Difference between revisions of "Postfix How-To"

From Secure Computing Wiki
Jump to: navigation, search
(Install Dovecot)
Line 55: Line 55:
 
# cp ssl.crt ssl.key /etc/certs</pre>
 
# cp ssl.crt ssl.key /etc/certs</pre>
 
<li>Edit /usr/local/etc/dovecot.conf:
 
<li>Edit /usr/local/etc/dovecot.conf:
<pre>Line 16, uncomment:
+
<br>Line 16, uncomment:</pre>
base_dir = /var/run/dovecot/
+
<pre>base_dir = /var/run/dovecot/</pre>
Line 21, uncomment and add POP3(S) daemons:
+
<br>Line 21, uncomment and add POP3(S) daemons:
protocols = imap imaps pop3 pop3s
+
<pre>protocols = imap imaps pop3 pop3s</pre>
Line 40, uncomment:
+
<br>Line 40, uncomment:
listen = *
+
<pre>listen = *</pre>
Line 46, uncomment and change to no:
+
<br>Line 46, uncomment and change to no:
disable_plaintext_auth = no
+
<pre>disable_plaintext_auth = no</pre>
Line 54, uncomment:
+
<br>Line 54, uncomment:
shutdown_clients = yes
+
<pre>shutdown_clients = yes</pre>
Line 86, uncomment:
+
<br>Line 86, uncomment:
ssl_disable = no
+
<pre>ssl_disable = no</pre>
Lines 92-93, uncomment:
+
<br>Lines 92-93, uncomment:
ssl_cert_file = /etc/ssl/certs/dovecot.pem
+
<pre>ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
+
ssl_key_file = /etc/ssl/private/dovecot.pem</pre>
Lines 172, uncomment and change accordingly:
+
<br>Lines 172, uncomment and change accordingly:
login_greeting = ISP Server Ready.
+
<pre>login_greeting = ISP Server Ready.</pre>
Line 213, change for Maildir format:
+
<br>Line 213, change for Maildir format:
mail_location = maildir:/usr/local/virtual/%d/%n
+
<pre>mail_location = maildir:/usr/local/virtual/%d/%n</pre>
Line 321, uncomment and change UID:
+
<br>Line 321, uncomment and change UID:
first_valid_uid = 125
+
<pre>first_valid_uid = 125</pre>
Line 329, uncomment and change GID:
+
<br>Line 329, uncomment and change GID:
first_valid_gid = 125
+
<pre>first_valid_gid = 125</pre>
Line 526, uncomment and add for quota support:
+
<br>Line 526, uncomment and add for quota support:
mail_plugins = quota imap_quota
+
<pre>mail_plugins = quota imap_quota</pre>
Line 656, uncomment and add quota module:
+
<br>Line 656, uncomment and add quota module:
mail_plugins = quota
+
<pre>mail_plugins = quota</pre>
Line 638, change postmaster address:
+
<br>Line 638, change postmaster address:
postmaster_address = postmaster@domain.tld
+
<pre>postmaster_address = postmaster@domain.tld</pre>
Line 748, add other auth types:
+
<br>Line 748, add other auth types:
mechanisms = plain login (Adjust accordingly)
+
<pre>mechanisms = plain login (Adjust accordingly)</pre>
Line 794, comment this line out:
+
<br>Line 794, comment this line out:
#passdb pam {
+
<pre>#passdb pam {</pre>
Line 827, comment out closing bracket:
+
<br>Line 827, comment out closing bracket:
#}
+
<pre>#}</pre>
Line 869, uncomment this line:
+
<br>Line 869, uncomment this line:
passdb sql {
+
<pre>passdb sql {</pre>
Lines 871-872, uncomment and add arg line for SQL file:
+
<br>Lines 871-872, uncomment and add arg line for SQL file:
args = /usr/local/etc/dovecot-sql.conf
+
<pre>args = /usr/local/etc/dovecot-sql.conf
}
+
}</pre>
Lines 898-905, comment these lines out:
+
<br>Lines 898-905, comment these lines out:
#userdb passwd {
+
<pre>#userdb passwd {
}
+
}</pre>
Line 934, uncomment:
+
<br>Line 934, uncomment:
userdb sql {
+
<pre>userdb sql {</pre>
Lines 936-937 uncomment and add arg line for SQL file:
+
<br>Lines 936-937 uncomment and add arg line for SQL file:
args = /usr/local/etc/dovecot-sql.conf
+
<pre>args = /usr/local/etc/dovecot-sql.conf
}
+
}</pre>
Line 984, uncomment:
+
<br>Line 984, uncomment:
socket listen {
+
<pre>socket listen {</pre>
Line 995, uncomment:
+
<br>Line 995, uncomment:
client {
+
<pre>client {</pre>
Line 999, uncomment and change path:
+
<br>Line 999, uncomment and change path:
path = /var/spool/postfix/private/auth
+
<pre>path = /var/spool/postfix/private/auth</pre>
Line 1001, add GID for Postfix socket:
+
<br>Line 1001, add GID for Postfix socket:
user = postfix
+
<pre>user = postfix</pre>
Line 1002, add UID for Postfix socket:
+
<br>Line 1002, add UID for Postfix socket:
group = postfix
+
<pre>group = postfix</pre>
Lines 1003-1004, uncomment:
+
<br>Lines 1003-1004, uncomment:
}
+
<pre>}
 
}</pre>
 
}</pre>

Revision as of 13:43, 24 April 2007

  • Loosly follows the How-To at www.purplehat.org.

Install MySQL

  1. Install MySQL 5.0 Port:
    #cd /usr/ports/databases/mysql50-server
    #make all install clean
  2. Add MySQL to system startup in /etc/rc.conf:
    #echo ‘mysql_enable=”YES”‘ >> /etc/rc.conf
  3. Start MySQL
    #/usr/local/etc/rc.d/mysql-server start
  4. Secure MySQL root account:
    #mysql -u root mysql
    >UPDATE user SET Password=PASSWORD(’mysql_root_password‘) WHERE user=’root’;
    >FLUSH PRIVILEGES;
    >quit

Postfix Installation

  1. Install Postfix port:
    # cd /usr/ports/mail/postfix
    # make install clean
  2. When asked for options, select PCRE, DOVECOT, TLS, BDB, MYSQL, and VDA.
  3. You will be asked if you want to activate postfix in /etc/mail/mailer.conf - select yes.
    Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
  4. Add the following lines to /etc/rc.conf:
    sendmail_enable="NO"
    sendmail_submit_enable="NO"
    sendmail_outbound_enable="NO"
    sendmail_msp_queue_enable="NO"
  5. Add the following lines to /etc/periodic.conf:
    daily_clean_hoststat_enable="NO"
    daily_status_mail_rejects_enable="NO"
    daily_status_include_submit_mailq="NO"
    daily_submit_queuerun="NO"

Initialize the Database

  1. Download the SQL file
    # fetch http://www.purplehat.org/downloads/postfix_guide/postfix-db.sql

Install Dovecot

  1. Install Dovecot from ports:
    # cd /usr/ports/mail/dovecot
    # make all install clean
  2. Make sure options SSL, IPv6, POP3, and MySQL are selected.
  3. Enable Dovecot at startup in /etc/rc.conf:
     #echo ‘dovecot_enable=”YES”‘ >> /etc/rc.conf
  4. Copy example configurations to correct locations:
    #cd /usr/local/etc/
    #cp dovecot-example.conf dovecot.conf
    #cp dovecot-sql-example.conf dovecot-sql.conf
  5. Create the certificate directory, and place your ssl-certificates:
    # mkdir /etc/certs
    # cp ssl.crt ssl.key /etc/certs
  6. Edit /usr/local/etc/dovecot.conf:
    Line 16, uncomment:</pre>
    base_dir = /var/run/dovecot/


    Line 21, uncomment and add POP3(S) daemons:

    protocols = imap imaps pop3 pop3s


    Line 40, uncomment:

    listen = *


    Line 46, uncomment and change to no:

    disable_plaintext_auth = no


    Line 54, uncomment:

    shutdown_clients = yes


    Line 86, uncomment:

    ssl_disable = no


    Lines 92-93, uncomment:

    ssl_cert_file = /etc/ssl/certs/dovecot.pem
    ssl_key_file = /etc/ssl/private/dovecot.pem


    Lines 172, uncomment and change accordingly:

    login_greeting = ISP Server Ready.


    Line 213, change for Maildir format:

    mail_location = maildir:/usr/local/virtual/%d/%n


    Line 321, uncomment and change UID:

    first_valid_uid = 125


    Line 329, uncomment and change GID:

    first_valid_gid = 125


    Line 526, uncomment and add for quota support:

    mail_plugins = quota imap_quota


    Line 656, uncomment and add quota module:

    mail_plugins = quota


    Line 638, change postmaster address:

    postmaster_address = postmaster@domain.tld


    Line 748, add other auth types:

    mechanisms = plain login (Adjust accordingly)


    Line 794, comment this line out:

    #passdb pam {


    Line 827, comment out closing bracket:

    #}


    Line 869, uncomment this line:

    passdb sql {


    Lines 871-872, uncomment and add arg line for SQL file:

    args = /usr/local/etc/dovecot-sql.conf
    }


    Lines 898-905, comment these lines out:

    #userdb passwd {
    }


    Line 934, uncomment:

    userdb sql {


    Lines 936-937 uncomment and add arg line for SQL file:

    args = /usr/local/etc/dovecot-sql.conf
    }


    Line 984, uncomment:

    socket listen {


    Line 995, uncomment:

    client {


    Line 999, uncomment and change path:

    path = /var/spool/postfix/private/auth


    Line 1001, add GID for Postfix socket:

    user = postfix


    Line 1002, add UID for Postfix socket:

    group = postfix


    Lines 1003-1004, uncomment:

    }
    }