTGREY_TEXT="Lots of work now but welcome in five minutes"
hannibal/postfix_with_users_in_files.1383838934.txt.gz · Last modified: 2013/11/07 16:42 by Luc Nieland

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki