DokuWiki

Site Tools

Trace: postfix
service:postfix

This is an old revision of the document!

Table of Contents

install

[code] dev-libs/cyrus-sasl authdaemond openldap ssl urandom mail-mta/postfix ldap sasl ssl eai [/code]

set in /etc/postfix/main.cf

myhostname = post.lionsoft.org
mydomain = lionsoft.org
mynetworks_style = host

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = lionsoft.org,forgottenroots.de,mightymice.org,metzmachers.de,watzhahn.de,post.lionsoft.org
virtual_mailbox_maps = ldap:/etc/postfix/ldap_mailbox_maps.cf
virtual_alias_maps = ldap:/etc/postfix/ldap_alias_maps.cf

smtp_tls_security_level = may
tls_random_source = dev:/dev/urandom
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/postfix/cert-20160309-074522.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/key-20160309-074522.pem
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

set in /etc/sasl2/smtpd.conf

pwcheck_method:authdaemond
mech_list: PLAIN LOGIN
log_level: 0
authdaemond_path: /var/lib/courier/authdaemon/socket

set in /etc/conf.d/saslauthd

SASLAUTHD_OPTS="-a rimap -O localhost"

set in /etc/courier/authdaemonrc

authmodulelist="authldap"

set in /etc/courier/authldaprc

LDAP_URI		ldap://baldr
LDAP_BASEDN		ou=mailuser,dc=lionsoft,dc=org
LDAP_BINDDN		cn=mailadmin,dc=lionsoft,dc=org
LDAP_BINDPW		test1234
LDAP_MAIL		uid
LDAP_GLOB_UID		vmail
LDAP_GLOB_GID		vmail
LDAP_MAILDIR		mail
#LDAP_CLEARPW		clearPassword

test postfix for tls

% telnet lionsoft.org 25
Connected to lionsoft.org.
Escape character is '^]'.
220 post.lionsoft.org ESMTP Postfix

% EHLO post.lionsof.org
250-post.lionsoft.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

STARTTLS needs to be there!

test postfix with tls

% perl -MMIME::Base64 -e 'print encode_base64("\000jms1\@jms1.net\000not.my.real.password")'
AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=

% openssl s_client -starttls smtp -crlf -ign_eof -connect lionsoft.org:25
...
% EHLO post.lionsoft.org
250-post.lionsoft.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8

AUTH has to be there!

% AUTH PLAIN AGNvdG9uQGxpb25zb2Z0Lm9yZwB0ZXN0MTIzNA==
235 2.7.0 Authentication successful
mail from:wurst@brot.de
250 2.1.0 Ok
rcpt to:test@lionsoft.org
250 2.1.5 Ok
data
...
.

QUIT
service/postfix.1674036437.txt.gz · Last modified: by sloader